Windows Analysis Report
https://docs.google.com/presentation/d/e/2PACX-1vQdSuwONgWFnuoaK9jWkn4a4T1fFD4ixA3V2X7f5aWnD4sHxk2b10z2j2TMxkq3G15FQX3bbwReJ2PF/pub?start=false&loop=false&delayms=3000

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://docs.google.com

{
    "risk_score": 2,
    "reasoning": "This appears to be a legitimate Google Docs configuration object containing initialization parameters. While it contains multiple flags and settings, they are typical for Google's application configuration and don't exhibit malicious patterns. The data is structured as key-value pairs with clear, descriptive names related to Google Docs functionality."
}

_docs_flag_initialData={"docs-ails":"docs_warm","docs-fwds":"docs_nf","docs-crs":"docs_crs_tsol","docs-cp-tp":1,"docs-cr-tp":1,"docs-fe-re":2,"docs-fl":2,"docs-l1lc":4,"docs-l1lm":"FJR","docs-l2lc":4,"docs-l2lm":"GRQ","docs-l2t":4,"docs-lsd":2,"docs-orl":9,"docs-shdn":103,"docs-tfh":"","docs-eett":1,"info_params":{"includes_info_params":1},"docs-ecdh":1,"docs-elaswm":0,"docs-eadwm":1,"docs-eapdwm":1,"docs-ecddwm":1,"docs-edswm":0,"docs-edatadm":1,"docs-eedswm":0,"docs-elnswm":0,"docs-eeoswm":0,"docs-emaswm":0,"docs-enpdwm":1,"docs-ensdwm":0,"docs-eodpswm":0,"docs-epcswm":0,"docs-wiz-epdwm":1,"docs-epsc":0,"docs-epdwm":0,"docs-erhswm":0,"esdodwmssd":1,"docs-esidm":1,"docs-esdwm":1,"docs-espdwm":1,"docs-etsswm":0,"docs-eoiidwm":1,"docs-erffsncdwm":1,"docs-mm":10,"docos-dphl":10000,"docos-dpsl":9900,"docs-cpr":1,"docos-edutfr":0,"docs-eveia":0,"uls":"","customer_type":"ND","scotty_upload_url":"/upload/presentation/resumable","docs-net-udmi":500000,"docs-net-udpt":40000,"docs-net-udur":"/upload/blob/presentation","docs-net-usud":1,"docs-enable_feedback_svg":1,"docs-fpid":713634,"docs-fbid":"ExternalUserData","docs-efnpi":0,"docs-fse":"","docs-fsu":"www.google.com/tools/feedback","docs-obsImUrl":"https://ssl.gstatic.com/docs/common/netcheck.gif","docs-lsltms":20000,"lssv":7,"docs-offline-oebp":"/offline/eventbusworker.js","docs-offline-swcmcd":30000,"docs-offline-swcmcul":10,"docs-offline-nnodi":100,"docs-localstore-iort":10000,"docs-offline-dck":"AIzaSyDrRZPb_oNAJLpNm167axWK5i85cuYG_HQ","docs-offline-mobile-mms":15000000,"docs-ewtaoe":1,"docs-offline-hsu":"docs.google.com/slides","dffm":["userbri","Cambria","Syncopate","Lobster","Corsiva","Coming Soon","Shadows Into Light","Indie Flower","Tahoma","Crafty Girls","Proxima Nova","Roboto Condensed","Average","Lato","Source Code Pro","Old Standard TT","Alfa Slab One","Playfair Display","PT Sans Narrow","Muli","Montserrat","Roboto Slab","Raleway","Open Sans","Oswald","Amatic SC","Source Sans Pro","Roboto","Economica","Reenie Beenie","Stint Ultra Expanded","Alegreya","Merriweather"],"dffd":["userbri","Cambria","Syncopate","Lobster","Corsiva","Coming Soon","Shadows Into Light","Indie Flower","Tahoma","Crafty Girls","Proxima Nova","Roboto Condensed","Average","Lato","Source Code Pro","Old Standard TT","Alfa Slab One","Playfair Display","PT Sans Narrow","Muli","Montserrat","Roboto Slab","Raleway","Open Sans","Oswald","Amatic SC","Source Sans Pro","Roboto","Economica","Reenie Beenie","Stint Ultra Expanded","Alegreya","Merriweather"],"docs-offline-toomem":0,"kixOfflineUrl":"/document","trixOfflineUrl":"/spreadsheet","trixOfflineUrlSuffix":"/offline/view","trixOnlineUrlSuffix":"/ccc","ritzOfflineUrl":"/spreadsheets","drawingsOfflineUrl":"/drawings","punchOfflineUrl":"/presentation","docs-irbfes":0,"docs-offline-ercidep":1,"docos-eos":1,"udurls":1,"docs-localstore-cide":1,"docs-localstore-dom":0,"docs-extension-id":"ghbmnnjooekpmoecnnnilnnbdlolhkhi","icso":0,"docs-offline-copy":0,"docs-clsvn":0,"docs-rlsvn":0,"docs-offline-desktop-mms":200000000,"docs-offline-uebie":1,"docs-localstore-eplam":0,"docs-emasl":0,"fatra":0,"docs-eecsooi":1,"docs-eeic":1,"docs-sw-efcr":1,"docs-sw-ehnur":0,"docs-eioawo":0,"docs-emcct":1,"docs-ssndl":1,"docs-eucsuac":1,"docs-sw-ecfr":0,"docs-cmbs":500,"docs-doie":0,"docs-dooife":1,"docs-eaiturd":1,"docs-ecacl":1,"docs-ecpdo":1,"docs-sw-eddf":0,"docs-efshwr":0,"docs-efcs":0,"docs-eiec":1,"docs-eirdfi":0,"docs-eliv":0,"docs-eocnd":1,"docs-offline-oepdp":0,"docs-offline-eoep":1,"docs-offline-eeooip":1,"docs-offline-eorlv":0,"docs-eosc":0,"docs-eoufm":0,"docs-eprfns":1,"docs-esiec":0,"docs-localstore-ilat":10000,"docs-intli":1,"docs-sw-nfhms":10,"docs-offline-ouil":[],"docs-sw-eesp0sr":1,"docs-sw-eessrr":0,"docs-sw-eesp1sr":0,"docs-sw-eesp2sr":0,"docs-sw-eol":0,"docs-sw-erdcbnc":1,"docs-sw-erwfff":1,"docs-erfoa":1,"docs-sw-rpl":[],"docs-sw-cache-prefix":"presentation","docs-text-ewf":1,"docs-wfsl":["ca","da","de","en","es","fi","fr","it","nl","no","pt","sv"],"docs-efrsde":1,"d

