Windows Analysis Report
securedoc_20241216T121346.html

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: ://

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated code and the presence of a payload being sent to an external server are also highly concerning. Overall, this script demonstrates a clear intent to perform malicious activities and should be considered a high-risk threat."
}

  
ew('browserLoading','');if(typeof ag=='function')ag();window.onload=pv;
window.onkeydown=pv;var ey=document.forms[0];ey.method='POST';
ey.onsubmit=function(){return qg(ey,payload)};ey.onkeyup=
function(oj){ql(ey,oj)};p5();if(!fP){qt();setTimeout(function(){i9(0,'payloadValue','payloadImage',
'metaPayloadValue','metaPayloadImage',"qJ(0,'key1',payload,"+
'"https://res.cisco.com:443/keyserver/keyserver")'
,{'progressFn':fq,'progressArgs':{'progressBar':{'bgColor':'#808080',
'borderColor':'#000000'}}})},125)}//-->

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet appears to be a part of a larger application or system, and it contains a mix of behaviors that require further review. While some aspects, such as the use of an `XHR` request and the inclusion of sensitive user data, raise moderate concerns, the overall context and intent are not entirely clear. Additional investigation would be necessary to determine the full scope and potential risks associated with this script."
}

if(l_)
l_({
"RPCRef":payload.rpc,
"callback":qr
,'action':'open'
,'status':16
,'message':'Authentication required.'
,'state':1
,'reqTime':1734383007929
,'reqNumber':2
,'recipientIdentified':false
,'success':true
,'cookiesEnabled':true
,'hadRememberMe':false
,'hadEnablePSP':false
,'openOnline':false
,'recipient':'molson@fmne.com'
,'sessionId':'FD833C7B61A155B752A377827E7DE1D8'
,'lp':'en'
,'credentialsExpiredWarning':false
,'credentialsExpiredDays':-1
,'pswdExpLink':'https://res.cisco.com/websafe/custom.action?cmd=changeExpiredPassword&id=molson@fmne.com'
,'waitTime':50000
,'minPoll':1000
,'maxPoll':5000
,'totalPoll':1200000
,'supportedLocales':[['en','English (US)'],['nl_NL','Dutch'],['de','Deutsch'],['es','Espa\xf1ol'],['fr','Fran\xe7ais'],['it','Italiano'],['pl','Polski'],['pt','Portugu\xeas'],['ru','\u0420\u0443\u0441\u0441\u043a\u0438\u0439'],['zh_CN','\u4e2d\u6587(\u7b80\u4f53)'],['ja','\u65e5\u672c\u8a9e'],['ko','\ud55c\uad6d\uc5b4']]
,'sensitivity':'High'
,'senderAuth':false
,'trafficKey':'JM\xae(sr\xa9\xce\x8c\xfa\x90M3\x958\xcb\x02Er\xb7a\xa6\x14\xf93%\xfa\xca\x81\xd3\xec\xe4'
,'expiryDate':''
,'createDateEpoch':1734380027000
,'createDate':'12/16/2024 08:13:47\xa0PM\xa0GMT'
});

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns. It includes external data transmission, the use of legacy APIs, and some obfuscation techniques. While there are no clear indications of malicious intent, the overall complexity and lack of transparency in the code warrant further review."
}

