Windows Analysis Report
https://timecusa-my.sharepoint.com/:f:/p/stephensw/Erq5TMDIJBVBvh6vbWmpurEB4UwHKTW8nzSkPE2Ckmvugg?e=SepTcT

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://timecusa-my.sharepoint.com

{
    "risk_score": 4,
    "reasoning": "The script demonstrates some moderate-risk behaviors, such as dynamic code execution and external data transmission, but it appears to be part of a legitimate web worker implementation. The script fetches and evaluates a web worker script, which is a common practice. However, the use of `eval` and the lack of transparency around the fetched script's contents warrant further review to ensure there are no malicious intentions."
}

	(function(global) {
try {
(typeof markPerfStage === 'function' && markPerfStage('spWorkerInit'));
const code = "self._messageEvents = []; self.onmessage = function(evt) {self._messageEvents.push(evt);}; fetch(self.location.origin + '/_layouts/15/spwebworkerproxy.ashx').then(function(rsp) {if (rsp.ok) {return rsp.text();} else {return Promise.reject({msg: 'Failed to fetch web worker script.', status: rsp.status, statusText: rsp.statusText});}}).then(function(txt) {try {eval(txt);} catch(evalErr){return Promise.reject({msg: 'Failed to eval: ' + evalErr.toString()});}}).catch(function(err) {setTimeout(function() {throw new Error(JSON.stringify(err));});});";
const blob = new Blob([code], { type: 'text/javascript' });
const blobObjUrl = URL.createObjectURL(blob);
global.__spWorker = new Worker(blobObjUrl, {name: 'SP Worker'});
global.__spWorker.addEventListener('message', function(ev) {
    if (ev.data === 'SPWebWorker started.') {
        (typeof markPerfStage === 'function' && markPerfStage('spWorkerStarted'));
        global.__spWorkerStarted = true;
        URL.revokeObjectURL(blobObjUrl);
    }
});
global.__spWorker.onerror = function(er) {
    if (er.message.includes('Failed to fetch web worker script') || er.message.includes('Failed to eval') || er.message.includes('Failed to execute')) {
        global.__spWorkerStarted = false;
        global.__spWorkerError = er.message;
        global.__spWorker.terminate();
        delete global.__spWorker;
        URL.revokeObjectURL(blobObjUrl);
    }
};
} catch(e) {}})(self);

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a performance measurement utility, which is a common and legitimate practice. It uses the `window.performance.now()` or `Date.now()` methods to record timestamps for various performance stages, and optionally calls `window.performance.mark()` to create performance marks. This functionality does not exhibit any high-risk indicators and is likely part of a larger application's performance monitoring system."
}

if(!spfxPerfMarks){var spfxPerfMarks = {};} var markPerfStage=function(key) {if(window.performance && typeof window.performance.now === 'function'){spfxPerfMarks[key]=window.performance.now();} else{spfxPerfMarks[key]=Date.now();} if (window.performance && typeof window.performance.mark === 'function') {window.performance.mark(key);}};

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a fallback mechanism for loading a critical script for the Office 365 suite navigation. It listens for the 'load' and 'error' events on the 'SuiteNavShellCore' element, and if an error occurs, it dynamically creates a new script element and appends it to the document head. This behavior is likely a legitimate part of the Office 365 application and does not demonstrate any high-risk indicators. The script is interacting with known, trusted domains (e.g., 'shell.cdn.office.net'), and the overall behavior is consistent with typical application functionality."
}

	window.document.getElementById('SuiteNavShellCore').addEventListener('load', function() { (typeof markPerfStage === 'function' && markPerfStage('suiteNavScriptAsyncEnd')); if (window.executeSuiteNavOnce) { window.executeSuiteNavOnce() } window.shellCoreLoaded = true; });window.document.getElementById('SuiteNavShellCore').addEventListener('error', function() { 
var scriptElem = document.getElementById('SuiteNavShellCore');
scriptElem.parentNode.removeChild(scriptElem);
var newScript = document.createElement('script');
newScript.setAttribute('type', 'text/javascript');
newScript.setAttribute('id', 'SuiteNavShellCore');
newScript.setAttribute('src', 'https://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell');
newScript.setAttribute('crossorigin', 'anonymous');
newScript.async = true;
newScript.addEventListener('load', function() { (typeof markPerfStage === 'function' && markPerfStage('suiteNavScriptAsyncEnd')); if (window.executeSuiteNavOnce) { window.executeSuiteNavOnce() } window.shellCoreLoaded = true; });
newScript.addEventListener('error', function() { window.o365ShellScriptLoadError = arguments[0]; (typeof markPerfStage === 'function' && markPerfStage('suiteNavScriptError')); if (window.executeSuiteNavOnce) { window.executeSuiteNavOnce() } window.shellCoreLoadError = true; });
document.head.appendChild(newScript); });