{
    "risk_score": 2,
    "reasoning": "This appears to be legitimate Google Slides/Presentations initialization code. It includes error reporting via sendBeacon to Google's servers, loads modular JavaScript files from Google's static content servers, and includes standard error handling. The only risk indicators are external data transmission (error reporting) and fallback behavior, but these are mitigated by the trusted domain (google.com) and clear legitimate purpose."
}

var _timingInstance = _getTimingInstance(); DOCS_timing['ejl'] = new Date().getTime();if ((!this['init_viewer']) ||  false ) {if (window.navigator && window.navigator.sendBeacon) {var DOCS_hasSentJsNotLoadedError=window['DOCS_hasSentJsNotLoadedError']||false; var perfContext = '';var severityContext = DOCS_hasSentJsNotLoadedError?'&context.severity=postmortem':'';window.navigator.sendBeacon('\/presentation\/jserror?jobset\x3dprod\x26error\x3dJS+binary+load+failure&context.functionName=init_viewer' + '&context.serviceWorkerControlled=' + !!(navigator.serviceWorker && navigator.serviceWorker.controller) + '\x26context.actionName\x3dPublished' + severityContext + perfContext); DOCS_hasSentJsNotLoadedError=true;}(window.enterCoreJsErrorDialog ? enterCoreJsErrorDialog() : (window.location.href = 'https:\/\/support.google.com\/accounts\/answer\/32050'))}DOCS_initializeModules({"core":[],"app":["core"],"cse":["core"],"help":["app","core"],"talk_track":["core"],"talk_track_live":["core","talk_track"],"talk_track_recording":["core","talk_track"],"voice":["app","core"]}, {"core":["/static/presentation/client/js/488182631-viewer_core.js"],"app":["/static/presentation/client/js/796215533-viewer_app.js"],"cse":["/static/presentation/client/js/2334812490-viewer_cse.js"],"help":["/static/presentation/client/js/3510649640-viewer_help.js"],"talk_track":["/static/presentation/client/js/2864882186-viewer_talk_track.js"],"talk_track_live":["/static/presentation/client/js/972951907-viewer_talk_track_live.js"],"talk_track_recording":["/static/presentation/client/js/3062919700-viewer_talk_track_recording.js"],"voice":["/static/presentation/client/js/3476316410-viewer_voice.js"]}, 'core', true,  false , false ,  true , 'DEFAULT_NO_FALLBACK');

{
    "risk_score": 5,
    "reasoning": "The code contains obfuscated/encoded SVG data (+3) and includes a suspicious redirect chain through multiple domains including edgepilot.com and checkpoint.com (+2). While some encoding is normal for SVG data, the complex URL redirect chain through multiple services raises moderate concerns. The presence of Google Slides hosting (googleusercontent.com) provides some legitimacy, but the overall pattern suggests potential risks."
}