  
'$Serial: 6261 $ $Revision: 1.16 $';
'Copyright (c) 2001-2019, Cisco Systems, Inc. All rights reserved.';
'Protected by United States patent numbers 6,014,688, 6,304,897,';
'7,533,422, 7,694,297, 7,802,096, 7,814,317, 8,005,920 and others.';
'$Serial: 3328 $ $Revision: 1.7 $';'Version: 2.3';
'$Serial: 6248 $ $Revision: 1.15 $';var ad='EnvelopeTools51',db='PostXBPC',
dd='PostXPreferences',dc='PostXCookieCheck',ac='PostXCarbon.',de=
'PostXSessionKey.',df='PostXUserKey.',dk=315360000000,dg='',di=
'Tue, 19-Jan-2038 03:14:07 GMT',dh=315360000000,dj=315360000000,dl=
315360000000;
'$Serial: 0478 $ $Revision: 1.9 $';var ae='appletHolder',f0='appletHolder',
fE='undefined',aG='object',dv='string';try{if(typeof Array.prototype.push==
fE)Array.prototype.push=function(){for(var _=0;_<arguments.length;_++)this[
this.length]=arguments[_];return this.length}}catch(fx){}try{if(typeof
String.prototype.trim==fE)String.prototype.trim=function(){return this.
replace(/^\s+|\s+$/g,'')}}catch(fx){}
'$Serial: 3888 $ $Revision: 1.23 $';function _w(a8){var gS=
/^\s*function\s+([^(]+)/,cS;if((cS=gS.exec(a8)))return cS[1];return''}
function mp(i){i=i.toString(16);if(i.length&1)i='0'+i;return'%'+i}function
_N(c,mr){c+='';var au,_,d=c.length,aw='';for(_=0;_<d;_++){au=c.charAt(_);if(
au>='A'&&au<='Z'||au>='a'&&au<='z'||au>='0'&&au<='9'||au=='.'||au=='-'||au==
'*'||au=='_')aw+=au;else{au=au.charCodeAt(0);if(mr||au<128){aw+=mp(au&255)}
else if(au<2048){aw+=mp(192|au>>>6);aw+=mp(128|au&63)}else{aw+=mp(224|au>>>
12);aw+=mp(128|(au>>>6)&63);aw+=mp(128|au&63)}}}return aw}function a_(c,mr){
c+='';var au,dE,_,d=c.length,aw='';for(_=0;_<d;_++){au=c.charAt(_);switch(au
){default:aw+=au;break;case'+':aw+=' ';break;case'%':if(c.charAt(_+1)=='u'){
au=c.substr(_+2,4);_+=5;dE=parseInt(au,16)}else{au=c.substr(_+1,2);_+=2;dE=
parseInt(au,16);if(mr||dE<128){}else if(dE<224){if(d-_<4||c.charAt(_+1)!='%'
){}else{au=c.substr(_+2,2);_+=3;dE=((dE&31)<<6)|(parseInt(au,16)&63)}}else{