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a configuration object for the Fabric framework, which is a Microsoft-owned library used for building web applications. The snippet does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily sets up configuration variables and SRI hashes, which are commonly used for resource integrity checks. While the snippet uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be part of a legitimate web application and does not exhibit any suspicious behavior."
}

	var g_responseEnd = new Date().getTime();window.performance && performance.mark('EUPL.W3CResponseEnd');window['FabricConfig'] = { fontBaseUrl: ''};window['__odsp_culture'] = 'en-us';window['__odspSriHashes'] = {"0":"sha256-7WEqmx3TEpPsUNScFsArEaJtNOAEofrOqIYGICW3KfY=","1":"sha256-uJbMVHLUCcePSAf0pXTlw23WYkzeXTIM+UUsLOUSa10=","2":"sha256-LyyGFhlXlqJdWe2QrTw347mQlA/Y1Zk1U1tqNuwjLZI=","3":"sha256-/KA+B2Zzb4xU+Qy4R9H7ownTFvhstIFu3hkuGL0mFGs=","4":"sha256-D4Hbdlz0W3yGcUMyUpOS6NYpSF0VLTjZQvJo26sU368=","5":"sha256-GLhGugUZj9L9COaA5GfGp9W3TwJ/E0mi8EUFXHQkG5M=","6":"sha256-YgWFjy5RdMNFkxokol0xLlGVgo+dqGuxzL+foVb9UNk=","7":"sha256-iRIoqBC2v2hCmcN06HJjrjvVgfKdU25vySlDrKUHPos=","8":"sha256-bD/MSLr5NRQyAnMTxCsH1I5jn6k/5A973nCD67aaVTY=","9":"sha256-dZdpT6UiyOzei7sGxuss/Slw2xNwx2VGtHADO9fnqvU=","10":"sha256-5ZO1Ru07j7BOF5lShPfNt+YLrTOlVl257pEOSo3WH28=","11":"sha256-cgOa1T+otiXDMAxCwUPorn4naTG/1xeRDZPcHTdtBgg=","12":"sha256-BPyRk4BJydv3TZxVC6pE7RSj5IPUEAZyP7UVd00F+uU=","13":"sha256-PfO51EqJraEMC+IAesWZ3fQG0XtK8wtp1sFWIIlk/50=","14":"sha256-5tJ6C0ooFF8yswcjCPugBWWJYSzR9zrgPRxahtYs0AI=","15":"sha256-XgfH9Fk/96/qbpUBAYLQ0MwxpyW2St3KCq8ndoYZYdU=","16":"sha256-OFpFmUzw/ChQGdzYL37xHjQ/zJfECwjMTXy7Ro9IErw=","17":"sha256-AT/RhE7OBwDGKMC8evLos1jLHmIbrVGymhvrBuoLvJE=","18":"sha256-n8EGHiSy/hjQeNhWs+6/Jd7CgsKRBWz9tRV1O3sgwag=","19":"sha256-GFTnLFO0NUhUhfbYdjED6I/ex0JsIIzIrNZt6Btq0EM=","20":"sha256-B7WmG0llZzoRKNsqscWb7IzhYwtE11z465sREhvOBLE=","21":"sha256-ifQAocGNQrM2nKAI68lcsJKRUrFFUWw1cZiKkL8E8IM=","22":"sha256-Goz6RBJTsQLyFbOrTWu4CNDejprPvRPslbl3Py6w5qw=","23":"sha256-Jrv2/OiVJ7BcXOsvKHoz2JUi4Ii9MDKY1keheLV9uCU=","24":"sha256-8/mWpzV8w/tJAVqbvCPOOmzF0s59MbccTvxZJIZ30nA=","25":"sha256-gt5Nqk54wz7STHkEUl8LDOGHBi7nVI0raXCYaH382Z4=","26":"sha256