SK_svgData = '\x3csvg version\x3d\x221.1\x22 viewBox\x3d\x220.0 0.0 960.0 540.0\x22 fill\x3d\x22none\x22 stroke\x3d\x22none\x22 stroke-linecap\x3d\x22square\x22 stroke-miterlimit\x3d\x2210\x22 xmlns:xlink\x3d\x22http:\/\/www.w3.org\/1999\/xlink\x22 xmlns\x3d\x22http:\/\/www.w3.org\/2000\/svg\x22\x3e\x3cclipPath id\x3d\x22p.0\x22\x3e\x3cpath d\x3d\x22m0 0l960.0 0l0 540.0l-960.0 0l0 -540.0z\x22 clip-rule\x3d\x22nonzero\x22\/\x3e\x3c\/clipPath\x3e\x3cg clip-path\x3d\x22url(#p.0)\x22\x3e\x3cg id\x3d\x22p\x22\x3e\x3cpath fill\x3d\x22#ffffff\x22 d\x3d\x22m0 0l960.0 0l0 540.0l-960.0 0l0 -540.0z\x22 fill-rule\x3d\x22nonzero\x22\/\x3e\x3cpath fill\x3d\x22#ffffff\x22 d\x3d\x22m0 0l960.0 0l0 540.0l-960.0 0z\x22 fill-rule\x3d\x22evenodd\x22\/\x3e\x3cpath fill\x3d\x22#000000\x22 fill-opacity\x3d\x220.0\x22 d\x3d\x22m128.0 2.0l704.0 0l0 536.0l-704.0 0z\x22 fill-rule\x3d\x22evenodd\x22\/\x3e\x3cg transform\x3d\x22matrix(1.0 0.0 0.0 1.0 128.0 2.0)\x22\x3e\x3cclipPath id\x3d\x22p.1\x22\x3e\x3cpath d\x3d\x22m0 0l704.0 0l0 536.0l-704.0 0z\x22 clip-rule\x3d\x22evenodd\x22\/\x3e\x3c\/clipPath\x3e\x3cimage clip-path\x3d\x22url(#p.1)\x22 fill\x3d\x22#000\x22 width\x3d\x22704.0\x22 height\x3d\x22536.0\x22 x\x3d\x220.0\x22 y\x3d\x220.0\x22 preserveAspectRatio\x3d\x22none\x22 xlink:href\x3d\x22https:\/\/lh7-rt.googleusercontent.com\/slidesz\/AGV_vUeOlh9_YPz07F_cCZLcuW7h4PVpJBEaDd-FWgTDUQfk2sBucu1_8s-NJ0EMnbJTVqJPeJaV8biztImpZkPsbK42UB43g9MR8LRceqruvfWPkUgTbhcRIxpLWC6-XjbYFqk\x3ds2048?key\x3dYbFAwiZW1D-WTR_esCJeevad\x22\/\x3e\x3c\/g\x3e\x3ca xlink:href\x3d\x22https:\/\/www.google.com\/url?q\x3dhttps:\/\/protect.checkpoint.com\/v2\/r01\/___https:\/\/link.edgepilot.com\/xd*~*78b*~*i7cdWc3u6K4sLZDS1iUymtIY*~*V?z%3Dmyyux:ddjrfnq.ynintwjuqD.htrdhdjOBhEKKzBDFRFSIYBLiJxFUCGC-YyqCm7DjzYWTOSNnrvawYYctKsnXHzgI0SJ3FCImUt68YQJWjzGIrfVBX\/mFs5fpFnWOYx0yHQPuGU1phN0FF5zBVrH-zhMgWtIx873*~*zwg*~*LDaMgrygEgMhIgb3ACn_AE_l\/aQt8qy_*~*LAwI-T2\/c2MaSs*~*CUi2ysl7*~*S2kWL7z_wyi-USt_c4Ub2BFFFU__qQ9\/RB___.YzJ1OndhaXRha2VyZXByaW1hcnk6YzpvOmFlZWQwMDIxODFhZjI2M2VjYTkyNzNiMGU2MzQwZjI2Ojc6NjE3NDozMjJhOWU2OGY1MjRlMWU4ZDA0NzQzYjFhYzU4NDc2YzE3ODhmMzk2YTRhMTU2OWI0MzE0NDYzYTMyYWY3Y2M0Omg6VDpU\x26amp;sa\x3dD\x26amp;source\x3deditors\x26amp;ust\x3d1733497783606897\x26amp;usg\x3dAOvVaw0u6QcIOSN9MbD9XkZBemTZ\x22 target\x3d\x22_blank\x22 rel\x3d\x22noreferrer\x22\x3e\x3cpath fill\x3d\x22transparent\x22 fill-opacity\x3d\x220\x22 d\x3d\x22m128.0 2.0l0 536.0l704.0 0l0 -536.0z\x22 fill-rule\x3d\x22nonzero\x22\/\x3e\x3c\/a\x3e\x3c\/g\x3e\x3c\/g\x3e\x3c\/svg\x3e'; SK_modelChunkLoadStart = new Date().getTime(); _timingInstance.incrementTime( 'mp', SK_modelChunkLoadStart - SK_modelChunkParseStart); SK_viewerApp.setPageData('p', SK_svgData, []); _timingInstance.incrementTime( 'ml', new Date().getTime() - SK_modelChunkLoadStart); SK_svgData = undefined;