if(d-_<7||c.charAt(_+1)!='%'||c.charAt(_+4)!='%'){}else{au=c.substr(_+2,2);_
+=3;dE=((dE&15)<<6)|(parseInt(au,16)&63);au=c.substr(_+2,2);_+=3;dE=(dE<<6)|
(parseInt(au,16)&63)}}}aw+=String.fromCharCode(dE);break}}return aw}function
_Y(c){c+='';var au,_,d=c.length,aw='';for(_=0;_<d;_++){au=c.charAt(_);if(au<
' '||au>'~'||au=='\''||au=='"')aw+='&#'+c.charCodeAt(_)+';';else aw+=au}
return aw}function mv(my,mu){var k0=arguments.length,j=[],_;if(k0==3&&
arguments[2].elements){var ey=arguments[2],eq;for(_=1;eq=ey['key'+_];_++)if(
eq.value!='')j[j.length]=eq.value}else{for(_=2;_<k0;_++)if(arguments[_]!='')
j[j.length]=arguments[_]}j=j.join(my);if(mu)j=j.toLowerCase();return j}
function go(cN,mq){if(!mq)mq=72;var _,b,d=cN.length;if('\
'=='')return cN;var cS=new Array(Math.floor((d+mq-1)/mq));for(_=b=0;_<d;_+=
mq+1,b++)cS[b]=cN.substr(_,mq);cS.length=b;return cS.join('')}var mt=0;
function mw(ir){var c;if(fM)c=ir+new Date().getTime()+mt++;else do{c=ir+mt++
}while(document.getElementById(c));return c}function jy(hq){var mo='',_,d=hq
 .length;for(_=0;_<d;_++){var au=hq.charCodeAt(_);if(au<128)mo+=String.
fromCharCode(au);else if(au<2048){mo+=String.fromCharCode(192|(au>>>6));mo+=
String.fromCharCode(128|(au&63))}else{mo+=String.fromCharCode(224|(au>>>12))
;mo+=String.fromCharCode(128|((au>>>6)&63));mo+=String.fromCharCode(128|(au&
63))}}return mo}function mz(ge,gM){var iS=ge.indexOf('#');if(iS<0)iS=ge.
length;var mn=ge.substring(0,iS),ms='&',mx=mn.indexOf('?');if(mx<0)ms='?';
for(var j in gM){mn+=ms;ms='&';mn+=_N(j);mn+='=';mn+=_N(gM[j])}mn+=ge.
substring(iS);return mn}zw=formKey=mv;zj=fixMultilineString=go;zi=genId=mw;
attrEsc=_Y;
'$Serial: 0611 $ $Revision: 1.6 $';function du(_8){var e=new Date().getTime(
);if(!_8)_8=dc;_9(_8,e,'','/');if((e=(al(_8)==e)))aj(_8,'/');return e}
function al(_8){_8=_N(_8);var c=document.cookie,dr=c.indexOf(_8+'=');if(dr==
-1)return null;var ds=dr+_8.length+1,dp=c.indexOf(';',ds);if(dp==-1)dp=c.
length;return a_(c.substring(ds,dp))}function _9(_8,_H,dm,_S,dn,dt){var c=_N
(_8)+'='+_N(_