-NaH9o5PjUnVWSP+r7qbiJCh7EvTcqBc1FdfOwz+GwWU=","27":"sha256-VwTtwMzFPYc56bmJ/GgHkhjIqGxHJvIBlPwivU1dw0A=","28":"sha256-v/m/VbW8exBWbeGMBUchY9+UKI1FNjDqVmqeftBoRX0=","29":"sha256-Y4z0hBU3cT7OuW6+SywLG6lkcFEHkMeaLEgfuv7Cs2A=","30":"sha256-me2Vr9dhSUZira8aFqhWEz9VyLLo7CtmjYXM63LqrMk=","31":"sha256-UGLreoxVcltNS+erG9Mydce2a0UbphCKUoLyS97IR7c=","32":"sha256-gUYOOlCAvNaDQ55v3UUsc1E6AksbWWF1sG0q8yVCJTg=","33":"sha256-mdFkKuAvY8AGNySFRSR3yYdafg6aguFFsnHIamceoMw=","34":"sha256-X7jPPvhSfBSqpz4TdiW7sdiWx24u9VjoR1OX2Wk4jvc=","35":"sha256-PjejAwjruqS9Ar+5GjMxJj2mc2WvR7USh1f1CWWNUdY=","36":"sha256-eiKZlQIdlEjAHlLuJksrkVhp07H9MUg+P2RhOssaM9c=","37":"sha256-iBd6k4fiBx9tbKsE4nF+UjF/QUsz8kpLk+4ugabEvAg=","38":"sha256-Y9tX+dfY/rS0JdWFqCFAArZbjpaMfcrkfLVhDgSo45o=","39":"sha256-ZyK8FPib+6zd2rLQHEQyiVEOCRRU4q3ferUITrbIg1A=","40":"sha256-bpSh9eYjkz/XVUTPc9nRV7etX/mor9UB5tjT3iztwDs=","41":"sha256-QW0vwJqEVh89Db3VO3CGzvwfS4ZIJPVFKpo5OcnCd2Q=","42":"sha256-bEGJRHGZYiwW8D8BIsM7EIMecM/IGbjXzwfS6W2og9M=","43":"sha256-1mbWeDqZLeLfDfcV9E1TY7yT4E2Cg8BVzb69lhaqHQk=","44":"sha256-3s+sSXI7BE4c7fne+pG4LUz/wL1WnM11Cn6/9g7+c5o=","45":"sha256-c5LMNroCaaHIPJmPCDbCjwGDo9ro+yXLXOvZyf0w6FQ=","46":"sha256-Mz3I/UfzNz0NN7dWLcLD6Cyh2gTsppAfFT14UhlGCZw=","47":"sha256-5JFx1blkLslf5rmZLXeKPvST0nYID6DVcKoFeQ7yM3k=","48":"sha256-Hh1+DLmdzBPY/Y3pKCv6NuaQu6MEBnJPj2j8WnfuAWk=","49":"sha256-Qhf5iZhO4BJCdI0s03nsJ0qXi8CD53xjAvw26W8i1PU=","50":"sha256-moC+3yYnEsh00z3Opq+qgxcxNMD2I46YPun3bPXvdf4=","51":"sha256-xHHZc/lmhZB2sDeXG0LRs7fmzCptNJ8QLC82wd6+3WE=","52":"sha256-+iwjjvk5ipYNW1Brx+EfDvN2atdQoJOM6YEpVU/7TJc=","53":"sha256-iU4E0WqX+b8J4H6yObdTYdSbxnEt8eoEuemIjNPTAK8=","54":"sha256-3OFAh9+LnKuc6/sXEzKnIJ69IJy+Up9uMoAe+T5d+TY=","55":"sha256-GBX6te3MoUhgNANNlpulbc2z2t9e0CwilVNw+MBxx1s=","56":"sha256-8Zxll3RHjBiJuT/pjB4DqFhDnSt5VBvCgns9hDguiFw=","57":"sha256-P6NDTgDNsib+XPLaCnb0j6oJ3xssL+wxRmieCgAiVks=","58":"sha256-gWHgoklqkdJL9O6DASs80yPaeG9H55gUdGDxk9A/uW0=","59":"sha256-NZLvf2AHUuiULkSQn0JHIMZUMhTNPelFU+OvNfsy+7I=","60":"sha256-7cDgqR0giqHfrOrejywfkySV2GiiqfPepuxT3RKlfQE=","61":"sha256-gNAdb3y8wm29qf/C5ax0ocu8W/T9jCN0i5r/GCCWeCg=","62":"sha256-oohyMUiwjLS3bK9pXOEP5BMadeXVzbn+IwxKUt7bZTQ=","63":"sha256-7rsUuxQ4jzaeg+GQt0/+zdx+OGmGgnqX3sbeagoJErg=","64":"sha256-1PNZDO6Nl+O+