{
    "risk_score": 5,
    "reasoning": "The script contains several moderate risk indicators: 1) It includes multiple redirects through protection/security services (checkpoint.com, edgepilot.com), 2) Contains encoded/obfuscated URL parameters, 3) However, it appears to be related to Google Slides functionality and includes legitimate Google domains, which reduces the risk score. The encoding patterns are consistent with normal Google Slides behavior."
}

DOCS_timing['sac'] = new Date().getTime(); var viewerData = {urlPrefix: '\/presentation\/d\/e\/2PACX-1vQdSuwONgWFnuoaK9jWkn4a4T1fFD4ixA3V2X7f5aWnD4sHxk2b10z2j2TMxkq3G15FQX3bbwReJ2PF', viewerUrl: '\/viewpage', viewerHmac: 'ALf4PZ5MBY0s0814j9zP9V7_PZN0rw2Vgw', docId: 'e\/2PACX-1vQdSuwONgWFnuoaK9jWkn4a4T1fFD4ixA3V2X7f5aWnD4sHxk2b10z2j2TMxkq3G15FQX3bbwReJ2PF', title: 'Untitled presentation', revision:  9.0 , buildLabel: 'null', docData: [[365760,205740],[["p",0,"",[],[],[["https://www.google.com/url?q\u003dhttps://protect.checkpoint.com/v2/r01/___https://link.edgepilot.com/xd*~*78b*~*i7cdWc3u6K4sLZDS1iUymtIY*~*V?z%3Dmyyux:ddjrfnq.ynintwjuqD.htrdhdjOBhEKKzBDFRFSIYBLiJxFUCGC-YyqCm7DjzYWTOSNnrvawYYctKsnXHzgI0SJ3FCImUt68YQJWjzGIrfVBX/mFs5fpFnWOYx0yHQPuGU1phN0FF5zBVrH-zhMgWtIx873*~*zwg*~*LDaMgrygEgMhIgb3ACn_AE_l/aQt8qy_*~*LAwI-T2/c2MaSs*~*CUi2ysl7*~*S2kWL7z_wyi-USt_c4Ub2BFFFU__qQ9/RB___.YzJ1OndhaXRha2VyZXByaW1hcnk6YzpvOmFlZWQwMDIxODFhZjI2M2VjYTkyNzNiMGU2MzQwZjI2Ojc6NjE3NDozMjJhOWU2OGY1MjRlMWU4ZDA0NzQzYjFhYzU4NDc2YzE3ODhmMzk2YTRhMTU2OWI0MzE0NDYzYTMyYWY3Y2M0Omg6VDpU\u0026sa\u003dD\u0026source\u003deditors\u0026ust\u003d1733510049692391\u0026usg\u003dAOvVaw3aZDjS7VGdXojdRBbzjPSK","Picture","https://protect.checkpoint.com/v2/r01/___https://link.edgepilot.com/xd*~*78b*~*i7cdWc3u6K4sLZDS1iUymtIY*~*V?z\u003dmyyux:ddjrfnq.ynintwjuqD.htrdhdjOBhEKKzBDFRFSIYBLiJxFUCGC-YyqCm7DjzYWTOSNnrvawYYctKsnXHzgI0SJ3FCImUt68YQJWjzGIrfVBX/mFs5fpFnWOYx0yHQPuGU1phN0FF5zBVrH-zhMgWtIx873*~*zwg*~*LDaMgrygEgMhIgb3ACn_AE_l/aQt8qy_*~*LAwI-T2/c2MaSs*~*CUi2ysl7*~*S2kWL7z_wyi-USt_c4Ub2BFFFU__qQ9/RB___.YzJ1OndhaXRha2VyZXByaW1hcnk6YzpvOmFlZWQwMDIxODFhZjI2M2VjYTkyNzNiMGU2MzQwZjI2Ojc6NjE3NDozMjJhOWU2OGY1MjRlMWU4ZDA0NzQzYjFhYzU4NDc2YzE3ODhmMzk2YTRhMTU2OWI0MzE0NDYzYTMyYWY3Y2M0Omg6VDpU"]],[],[[],0],[],"",["https://lh7-rt.googleusercontent.com/slidesz/AGV_vUeOlh9_YPz07F_cCZLcuW7h4PVpJBEaDd-FWgTDUQfk2sBucu1_8s-NJ0EMnbJTVqJPeJaV8biztImpZkPsbK42UB43g9MR8LRceqruvfWPkUgTbhcRIxpLWC6-XjbYFqk\u003ds2048?key\u003dYbFAwiZW1D-WTR_esCJeevad"],[],1,{"g31c979322e1_0_0":"https://lh7-rt.googleusercontent.com/slidesz/AGV_vUeOlh9_YPz07F_cCZLcuW7h4PVpJBEaDd-FWgTDUQfk2sBucu1_8s-NJ0EMnbJTVqJPeJaV8biztImpZkPsbK42UB43g9MR8LRceqruvfWPkUgTbhcRIxpLWC6-XjbYFqk\u003ds2048?key\u003dYbFAwiZW1D-WTR_esCJeevad"},[]]],"\u003cstyle\u003e\u003c/style\u003e",[],null,[],null], start:  false , loop:  false , delayMs:  3000.0 , enableScrollwheelSupport:  true , showEmbedControls:  false , hideExportControls:  false , touch:  true , chunkPages:  true , chunkFirstPageIndex:  0.0 , forcePageLoadErrors:  false , forcedPageLoadErrorCount:  1.0 , controls:  true , speakerNotesWindowHtml: '\x3c!DOCTYPE html\x3e\x3chtml\x3e\x3chead\x3e\x3cmeta name\x3d\x22google\x22 content\x3d\x22notranslate\x22\x3e\x3cmeta http-equiv\x3d\x22X-UA-Compatible\x22 content\x3d\x22IE\x3dedge;\x22\x3e\x3cmeta name\x3d\x22fragment\x22 content\x3d\x22!\x22\x3e\x3cmeta name\x3d\x22referrer\x22 content\x3d\x22strict-origin-when-cross-origin\x22\x3e\x3ctitle\x3eSpeaker Notes - Google Slides\x3c\/title\x3e\x3clink rel\x3d\x22shortcut icon\x22 href\x3d\x22https:\/\/ssl.gstatic.com\/docs\/presentations\/images\/favicon-2023q4.ico\x22\x3e\x3clink rel\x3d\x22chrome-webstore-item\x22 href\x3d\x22https:\/\/chrome.google.com\/webstore\/detail\/ghbmnnjooekpmoecnnnilnnbdlolhkhi\x22\x3e\x3clink rel\x3d\x22chrome-webstore-item\x22 href\x3d\x22https:\/\/chrome.google.com\/webstore\/detail\/apdfllckaahabafndbhieahigkjlhalf\x22\x3e\x3clink rel\x3d\x22manifest\x22 href\x3d\x22\/presentation\/manifest.json\x22 crossorigin\x3d\x22use-credentials\x22\/\x3e\x3cstyle\x3e\x3c\/style\x3e\x3c\/head\x3e\x3cbody dir\x3d\x22ltr\x22 role\x3d\x22application\x22 class\x3d\x22punch-viewer-speakernotes-body\x22 tabindex\x3d\x220\x22 aria-label\x3d\x22Speaker Notes\x22\x3e\x3cdiv id\x3d\x22punch-viewer-speakernotes\x22\x3e\x3ctable class\x3d\x22punch-viewer-speakernotes\x22\x3e\x3ctr\x3e\x3ctd class\x3d\x22punch-viewer-speakernotes-side-panel\x22\x3e\x3cdiv class\x3d\x22punch-viewer-speak