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be the Select2 library, which is a popular and widely-used jQuery-based library for creating advanced select boxes and dropdowns. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is well-structured and follows common patterns for a library of this nature. Overall, this script is considered low risk and is likely a legitimate and widely-used library."
}

/*! Select2 4.0.12 | https://github.com/select2/select2/blob/master/LICENSE.md */
!function(n){"function"==typeof define&&define.amd?define(["jquery"],n):"object"==typeof module&&module.exports?module.exports=function(e,t){return void 0===t&&(t="undefined"!=typeof window?require("jquery"):require("jquery")(e)),n(t),t}:n(jQuery)}(function(u){var e=function(){if(u&&u.fn&&u.fn.select2&&u.fn.select2.amd)var e=u.fn.select2.amd;var t,n,r,h,o,s,f,g,m,v,y,_,i,a,w;function b(e,t){return i.call(e,t)}function l(e,t){var n,r,i,o,s,a,l,c,u,d,p,h=t&&t.split("/"),f=y.map,g=f&&f["*"]||{};if(e){for(s=(e=e.split("/")).length-1,y.nodeIdCompat&&w.test(e[s])&&(e[s]=e[s].replace(w,"")),"."===e[0].charAt(0)&&h&&(e=h.slice(0,h.length-1).concat(e)),u=0;u<e.length;u++)if("."===(p=e[u]))e.splice(u,1),u-=1;else if(".."===p){if(0===u||1===u&&".."===e[2]||".."===e[u-1])continue;0<u&&(e.splice(u-1,2),u-=2)}e=e.join("/")}if((h||g)&&f){for(u=(n=e.split("/")).length;0<u;u-=1){if(r=n.slice(0,u).join("/"),h)for(d=h.length;0<d;d-=1)if(i=(i=f[h.slice(0,d).join("/")])&&i[r]){o=i,a=u;break}if(o)break;!l&&g&&g[r]&&(l=g[r],c=u)}!o&&l&&(o=l,a=c),o&&(n.splice(0,a,o),e=n.join("/"))}return e}function A(t,n){return function(){var e=a.call(arguments,0);return"string"!=typeof e[0]&&1===e.length&&e.push(null),s.apply(h,e.concat([t,n]))}}function x(t){return function(e){m[t]=e}}function D(e){if(b(v,e)){var t=v[e];delete v[e],_[e]=!0,o.apply(h,t)}if(!b(m,e)&&!b(_,e))throw new Error("No "+e);return m[e]}function c(e){var t,n=e?e.indexOf("!"):-1;return-1<n&&(t=e.substring(0,n),e=e.substring(n+1,e.length)),[t,e]}function S(e){return e?c(e):[]}return e&&e.requirejs||(e?n=e:e={},m={},v={},y={},_={},i=Object.prototype.hasOwnProperty,a=[].slice,w=/\.js$/,f=function(e,t){var n,r=c(e),i=r[0],o=t[1];return e=r[1],i&&(n=D(i=l(i,o))),i?e=n&&n.normalize?n.normalize(e,function(t){return function(e){return l(e,t)}}(o)):l(e,o):(i=(r=c(e=l(e,o)))[0],e=r[1],i&&(n=D(i))),{f:i?i+"!"+e:e,n:e,pr:i,p:n}},g={require:function(e){return A(e)},exports:function(e){var t=m[e];return void 0!==t?t:m[e]={}},module:function(e){return{id:e,uri:"",exports:m[e],config:function(e){return function(){return y&&y.config&&y.config[e]||{}}}(e)}}},o=function(e,t,n,r){var i,o,s,a,l,c,u,d=[],p=typeof n;if(c=S(r=r||e),"undefined"==p||"function"==p){for(t=!t.length&&n.length?["require","exports","module"]:t,l=0;l<t.length;l+=1)if("require"===(o=(a=f(t[l],c)).f))d[l]=g.require(e);else if("exports"===o)d[l]=g.exports(e),u=!0;else if("module"===o)i=d[l]=g.module(e);else if(b(m,o)||b(v,o)||b(_,o))d[l]=D(o);else{if(!a.p)throw new Error(e+" missing "+o);a.p.load(a.n,A(r,!0),x(o),{}),d[l]=m[o]}s=n?n.apply(m[e],d):void 0,e&&(i&&i.exports!==h&&i.exports!==m[e]?m[e]=i.exports:s===h&&u||(m[e]=s))}else e&&(m[e]=n)},t=n=s=function(e,t,n,r,i){if("string"==typeof e)return g[e]?g[e](t):D(f(e,S(t)).f);if(!e.splice){if((y=e).deps&&s(y.deps,y.callback),!t)return;t.splice?(e=t,t=n,n=null):e=h}return t=t||function(){},"function"==typeof n&&(n=r,r=i),r?o(h,e,t,n):setTimeout(function(){o(h,e,t,n)},4),s},s.config=function(e){return s(e)},t._defined=m,(r=function(e,t,n){if("string"!=typeof e)throw new Error("See almond README: incorrect module build, no module name");t.splice||(n=t,t=[]),b(m,e)||b(v,e)||(v[e]=[e,t,n])}).amd={jQuery:!0},e.requirejs=t,e.require=n,e.define=r),e.define("almond",function(){}),e.define("jquery",[],function(){var e=u||$;return null==e&&console&&console.error&&console.error("Select2: An instance of jQuery or a jQuery-compatible library was not found. Make sure that you are including jQuery before Select2 on your web page."),e}),e.define("select2/utils",["jquery"],function(o){var i={};function u(e){var t=e.prototype,n=[];for(var r in t){"function"==typeof t[r]&&"constructor"!==r&&n.push(r)}return n}i.Extend=function(e,t){var n={}.hasOwnProperty;function r(){this.constructor=e}for(var i in t)n.call(t,i)&&(e[i]=t[i]);return r.prototype=t.prototype,e.prototype=new r,e.__super__=t.prototype,e},i.Decorate=function(r,i){var e=u(i),t=