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a configuration object for a SharePoint context, which includes various properties related to the user's session and the SharePoint site. While it contains some potentially sensitive information, such as access tokens and URLs, the overall behavior does not indicate any high-risk activities. The snippet seems to be part of a legitimate SharePoint application and does not exhibit any clear signs of malicious intent."
}

	var _spPageContextInfo={"ListCountLimit":0,"FieldCountLimit":0,"ClientPrefetchBehavior":0,"IsConsumerListsPaidUser":false,"IsConsumerFilesPaidUser":false,"siteDisabled":false,"isCommonDomainRequestContext":false,"webServerRelativeUrl":"/personal/stephensw_timecusa_com","webServerRelativeUrlLegacy":"","webAbsoluteUrl":"https://timecusa-my.sharepoint.com/personal/stephensw_timecusa_com","webAbsoluteUrlLegacy":"","viewId":"","webPropertyFlags2":0,"listId":"{fcd40c07-48bc-4878-91cb-5d5148e2934b}","listTemplateId":"","listPermsMask":{"High":48,"Low":134287360},"listUrl":"/personal/stephensw_timecusa_com/Documents","listUrlLegacy":"","listTitle":"Documents","listBaseTemplate":700,"listBaseType":1,"listForceCheckout":false,"draftVersionVisibilityType":0,"thirdPartyReplyUrisUpdated":false,"ariaCollectorUrl":"https://browser.pipe.aria.microsoft.com/Collector/3.0/","secureBrokerDomainName":"securebroker.sharepointonline.com","oneDsCollectorUrl":"https://mobile.events.data.microsoft.com/OneCollector/1.0/","driveInfo":{".accessToken":"access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvdGltZWN1c2EtbXkuc2hhcmVwb2ludC5jb21ANzkzMjIzNDQtN2JjYS00MDViLWE5ZjktYTM3Y2QzOTQzNzUxIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIiwibmJmIjoxNzM2Nzk3NzA3LCJleHAiOjE3MzY4MTkzMDcsImlzbG9vcGJhY2siOiJUcnVlIiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTk0YjE0ZDg1YjdhNmRmNjY0MmQxZGFmMTIyYTZhZTE4NDg1Y2YwZDNkYmUzMGU0M2MwNWJiMTc5NDY2OGE1MiIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTk0YjE0ZDg1YjdhNmRmNjY0MmQxZGFmMTIyYTZhZTE4NDg1Y2YwZDNkYmUzMGU0M2MwNWJiMTc5NDY2OGE1MiIsInR0IjoiMCIsInVzZVBlcnNpc3RlbnRDb29raWUiOiIyIn0.FvA4xPNRY-tcf0nK4sb40ODZwbDq8E1jJWWhbvhvrWQ\u0026prooftoken=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InVYZWhRSlBsZVZqTkNiYWtVaEdENkl5RlFRayJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAKiIsImlzcyI6IjAwMDAwMDAzLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMEAqIiwibmJmIjoiMTczNjc5Mjg1NiIsImV4cCI6IjE3MzczOTc2NTYiLCJwcmYiOiJHZ1lTSGhuZ2pRVTBWK3BmS25Ea3pveGdiMForUTlaWkwzRzJ4UDIyNGdlaTltWW8vbzBVMTVPTG5hcWlGRE5kcnU1dlJUSkZ2dW56Y1JOOUFSSm5DdXgwS1g1ekpDQ29zZGhJZzlWR0ZGczZ4TjNyZlVaNmdrelE0eWM3cmxRZkRJU1lwSHNmNjVvQzFONHdyWkFEcHl1ME5LN0VLeGViVU9qZ1dUYXRPM2R0TGJ4UlNPZW11ZVNjTXJQRVVKNDVsNko4YnkvbWloR0Q3UWhnRVpYTSs3azBsL1o0QWFmVjlNZE9uMDVHWDEwNytsZVRZUkxZdGV3V3cyNWsrWWI1SjJYbElJMkpQK3V1cHJQWDZPUG0yM0swNi9xQlZFOWo1elAvVm1nVHJGbFFoWTBKQ21WancvUHgvSlBDOFY2ampFNXg4NGtRNHM1OUVZbTlmOTNaSEE9PSIsImlzdXNlciI6InRydWUiLCJmaWQiOiIyMDEzNDMifQ.Iml_b1kQbYcq3zO44eXSW5fZ3_J_VIh1j51Sh5o10lIFHLtsUyPtz7eTRYI6bxnpn8XidquJsrir_zFyGehaVGKrt5li60hWykoyTBxUzzsifmIfhABW35XvgOGHrWDhaBFGh4ulMmpR_ia23PsSI6k7mxTwxEpsS1EfrqKgZoeUYgeeJMMSXRC_NQAk-r7zxafIyKT8f9VqD1y17xTvj35BjL6k1GA0HVE_X8Z0zhRLToFyU89G25vI3s2_3evJ93bx5c5kluG8WaDGKvuGO3j4b5mPCzryOh8oItJ_HLSh8N6VcBIBHKcCTAC-iJQx9xH984DXB_4imbU4uc6B_A",".driveUrl":"https://timecusa-my.sharepoint.com/_api/v2.0/drives/b!0OH5TK6tgU-4skays1v7b3vjXqAEJ4pMuPcoujHoKfsHDNT8vEh4SJHLXVFI4pNL",".driveAccessToken":"access_token=v1.eyJzaXRlaWQiOiI0Y2Y5ZTFkMC1hZGFlLTRmODEtYjhiMi00NmIyYjM1YmZiNmYiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvdGltZWN1c2EtbXkuc2hhcmVwb2ludC5jb21ANzkzMjIzNDQtN2JjYS00MDViLWE5ZjktYTM3Y2QzOTQzNzUxIiwiZXhwIjoiMTczNjgxOTMwNyJ9.CiMKCXNoYXJpbmdpZBIWV2twUnoxVzFVazZGWU1nTzhobkcyZwoJCgRzbmlkEgE5EgsI5pCpgamF2j0QBRoMOC40Ni4xMjMuMTg5IhRtaWNyb3NvZnQuc2hhcmVwb2ludCosajVJWmlwQUwzUGNvZHpvVGFYQlhKRnhkcU56TS93QU1hN3dXMnlXemEzbz0wdjgBQhChdzYrUhAAAFzAUilRHwhtShBoYXNoZWRwcm9vZnRva2VuYgR0cnVlcmEwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMxOTRiMTRkODViN2E2ZGY2NjQyZDFkYWYxMjJhNmFlMTg0ODVjZjBkM2RiZTMwZTQzYzA1YmIxNzk0NjY4YTUyegEwwgFhMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTk0YjE0ZDg1YjdhNmRmNjY0MmQxZGFmMTIyYTZhZTE4NDg1Y2YwZDNkYmUzMGU0M2MwNWJiMTc5NDY2OGE1MsgBAQ.pKQYr9Wo7lGa_FHbFektZBPa-1ZmiBRhpejcZ_N3CLg",".driveAccessTokenV21":"access_token=v1.eyJzaXRlaWQiOiI0Y2Y5ZTFkMC1hZGFlLT