{
    "risk_score": 2,
    "reasoning": "This is a legitimate Google Docs font loading script with low risk. It initializes a toggle array and monitors font loading using the standard Font Loading API. While it uses global scope manipulation and execScript (moderate risk indicator), it's from a trusted source (Google) and serves a clear, legitimate purpose for font loading timing measurements."
}

function _F_toggles_initialize(d){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=d||[]}_F_toggles_initialize([]);
/*

 Copyright The Closure Library Authors.
 SPDX-License-Identifier: Apache-2.0
*/
function a(d){var f,g,h;if(((f=document)==null?0:(g=f.fonts)==null?0:(h=g.ready)==null?0:h.then)&&typeof document.fonts.ready.then=="function"){var k,l;((l=(k=window).DOCS_timingPromises)!=null?l:k.DOCS_timingPromises=[]).push({impressionCode:1337379,promise:document.fonts.ready.then(function(){return(new Date).getTime()-d})})}}var b=["DOCS_attachInitialMaterialFontLoadListener"],c=this||self;b[0]in c||typeof c.execScript=="undefined"||c.execScript("var "+b[0]);
for(var e;b.length&&(e=b.shift());)b.length||a===void 0?c[e]&&c[e]!==Object.prototype[e]?c=c[e]:c=c[e]={}:c[e]=a;
// Google Inc.