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. It includes dynamic code execution through the use of the `eval()` function, potential data exfiltration by sending user data to external domains, and the use of obfuscated code. While the script appears to have some legitimate functionality related to password recovery, the overall risk level is medium due to the presence of these potentially malicious indicators."
}

  
var registeration_url;window.addEventListener('message',function(event){if(document.getElementById
('forgotPasswordForm')!=null){document.getElementById('forgotPasswordForm').
remove()}var pj=event.data.email,ez=event.data.href,oR=event.data.titleText,
_H=event.data.value,qc=document.getElementById('forgotPwdDiv');qc.
appendChild(pb(pj,oR,ez,_H))});function pb(pj,oR,ez,_H){if(oR==null){oR=
'Click here to recover a lost password.'}if(_H==null){_H='Forgot password?'}
var oA=document.createElement('input');oA.name='forgotPasswordSubmit';oA.id=
'forgotPwdSubmit';oA.title=oR;oA.type='submit';oA.value=_H;if(window.
navigator.userAgent.indexOf('Firefox')!=-1){oA.style='margin-top: 10px;'}if(
window.navigator.userAgent.indexOf('Edge')!=-1){oA.style='margin-top: 5px;'}
var o6=document.createElement('input');o6.name='forgotPswdEmail';o6.value=pj
;o6.type='hidden';var ey=document.createElement('form');ey.action=ez;ey.
method='POST';ey.name='forgotPassword';ey.id='forgotPasswordForm';ey.
autocomplete='off';ey.appendChild(oA);ey.appendChild(o6);return ey}
function pbnew(pj, oR, ez, _H) {if (oR == null) {oR = 'Click here to recover a lost password.'}
if (_H == null) {_H = 'Forgot password?'}var afp = document.createElement('a');
afp.title = oR;afp.name = 'forgotPwd';afp.href = ez + '?forgotPswdEmail=' + pj;
afp.innerHTML = _H;return afp}
function qQ(_l,ey,qu){mm(_l,{'error':p7,'success':p7},{'form':ey,'signature':qu})}
function p7(status,qP,eu){if(!eu)eu=gUserArg;if(eu){var f5=eu.signature;if(
status==ib||status==ic){e3(eu.form,0);if(f5)et(f5,
'\x3cspan class="error mds-text mds-text-p3 mds-text-weight-regular mds-text-color-regular mds-notification-content mds-notification mds-notification-negative"\x3eBad '+(status==ib?'postmark':'signature')+
'\x3c/span\x3e')}else if(f5){var c=qP,b=-1;for(_=0;_<3;_++)if((b=c.indexOf(
' ',b+1))==-1)break;if(b!=-1)c=c.substring(0,b)+'<br>'+c.substring(b+1);et(
f5,c)}}}function pE(_l,iY,la,iG,eu,qV){var c;if(iG==jn&&_l.userKey){fa(fw,eu
);gB(_l.userkeyname);_l.userKey='';oM(_l,true)}else if(iG==
RPC_STATUS_NO_RECORD_FOUND){c=er('RPCMessageKeyRemoved','',iG,_l.msgID)}else
if(iG!=iZ)c=er('RPCError','',iG,_l.msgID);if(c)alert(c)}var js,ok='passMsg',
ol='',oC='initMsg',pm='',po='';function pv(dq){
if(!dq)dq=window.event;if(dq){if(dq.type=='keydown')window.onkeydown='';else
if(js&&dq.type=='load')return;js={'ctrlKey':dq.ctrlKey?1:0,'altKey':dq.
altKey?1:0,'shiftKey':dq.shiftKey?1:0}}}