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate implementation of the Office 365 Shell, which is a common component used in Microsoft's web applications. The code sets up several Promise objects to handle the loading and rendering of the suite navigation, and it also configures the theme data for the navigation. While the code uses some dynamic techniques like `createElement` and `insertBefore`, these are common practices for rendering UI components. Overall, the behavior of this script is consistent with its intended purpose and does not exhibit any high-risk indicators, so it is assessed as a low-risk script."
}

	window.o365ShellLoadPromiseResolve = undefined; window.o365ShellLoadPromiseReject = undefined; window.o365ShellRenderPromiseResolve = undefined; window.o365ShellRenderPromiseReject = undefined; window.o365ShellPostRenderPromiseResolve = undefined; window.o365ShellPostRenderPromiseReject = undefined; window.o365ShellLoadPromise = new Promise(function (loadResolve, loadReject) { window.o365ShellLoadPromiseResolve = loadResolve, window.o365ShellLoadPromiseReject = loadReject }); window.o365ShellRenderPromise = new Promise(function (renderResolve, renderReject) { window.o365ShellRenderPromiseResolve = renderResolve, window.o365ShellRenderPromiseReject = renderReject }); window.o365ShellPostRenderPromise = new Promise(function (prResolve,prReject) { window.o365ShellPostRenderPromiseResolve = prResolve, window.o365ShellPostRenderPromiseReject = prReject });var executeSuiteNav = function () {var suiteNavPlaceholder = document.createElement('div');suiteNavPlaceholder.id = 'SuiteNavPlaceholder';suiteNavPlaceholder.style = "min-height: 48px";document.body.insertBefore(suiteNavPlaceholder, document.body.firstChild);if (window.o365ShellScriptLoadError) {o365ShellLoadPromiseReject(window.o365ShellScriptLoadError);o365ShellRenderPromiseReject(new Error('SuiteNavLoadError'));o365ShellPostRenderPromiseReject(new Error('SuiteNavLoadError'));return; }o365ShellLoadPromiseResolve();var themeData = {
                    Primary: 'transparent',
                    AppName: '#424242',
                    DefaultText: '#424242',
                    DefaultBackground: 'transparent',
                    HoverText: '#0F6CBD',
                    HoverBackground: '#EBEBEB',
                    SelectedText: '#0F6CBD',
                    SelectedBackground: '#E0E0E0',
                    PressedText: '#115EA3',
                    PressedBackground: '#D6D6D6',
                    SearchBoxBackgroundActive: '#FFFFFF',
                    SearchBoxBackgroundInactive: '#FFFFFF'
                };var searchQueryViewParam = window.location.search.substring(1).split('&').filter(function (s) { return s.indexOf('q=')===0; })[0]; var searchQuery = searchQueryViewParam ? decodeURIComponent(searchQueryViewParam.substring(2)) : ''; (typeof markPerfStage === 'function' && markPerfStage('suiteNavRenderAsyncStart'));O365Shell.RenderAsync({top: 'SuiteNavPlaceholder', layout: 'Mouse', enableSearchUX: false, initialSearchUXVisibility: false, initialSearchUXPlaceholderText: 'Search', initialSearchUXSearchText: searchQuery, enable

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate function that executes a suite navigation feature once, with checks to ensure it is not executed multiple times or in certain specific scenarios. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script is primarily focused on managing the execution of the suite navigation functionality, which is a common and expected behavior in web applications. While the script uses some legacy practices like `window.location.search.substring(1).split('&')`, these are low-risk indicators and do not raise significant security concerns. Overall, the script seems to be part of a larger application and does not demonstrate any malicious intent or high-risk activities."
}

	
window.executeSuiteNavOnce = function () {
    if (!window.hasSuiteNavExecuted && !!window.O365Shell) {
        (typeof markPerfStage === 'function' && markPerfStage('executeSuiteNavOnceStart'));
        
var params = window.location.search.substring(1).split('&') || [];
var shouldExecuteSuiteNav = true;
shouldExecuteSuiteNav &= params.indexOf('p=2') === -1;
shouldExecuteSuiteNav &= params.indexOf('p=12') === -1;
shouldExecuteSuiteNav &= params.indexOf('cl=true') === -1;
shouldExecuteSuiteNav &= params.filter(function (x) { return x.indexOf('parent') === 0; }).length === 0 || params.indexOf('p=5') !== -1;
try { shouldExecuteSuiteNav &= window.parent === window || window.parent.g_enableSuiteNavInIframe === true; } catch(err) { shouldExecuteSuiteNav = false; }
if (shouldExecuteSuiteNav) { executeSuiteNav(); window.hasSuiteNavExecuted = true; }