//# sourceMappingURL=fontloading_binary_fontloading_binary_chunk.sourcemap

{
    "risk_score": 2,
    "reasoning": "This is a legitimate Google Docs worker script implementation with proper security practices. It uses Trusted Types API for script URL validation and loads from a trusted Google domain. The code is encoded but not maliciously obfuscated. The worker creation pattern follows security best practices for loading external scripts in a controlled manner."
}

const workerBlob = new Blob(["var urls \x3d \x5b\x27https:\/\/docs.google.com\/static\/presentation\/client\/js\/280178866-punch_viewer_worker_binary_viewercore.js\x27,\x5d; if (self.trustedTypes \x26\x26 self.trustedTypes.createPolicy) \x7bvar policy \x3d self.trustedTypes.createPolicy(\x27docs#workerPolicy\x27, \x7bcreateScriptURL: function(index) \x7b return urls\x5bindex\x5d; \x7d\x7d); for (var i \x3d 0; i \x3c urls.length; i++) \x7bimportScripts(policy.createScriptURL(i));\x7d\x7d else \x7bfor (var url of urls) \x7bimportScripts(url);\x7d\x7d"]); const workerUrl = URL.createObjectURL(workerBlob); window['__new_worker_fn'] = () => {if (self.trustedTypes && self.trustedTypes.createPolicy) {const workerUrlPolicy = trustedTypes.createPolicy('docs#workerConvertUrlPolicy', {createScriptURL: function(ignored) { return workerUrl; }}); return new Worker(workerUrlPolicy.createScriptURL('ignored'));} else {return new Worker(workerUrl);}};window['__punchViewerWorkerInstance'] = window['__new_worker_fn'](); delete window['__new_worker_fn'];

{
    "contains_trigger_text": true,
    "trigger_text": "View Encypted File",
    "prominent_button_name": "View Encypted File",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": true,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false,
    "contains_chinese_text": false
}

{
    "risk_score": 1,
    "reasoning": "This is a benign jQuery script that simply submits a form with ID 'filter' after a 750ms delay. It uses standard jQuery functionality and contains no suspicious behaviors, data collection, or external communications. The delayed form submission is a common pattern for auto-refreshing filters or search results."
}

        $(function() {
          setTimeout(function() {
            $('#filter').submit();
          }, 750);
        });
      

{
    "risk_score": 1,
    "reasoning": "This is the beginning of the legitimate jQuery library (v3.2.1). It's a well-known, trusted open-source JavaScript framework used by millions of websites. The code shows standard module pattern implementation, type checking, and utility functions without any suspicious behaviors or malicious indicators."
}

/*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */
!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.constructor(),a);return b.prevObject=this,b},each:function(a){return r.each(this,a)},map:function(a){return this.pushStack(r.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(f.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(a<0?b:0);return this.pushStack(c>=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject||this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||r.isFunction(g)||(g={}),h===i&&(g=this,h--);h<i;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(r.isPlainObject(d)||(e=Array.isArray(d)))?(e?(e=!1,f=c&&Array.isArray(c)?c:[]):f=c&&r.isPlainObject(c)?c:{},g[b]=r.extend(j,f,d)):void 0!==d&&(g[b]=d));return g},r.extend({expando:"jQuery"+(q+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===r.type(a)},isWindow:function(a){return null!=a&&a===a.window},isNumeric:function(a){var b=r.type(a);return("number"===b||"string"===b)&&!isNaN(a-parseFloat(a))},isPlainObject:function(a){var b,c;return!(!a||"[object Object]"!==k.call(a))&&(!(b=e(a))||(c=l.call(b,"constructor")&&b.constructor,"function"==typeof c&&m.call(c)===n))},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?j[k.call(a)]||"object":typeof a},globalEval:function(a){p(a)},camelCase:function(a){return a.replace(t,"ms-").replace(u,v)},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(s,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(w(Object(a))?r.merge(c,"string"==typeof a?[a]:a):h.call(c,a)),c},inArray:function(a,b,c){return null==b?-1:i.call(b,a,c)},merge:function(a,b){for(var c=+b.length,d=0,e=a.length;d<c;d++)a[e++]=b[d];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;f<g;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,e,f=0,h=[];if(w(a))for(d=a.length;f<d;f++)e=b(a[f],f,c),null!=e&&h.push(e);else for(f in a)e=b(a[f],f,c),null!=e&&h.push(e);return g.apply([],h)},guid:1,proxy:function(a,b){var c,d,e;if("string"==typeof b&&(c=a[b],b=a,a=c),r.isFunction(a))return d=f.call(arguments,2),e=function(){return a.apply(b||this,d.concat(f.call(arguments)))},e.guid=a.guid=a.guid||r.guid++,e},now:Date.now,support:o}),"function"==typeof Symbol&&(r.fn[Symbol.iterator]=c[Symbol.iterator]),r.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(a,b){j["[object "+b+"]"]=b.toLowerCase()});function w(a){var b=!!a&&"length"in a&&a.length,c=r