function qt(){pR();fp('passwordRow1');fp
('forgotPasswordRow');pl();fD(oC,'RPCWaiting')}function qJ(ey,eC,
_l,ge,oj){if(OSMacOS9&&(_l.flags&iF)&&!(_l.flags&iM)){fa(fv);return;}window.
onkeydown='';_l.rpc={'url':ge};_l.form.index=ey;_l.form.focusField=eC;_l.
secureReplyAlg='';if(!oj)oj=js||window.event;
if(c=am(
'timeStampLocation'))if(payload.signature)c.innerHTML=
'\x3cspan class=timestamp id=signature\x3e'+'\x3ca href="javascript:'+"qQ"+
'('+"payload"+',\''+ey+'\',\'signature\')'+
'"\x3eVerify this envelope\x3c/a\x3e'+'\x3c/span\x3e';else c.innerHTML=
'\x3cspan class=timestamp\x3e12/16/2024'+
'\x3cbr\x3e08:13:46&#160;PM&#160;GMT\x3c/span\x3e';if(_l.sessionKey)document.forms[ey
].sessionkey.value=_h.encodeToString(_l.sessionKey);if((_l.userKey||_l.
sessionKey)&&(_l.flags&hP)&&(!oj||!oj.altKey))oK(document.forms[ey],_l,'',oj
);else if(_l.userKey||_l.sessionKey||_l.encryptedSessionKey){
ew(oC,'');if(_l.selectedID)o7(_l.selectedID);oM(_l)}else pi();}
function eB(qv){var dq,c,_l=payload;
if(oF&&am('authFrame')&&(c=eU('iframeLocation')))c
 .appendChild(oF);pR();if(c=am('emailTo')){if(dq=am('toSelect')){
_l.selectNode=dq;c.removeChild(dq)}if(qv&&_l.selectedID)ew(c,_l.selectedID);
else ew(c,'Myles Olson <MOlson@fmne.com>')}ew(oC,'');fp('bccRow');fp('passwordRow1');fp(
'forgotPasswordRow');ew('openButtonLocation','');ew('saveButtonLocation','')
;oq(0);if(c=ew('checkboxesLocation',''))fp('checkboxRow',
'addressSentinelRow')}function oM(_l,pd){px(_l);pw(_l,pd);ov(oE);
oq(oU|or);py();e4(_l.form.index,_l.form
 .focusField);oz=jl}var oE=1,p_

{
    "risk_score": 6,
    "reasoning": "The script demonstrates moderate-risk behaviors, including dynamic code execution, potential data exfiltration, and aggressive DOM manipulation. While the intent is not entirely clear, the use of obfuscated code and interactions with unknown domains raise concerns and require further investigation."
}

  
if(am('ff_saved'))alert(er('SavedPage'));var p4;if(p4=am('ff_trash'))p4.
innerHTML='\x3cspan id=ff_saved\x3e\x3c/span\x3e';fD('browserLoading',
'BrowserParsing');e5(true);window.onfocus=qT;//-->

{
    "risk_score": 1,
    "reasoning": "This appears to be the standard jQuery library, which is a widely used and trusted JavaScript library. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The code is well-structured and does not exhibit any aggressive or obfuscated behavior. Overall, this script is likely benign and used for legitimate web development purposes."
}

/*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n||C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[i.call(e)]||"object":typeof e}var t="3.7.1",l=/HTML$/i,ce=function(e,t){return new ce.fn.init(e,t)};function c(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!v(e)&&!y(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}function fe(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}ce.fn=ce.prototype={jquery:t,constructor:ce,length:0,toArray:function(){return ae.call(this)},get:function(e){return null==e?ae.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=ce.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return ce.each(this,e)},map:function(n){return this.pushStack(ce.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(ae.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(ce.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(ce.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:s,sort:oe.sort,splice:oe.splice},ce.extend=ce.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||v(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(ce.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||ce.isPlainObject(n)?n:{},i=!1,a[t]=ce.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},ce.extend({expando:"jQuery"+(t+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==i.call(e))&&(!(t=r(e))||"function"==typeof(n=ue.call(t,"constructor")&&t.constructor)&&o.call(n)===a)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){m(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(c(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},text:function(e){var t,n="",r=0,i=e.nodeType;if(!i)while(t=e[r++])n+=ce.text(t);return 1===i||11===i?e.textContent:9===i?e.documentElement.textContent:3===i||4===i?e.nodeValue:n},makeArray:function(e,t){var n=t||[];return null!=e&&(c(Object(e))?ce.merge(n,"string"==typeof e?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:se.call(t,e,n)},isXMLDoc:function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument||e).documentElement;return!l.test(t||n&&n.nodeName||"HTML")},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){va