        (typeof markPerfStage === 'function' && markPerfStage('executeSuiteNavOnceEnd'));
        window.isSuiteNavDisabled = !window.hasSuiteNavExecuted;
    }
}
executeSuiteNavOnce();

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a configuration for a content delivery network (CDN) used by the Office 365 platform. It sets up fallback mechanisms for loading resources from multiple CDN endpoints, which is a common practice to improve reliability and performance. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The behavior is consistent with typical CDN configuration and resource loading, which is a legitimate use case. Therefore, the overall risk score is low."
}

	
window.__odsp_cdnConfig = {"baseUrls":["https://res-1.cdn.office.net/files/odsp-web-prod_2025-01-03.002/","https://res-2.cdn.office.net/files/odsp-web-prod_2025-01-03.002/"],"libraryKey":"sp-client","key":"odsp-web-prod_2025-01-03.002"};
(function () {
  var baseUrls = window.__odsp_cdnConfig.baseUrls;
  function getOrigin(url) {
    var match = url.match(/^https:\/\/[^\/]+\//);
    return match && match[0];
  }
  var origins = baseUrls.map(getOrigin);
  window.__backupBaseUrl = baseUrls[1];
  var backupBaseUrl = baseUrls[1];
  var failOverState = (window.__cdnFailOverState = {
    baseUrlFailedOver: false,
    modulesFalledBack: [],
    onPathFallback: function (moduleId, paths) {
      var failedModules = failOverState.modulesFalledBack;
      failedModules.push(moduleId);
      if (!failOverState.baseUrlFailedOver && failedModules.length >= 2) {
        for (var id in paths) {
          var items = paths[id];
          if (Array.isArray(items) && items.length > 1) {
            items.shift();
            require.undef(id);
            require(null, {
              skipMap: true
            })([id]);
          }
        }
        require.config({
          baseUrl: backupBaseUrl,
        });
        failOverState.baseUrlFailedOver = true;
      }
    },
  });
  function processConfigToSupportFailOver(config) {
    var paths = config.paths,
      bundles = config.bundles;
    function getUrl(origin, index) {
      return origin
        ? origins[index]
        : baseUrls[index];
    }
    for (var id in paths) {
      var path = paths[id];
      var backup;
      paths[id] = [];
      for (var _b = 0; _b < origins.length; _b++) {
        backup = path.replace(/^(https:\/\/[^\/]+\/)?/, function (match) {
          return getUrl(match, _b);
        });
        paths[id].push(backup);
      }
    }
    for (var id in bundles) {
      var path = paths[id];
      if (path) {
        for (var _a = bundles[id], i = _a.length - 1; i >= 0; i--) {
          paths[_a[i]] = path;
        }
      }
    }
    config.onPathFallback = function (opts) {
        var id = opts.moduleId,
        config = opts.config,
        deps = config && config.deps;
        if (id && deps && deps.indexOf(id) >= 0) {
            failOverState.onPathFallback(id, paths);
       }
    };
    return config;
  }
  var config = {paths:{"plt.listviewdataprefetch":"odblightspeedwebpack/plt.listviewdataprefetch","initial.resx":"odblightspeedwebpack/en-us/initial.resx","odblightspeedwebpack":"odblightspeedwebpack/odblightspeedwebpack","ondemand.resx":"odblightspeedwebpack/en-us/ondemand.resx","deferred.resx":"odblightspeedwebpack/en-us/deferred.resx","16":"odblightspeedwebpack/16","29":"odblightspeedwebpack/29","36":"odblightspeedwebpack/36","54":"odblightspeedwebpack/54","30":"odblightspeedwebpack/30","59":"odblightspeedwebpack/59","58":"odblightspeedwebpack/58","152":"odblightspeedwebpack/152","410":"odblightspeedwebpack/410","5":"odblightspeedwebpack/5","14":"odblightspeedwebpack/14","19":"odblightspeedwebpack/19","20":"odblightspeedwebpack/20","24":"odblightspeedwebpack/24","74":"odblightspeedwebpack/74","37":"odblightspeedwebpack/37","57":"odblightspeedwebpack/57","81":"odblightspeedwebpack/81","345":"odblightspeedwebpack/345","odm":"odm-b2a83907","tslib":"https://res-1.cdn.office.net/files/sp-client/odsp.tslib/tslib-6a7224b3","odsp.util":"https://res-1.cdn.office.net/files/sp-client/odsp.utilities/odsp.util-90e28871","odsp.1ds.lib":"https://res-1.cdn.office.net/files/sp-client/odsp.1ds/odsp.1ds.lib-73522aa4","odsp.aria.lib":"https://res-1.cdn.office.net/files/sp-client/odsp.aria/odsp.aria.lib-ab227069","odsp.knockout.lib":"https://res-1.cdn.office.net/files/sp-client/odsp.knockout/odsp.knockout.lib-447adea9","odsp-media":"https://res-1.cdn.office.net/files/sp-client/odsp-media-08c82b19","odsp.react.lib":"https://res-1.cdn.office.net/files/sp-client/odsp.react/odsp.react.lib-9ea4d016","fui.util":"https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.utilities