{
    "risk_score": 2,
    "reasoning": "This appears to be a Google Closure Compiler optimized/minified code that implements standard JavaScript polyfills for Symbol, WeakMap, and Map. While it uses some potentially concerning patterns like dynamic property access and global scope manipulation, these are legitimate in the context of polyfills. The code shows no signs of malicious behavior, data exfiltration, or suspicious external communications."
}

function _F_toggles_initialize(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]}_F_toggles_initialize([]);
function m(){return function(){}}function aa(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};
function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");}var ea=da(this);function q(a,b){if(b)a:{var c=ea;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ca(c,a,{configurable:!0,writable:!0,value:b})}}
q("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("b");return new c(d+(f||"")+"_"+e++,f)}function c(f,k){this.g=f;ca(this,"description",{configurable:!0,writable:!0,value:k})}if(a)return a;c.prototype.toString=aa("g");var d="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",e=0;return b});
q("Symbol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=ea[b[c]];typeof d==="function"&&typeof d.prototype[a]!="function"&&ca(d.prototype,a,{configurable:!0,writable:!0,value:function(){return fa(ba(this))}})}return a});function fa(a){a={next:a};a[Symbol.iterator]=function(){return this};return a}
var ha=typeof Object.create=="function"?Object.create:function(a){function b(){}b.prototype=a;return new b},ia;if(typeof Object.setPrototypeOf=="function")ia=Object.setPrototypeOf;else{var ja;a:{var ka={a:!0},la={};try{la.__proto__=ka;ja=la.a;break a}catch(a){}ja=!1}ia=ja?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError("d`"+a);return a}:null}var ma=ia;
function r(a,b){a.prototype=ha(b.prototype);a.prototype.constructor=a;if(ma)ma(a,b);else for(var c in b)if(c!="prototype")if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c];a.J=b.prototype}function t(a){var b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:ba(a)};throw Error("e`"+String(a));}
function u(a,b){return Object.prototype.hasOwnProperty.call(a,b)}q("Symbol.dispose",function(a){return a?a:Symbol("i")});
q("WeakMap",function(a){function b(h){this.g=(g+=Math.random()+1).toString();if(h){h=t(h);for(var l;!(l=h.next()).done;)l=l.value,this.set(l[0],l[1])}}function c(){}function d(h){var l=typeof h;return l==="object"&&h!==null||l==="function"}function e(h){if(!u(h,k)){var l=new c;ca(h,k,{value:l})}}function f(h){var l=Object[h];l&&(Object[h]=function(p){if(p instanceof c)return p;Object.isExtensible(p)&&e(p);return l(p)})}if(function(){if(!a||!Object.seal)return!1;try{var h=Object.seal({}),l=Object.seal({}),
p=new a([[h,2],[l,3]]);if(p.get(h)!=2||p.get(l)!=3)return!1;p.delete(h);p.set(l,4);return!p.has(h)&&p.get(l)==4}catch(M){return!1}}())return a;var k="$jscomp_hidden_"+Math.random();f("freeze");f("preventExtensions");f("seal");var g=0;b.prototype.set=function(h,l){if(!d(h))throw Error("j");e(h);if(!u(h,k))throw Error("k`"+h);h[k][this.g]=l;return this};b.prototype.get=function(h){return d(h)&&u(h,k)?h[k][this.g]:void 0};b.prototype.has=function(h){return d(h)&&u(h,k)&&u(h[k],this.g)};b.prototype.delete=
function(h){return d(h)&&u(h,k)&&u(h[k],this.g)?delete h[k][this.g]:!1};return b});
q("Map",function(a){function b(){var g={};return g.C=g.next=g.head=g}function c(g,h){var l=g[1];return fa(function(){if(l){for(;l.head!=g[1];)l=l.C;for(;l.next!=l.head;)return l=l.next,{done:!1,value:h(l)};l=null}re

{
    "risk_score": 2,
    "reasoning": "This appears to be a minified/compressed JavaScript code containing mostly constant definitions and CSS class names. While minified code can be suspicious, this snippet shows typical patterns of legitimate UI framework code (Material Design) with class definitions and ARIA accessibility attributes. No high-risk behaviors like eval() or suspicious data transmission are present."
}