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a part of the CryptoJS library, which is a well-known and widely used cryptography library. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code primarily focuses on cryptographic operations and data manipulation, which are common in legitimate applications. While it uses some legacy practices like the `XDomainRequest` API, these pose minor risks and are not inherently malicious. Overall, the script seems to be a benign implementation of cryptographic functionality and is likely part of a legitimate application."
}

!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e]);t.hasOwnProperty("toString")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}},l=n.WordArray=o.extend({init:function(t,e){t=this.words=t||[],this.sigBytes=null!=e?e:4*t.length},toString:function(t){return(t||c).stringify(this)},concat:function(t){var e=this.words,r=t.words,i=this.sigBytes,n=t.sigBytes;if(this.clamp(),i%4)for(var o=0;o<n;o++){var s=r[o>>>2]>>>24-o%4*8&255;e[i+o>>>2]|=s<<24-(i+o)%4*8}else for(var c=0;c<n;c+=4)e[i+c>>>2]=r[c>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=h.ceil(e/4)},clone:function(){var t=o.clone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.randomBytes)try{return i.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}());return new l.init(e,t)}}),s=t.enc={},c=s.Hex={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push((o>>>4).toString(16)),i.push((15&o).toString(16))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i+=2)r[i>>>3]|=parseInt(t.substr(i,2),16)<<24-i%8*4;return new l.init(r,e/2)}},a=s.Latin1={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push(String.fromCharCode(o))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i++)r[i>>>2]|=(255&t.charCodeAt(i))<<24-i%4*8;return new l.init(r,e)}},f=s.Utf8={stringify:function(t){try{return decodeURIComponent(escape(a.stringify(t)))}catch(t){throw new Error("Malformed UTF-8 data")}},parse:function(t){return a.parse(unescape(encodeURIComponent(t)))}},d=n.BufferedBlockAlgorithm=o.extend({reset:function(){this._data=new l.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4*o),c=(s=t?h.ceil(s):h.max((0|s)-this._minBufferSize,0))*o,n=h.min(4*c,n);if(c){for(var a=0;a<c;a+=o)this._doProcessBlock(i,a);e=i.splice(0,c),r.sigBytes-=n}return new l.init(e,n)},clone:function(){var t=o.clone.call(this);return t._data=this._data.clone(),t},_minBufferSize:0}),u=(n.Hasher=d.extend({cfg:o.extend(),init:function(t){this.cfg=this.cfg.extend(t),this.reset()},reset:function(){d.reset.call(this),this._doReset()},update:function(t){return this._append(t),this._process(),this},finalize:function(t){return t&&this._append(t),this._doFinalize()},blockSize:16,_createHelper:function(r){return function(t,e){return new r.init(e).finalize(t)}},_createHmacHelper:function(r){return function(t,

{
  "contains_trigger_text": true,
  "trigger_text": "Secure Email Encryption Service",
  "prominent_button_name": "unknown",
  "text_input_field_labels": ["MOlson@fnne.com"],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_security_alerts": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "Secure Email Encryption Service",
  "prominent_button_name": "unknown",
  "text_input_field_labels": ["MOlson@fnne.com"],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_security_alerts": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "Secure Email Encryption Service",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_security_alerts": true
}

{
  "brands": "unknown"
}

{
  "brands": "unknown"
}

{
  "brands": "unknown"
}

{
  "contains_trigger_text": true,
  "trigger_text": "Secure Email Encryption Service",
  "prominent_button_name": "Open Online",
  "text_input_field_labels": [
    "To",
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_security_alerts": true
}