{
    "risk_score": 4,
    "reasoning": "The provided JavaScript snippet appears to be a part of a larger application that handles file handling and app integration. While it does not contain any obvious high-risk indicators, there are some moderate-risk behaviors that warrant further review. The script interacts with external domains and APIs to fetch and manage file handler data, which could potentially lead to data exfiltration or other security concerns if not properly implemented. Additionally, the use of legacy APIs like `XDomainRequest` suggests the code may be outdated and potentially vulnerable. Overall, the script requires closer inspection to ensure the data handling and domain interactions are legitimate and secure."
}

"use strict";(self.odspNextWebpackJsonp=self.odspNextWebpackJsonp||[]).push([[29],{3045:function(e,t,n){n.d(t,{a:function(){return a}});var a={Schema:4}}
,3782:function(e,t,n){var a=n("tslib_538"),i=n(120),r=n(3045);function o(e){return!!e.fileHandler}function s(e){return o(e)&&!!e.promoted}function c(e){return o(e)&&!!e.builtIn}function d(e){return o(e)&&!!e.hidden}var l=/^(?:data|blob|javascript):/i,u=/^(?:data|http|https):/i;function f(e){return!l.test(e)}var p={svg:!0,png1x:!0,png1_5x:!0,png2x:!0};function m(e){var t,n;if(e)for(var a in e)if(p.hasOwnProperty(a)){var i=(n=e[a])&&u.test(n)?n:void 0;i&&(t||(t={}),t[a]=i)}return t}function _(e){return{file:e.file,folder:e.folder,allowMultiSelect:e.allowMultiSelect}}var h=function(){function e(e,t){this._dataRequestor=t.dataRequestor,this._prefetchCache=t.prefetchCache,this._localFileHandlerProvider=t.localFileHandlerProvider}return e.prototype.getFileHandlerData=function(e){return(0,a.yv)(this,void 0,void 0,function(){var t,n,l,u,p,h,b,g,v,y,S,D,I,x,C,O,w,E,A,L=this;return(0,a.SO)(this,function(k){switch(k.label){case 0:if(n=(t=e||{}).language,l=void 0===n?i.b.language:n,u=t.accessToken,p=void 0===u?void 0:u,h=t.endpoint,b=void 0===h?"":h,g=t.includePromotedApp,v=void 0!==g&&g,y=t.driveId,S=void 0===y?void 0:y,D=t.allowCookies,I=void 0===D?void 0:D,x=b+"/drive",S&&(x="me"===S?"".concat(b,"/me/drive"):"".concat(b,"/drives/").concat(S)),C=function(e){return(0,a.yv)(L,void 0,void 0,function(){var t,n,i,l,u,p,h,b,g,y,S,D,I,x,C,O,w,E,A,L,k,M,P,T,U,F,H,R,N,B,j,V,z;return(0,a.SO)(this,function(G){switch(G.label){case 0:return t={custom:[],create:[],open:[],preview:[]},n={},this._localFileHandlerProvider?(l=[[]],[4,this._localFileHandlerProvider.getLocalFileHandlers()]):[3,2];case 1:return i=a.lt.apply(void 0,[a.lt.apply(void 0,l.concat([G.sent(),!0])),e.value,!0]),[3,3];case 2:i=e.value,G.label=3;case 3:for(u=0,p=i;u<p.length;u++)if(o(h=p[u])&&!d(h)&&(b=v?s(h):void 0,g=c(h),y=h.application,S=h.id,D=h.actions,I=h.fileHandler,D&&(x=I.fileTypeDisplayName,C=I.fileTypeIconUrl,O=I.version)))for(w={id:S,appId:y.id,actionMenuDisplayName:I.actionMenuDisplayName,displayName:y.displayName,appIcon:m(I.appIcon),version:O,fileTypeDisplayName:x,fileTypeIcon:m(I.fileTypeIcon||{png1x:C}),isPromoted:b,isBuiltIn:g},E=0,A=0,L=D;A<L.length;A++)if(k=L[A],(M=k.url)&&f(M)&&(P=k.displayName,T=k.shortDisplayName,U=k.icon,F=k.availableOn)){switch(H="newFile"===k.type?"create":k.type,R={type:H,url:M,displayName:P,icon:m(U),availableOn:_(F),handler:w,id:E},N=F.file,B=N&&N.extensions,H){case"custom":if(!P)continue;if(R.shortDisplayName=T,!N&&!F.folder)continue;break;case"create":if(!B||!B[0])continue;break;case"open":case"preview":if(!N)continue;if(B&&!b)for(j=0,V=B;j<V.length;j++)z=V[j],(n[z]||(n[z]={open:[],preview:[]}))[H].push(R);break;default:continue}t[H].push(R),E++}return[2,{actions:t,preferences:n,version:r.a.Schema}]}})})},O=x+"/apps?"+(v?"select=*,promoted,builtIn&":"")+"$expand=actions",w="GetDriveApps",E=function(){return(0,a.yv)(L,void 0,void 0,function(){var e;return(0,a.SO)(this,function(t){switch(t.label){case 0:return[4,this._dataRequestor.send({path:O,apiName:w,headers:{"Accept-Language":l},accessToken:p,useAuthorizationHeaders:!!p,allowCookies:I})];case 1:return e=t.sent(),[4,C(e)];case 2:return[2,t.sent()]}})})},!this._prefetchCache)return[3,5];k.label=1;case 1:return k.trys.push([1,4,,5]),[4,this._prefetchCache.getData({url:O,body:"",qosName:w})];case 2:return A=k.sent(),[4,C(A)];case 3:return[2,k.sent()];case 4:return k.sent(),[3,5];case 5:return[4,E()];case 6:return[2,k.sent()]}})})},e}();t.a=h}
,4582:function(e,t){var n=function(){function e(e,t){this._dataRequestor=t.dataRequestor}return e.prototype.getPreAuthUrls=function(e){var t=e.items,n=e.accessToken,a=void 0===n?void 0:n,i=e.driveUrl,r=void 0===i?"":i,o=e.appId,s={items:t};return this._dataRequestor.send({path:"".concat(r||"/drive","/getPreAuthorizedUrls").concat(o?"?appId="+o:""),apiName:"GetPreAuthorizedUrls",postData:JSON.stringify(