Yt(Vg);
var stb=" apps-actiondatawidget-content-element",ttb='" height="',L3='" style="',utb='" tabindex="0" role="button">',vtb='" viewBox="0 0 24 24" focusable="false" fill="',wtb=".javascriptMaterialdesignGm3WizMenu-menu__selection-group",xtb=".javascriptMaterialdesignGm3WizSelectSharedRefactored-select__icon",ytb='<svg width="',M3="ACTIVE_HOLDING",ztb="ArrowDown",Atb="ArrowLeft",Btb="ArrowRight",Ctb="Compatible spreadsheet shortcut",N3="DMn7nd",Dtb="DuplicateFormError",O3="FMODoe",Etb="Feedback binary script tag failed to load: ",
P3="HvnK2b",Q3="I481le",R3="MULTI_SELECT",S3="Must be labeled",T3="NIZIe",Ftb="NON_SELECTABLE",U3="SBP9",V3="SINGLE_SELECT_NO_CONTROL",W3="SINGLE_SELECT_RADIO",Gtb="Search keyboard shortcuts",X3="YPqjbf",Y3="application",Htb="apps-actiondatawidget-key-focused",Itb="apps-actiondatawidget-override-info-icon",Jtb="apps-shortcutshelpcontentimpl-bottom-bar",Ktb="apps-shortcutshelpcontentimpl-help-center-link",Z3="apps-shortcutshelpcontentimpl-input",Ltb="apps-shortcutshelpcontentimpl-link",Mtb="apps-shortcutshelpcontentimpl-override-banner",
Ntb="apps-shortcutshelpcontentimpl-override-button-container",Otb="apps-shortcutshelpcontentimpl-override-label",Ptb="apps-shortcutshelpcontentimpl-override-shortcut-link",Qtb="apps-shortcutshelpcontentimpl-reset-search-button",Rtb="apps-shortcutshelpcontentimpl-search",Stb="apps-shortcutshelpcontentimpl-search-banner",Ttb="apps-shortcutshelpcontentimpl-search-focused",Utb="apps-shortcutshelpcontentimpl-search-icon",Vtb="apps-shortcutshelpcontentimpl-search-label",Wtb="apps-shortcutshelpcontentimpl-shortcut-content",
Xtb="apps-shortcutshelpcontentimpl-sidebar",Ytb="apps-shortcutshelppopup-close",Ztb="apps-shortcutshelppopup-content-wrapper",$tb="apps-ui-material-slide-toggle-container",$3="aria-controls",a4="aria-labelledby",aub="aria-owns",bub="aria-placeholder",b4="article",c4="ascending",d4="cell",e4="checkbox",cub="columnheader",dub="complementary",eub="contentinfo",f4="data-indeterminate",g4="data-row-id",h4="definition",i4="descending",j4="directory",k4="docs-fpid",fub="feedbackV2GlobalObject not found on window.",
l4="getValue",gub="https://www.gstatic.com/uservoice/feedback/client/web/",hub="javascriptMaterialdesignGm3WizCheckbox-checkbox--anim-indeterminate-checked",iub="javascriptMaterialdesignGm3WizCheckbox-checkbox--anim-indeterminate-unchecked",jub="javascriptMaterialdesignGm3WizDatatable-data-table__header-cell--sorted",kub="javascriptMaterialdesignGm3WizDatatable-data-table__header-cell--sorted-descending",lub="javascriptMaterialdesignGm3WizDatatable-data-table__row--selected",m4="javascriptMaterialdesignGm3WizLinearProgress-linear-progress--animation-ready",
n4="javascriptMaterialdesignGm3WizLinearProgress-linear-progress--closed",mub="javascriptMaterialdesignGm3WizLinearProgress-linear-progress--closed-animation-off",o4="javascriptMaterialdesignGm3WizLinearProgress-linear-progress--indeterminate",p4="javascriptMaterialdesignGm3WizLinearProgress-linear-progress__active-indicator",nub="javascriptMaterialdesignGm3WizLinearProgress-linear-progress__buffer-bar",oub="javascriptMaterialdesignGm3WizLinearProgress-linear-progress__track",pub="javascriptMaterialdesignGm3WizLinearProgress-linear-progress__track-left",
qub="javascriptMaterialdesignGm3WizLinearProgress-linear-progress__track-right",rub="javascriptMaterialdesignGm3WizList-list-item",sub="javascriptMaterialdesignGm3WizList-list-item--disabled",tub="javascriptMaterialdesignGm3WizList-list-item--selected",uub="javascriptMaterialdesignGm3WizMenu-menu-item--submenu-open",vub="javascriptMaterialdesignGm3WizMenuSurface-menu-surface--animating-closed",wub="javascriptMaterialdesignGm3WizMenuSurface-menu-surface--animating-open",xub="javascriptMaterialdesignGm3WizMenuSurface-menu-surface--fixed",
yub="javascriptMaterialdesignGm3WizMenuSurface-menu-surface--is-open-below",zub="javascriptMaterialdesignGm3WizMenuSurface-menu-surface--open",Aub="javascriptMaterialdesignGm3WizSelectSharedRefactored-select--activa

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://link.edgepilot.com

{
  "brands": [
    "SharePoint"
  ]
}

{
  "contains_trigger_text": true,
  "trigger_text": "Ensuring your safety with browser security checks.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "Ensuring your safety with browser security checks",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false
}

{
  "brands": "unknown"
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": true,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://dw7w.mempbdzly.ru

{
  "brands": [
    "Cloudflare"
  ]
}

{
  "contains_trigger_text": true,
  "trigger_text": "Ensuring your safety with browser security checks",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false
}

{
  "brands": [
    "Cloudflare"
  ]
}

{
  "contains_trigger_text": true,
  "trigger_text": "Welcome to Microsoft 365",
  "prominent_button_name": "Sign in",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://www.office.com

{
  "brands": [
    "Microsoft"
  ]
}

{
  "contains_trigger_text": true,
  "trigger_text": "Welcome to Microsoft 365",
  "prominent_button_name": "Sign in",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false
}

{
  "brands": [
    "Microsoft"
  ]
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: chrome://newtab