{
  "contains_trigger_text": true,
  "trigger_text": "Secure Email Encryption Service",
  "prominent_button_name": "Open Online",
  "text_input_field_labels": [
    "To",
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_security_alerts": true
}

{
  "brands": "unknown"
}

{
  "brands": "unknown"
}

{
  "contains_trigger_text": true,
  "trigger_text": "Secure Email Encryption Service",
  "prominent_button_name": "unknown",
  "text_input_field_labels": [
    "MOlson@fmne.com"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_security_alerts": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "Secure Email Encryption Service",
  "prominent_button_name": "unknown",
  "text_input_field_labels": [
    "MOlson@fmne.com"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "brands": "unknown"
}

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet appears to be a part of a larger application or system, and it contains a mix of behaviors that require further review. While some aspects, such as the use of an `XHR` request and the transmission of user data, could be considered moderate-risk indicators, the overall context and purpose of the script are not entirely clear. Additional investigation would be necessary to determine the true nature and intent of this code."
}

if(l_)
l_({
"RPCRef":payload.rpc,
"callback":qr
,'action':'open'
,'status':16
,'message':'Authentication required.'
,'state':1
,'reqTime':1734383082808
,'reqNumber':5
,'recipientIdentified':false
,'success':true
,'cookiesEnabled':true
,'hadRememberMe':false
,'hadEnablePSP':false
,'openOnline':false
,'recipient':'molson@fmne.com'
,'sessionId':'FD833C7B61A155B752A377827E7DE1D8'
,'lp':'en'
,'credentialsExpiredWarning':false
,'credentialsExpiredDays':-1
,'pswdExpLink':'https://res.cisco.com/websafe/custom.action?cmd=changeExpiredPassword&id=molson@fmne.com'
,'waitTime':50000
,'minPoll':1000
,'maxPoll':5000
,'totalPoll':1200000
,'supportedLocales':[['en','English (US)'],['nl_NL','Dutch'],['de','Deutsch'],['es','Espa\xf1ol'],['fr','Fran\xe7ais'],['it','Italiano'],['pl','Polski'],['pt','Portugu\xeas'],['ru','\u0420\u0443\u0441\u0441\u043a\u0438\u0439'],['zh_CN','\u4e2d\u6587(\u7b80\u4f53)'],['ja','\u65e5\u672c\u8a9e'],['ko','\ud55c\uad6d\uc5b4']]
,'sensitivity':'High'
,'senderAuth':false
,'trafficKey':'JM\xae(sr\xa9\xce\x8c\xfa\x90M3\x958\xcb\x02Er\xb7a\xa6\x14\xf93%\xfa\xca\x81\xd3\xec\xe4'
,'expiryDate':''
,'createDateEpoch':1734380027000
,'createDate':'12/16/2024 08:13:47\xa0PM\xa0GMT'
});

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a function call with an object literal as an argument. The object contains various properties related to an RPC (Remote Procedure Call) request, such as the RPC reference, callback function, action, status, message, state, locale, request time, request number, success flag, session ID, recipient, cache flags, online status, request state, creation date, and offer logout. While the snippet includes some potentially sensitive information like the session ID, it does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or suspicious redirects. The overall behavior seems to be related to a legitimate RPC request, and the risk level is relatively low."
}

if(l_)
l_({
"RPCRef":payload.rpc,
"callback":qp
,'action':'open'
,'status':23
,'message':''
,'state':9
,'locale':'en'
,'reqTime':1734383014379
,'reqNumber':6
,'success':true
,'sessionId':'FD833C7B61A155B752A377827E7DE1D8'
,'recipient':''
,'cacheFlags':0
,'openOnline':false
,'requestState':-1
,'createDateEpoch':1734380027000
,'createDate':'12/16/2024 08:13:47\xa0PM\xa0GMT'
,'offerLogout':true
,'credentialsExpiredWarning':'false'
,'credentialsExpiredDays':'-1'
});