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate implementation of the Office 365 Shell, which is a common component used in Microsoft Office web applications. The code sets up various Promise objects and functions to handle the loading and rendering of the suite navigation UI. While it uses some dynamic behavior, such as creating DOM elements and manipulating the URL, these actions are typical for this type of functionality and do not indicate any malicious intent. The script also includes configuration options and theme data, which are common for customizing the appearance of the Shell. Overall, this script seems to be a benign and expected part of the Office 365 web experience."
}

	window.o365ShellLoadPromiseResolve = undefined; window.o365ShellLoadPromiseReject = undefined; window.o365ShellRenderPromiseResolve = undefined; window.o365ShellRenderPromiseReject = undefined; window.o365ShellPostRenderPromiseResolve = undefined; window.o365ShellPostRenderPromiseReject = undefined; window.o365ShellLoadPromise = new Promise(function (loadResolve, loadReject) { window.o365ShellLoadPromiseResolve = loadResolve, window.o365ShellLoadPromiseReject = loadReject }); window.o365ShellRenderPromise = new Promise(function (renderResolve, renderReject) { window.o365ShellRenderPromiseResolve = renderResolve, window.o365ShellRenderPromiseReject = renderReject }); window.o365ShellPostRenderPromise = new Promise(function (prResolve,prReject) { window.o365ShellPostRenderPromiseResolve = prResolve, window.o365ShellPostRenderPromiseReject = prReject });var executeSuiteNav = function () {var suiteNavPlaceholder = document.createElement('div');suiteNavPlaceholder.id = 'SuiteNavPlaceholder';suiteNavPlaceholder.style = "min-height: 48px";document.body.insertBefore(suiteNavPlaceholder, document.body.firstChild);if (window.o365ShellScriptLoadError) {o365ShellLoadPromiseReject(window.o365ShellScriptLoadError);o365ShellRenderPromiseReject(new Error('SuiteNavLoadError'));o365ShellPostRenderPromiseReject(new Error('SuiteNavLoadError'));return; }o365ShellLoadPromiseResolve();var themeData = {
                    Primary: 'transparent',
                    AppName: '#424242',
                    DefaultText: '#424242',
                    DefaultBackground: 'transparent',
                    HoverText: '#0F6CBD',
                    HoverBackground: '#EBEBEB',
                    SelectedText: '#0F6CBD',
                    SelectedBackground: '#E0E0E0',
                    PressedText: '#115EA3',
                    PressedBackground: '#D6D6D6',
                    SearchBoxBackgroundActive: '#FFFFFF',
                    SearchBoxBackgroundInactive: '#FFFFFF'
                };var searchQueryViewParam = window.location.search.substring(1).split('&').filter(function (s) { return s.indexOf('q=')===0; })[0]; var searchQuery = searchQueryViewParam ? decodeURIComponent(searchQueryViewParam.substring(2)) : ''; (typeof markPerfStage === 'function' && markPerfStage('suiteNavRenderAsyncStart'));O365Shell.RenderAsync({top: 'SuiteNavPlaceholder', layout: 'Mouse', enableSearchUX: false, initialSearchUXVisibility: false, initialSearchUXPlaceholderText: 'Search', initialSearchUXSearchText: searchQuery, enableDelayLoading: true, collapseO365Settings: false, disableDelayLoad: false, disableShellPlus: false, isThinHeader: true, enableLegacyResponsiveBehavior: false, expectSearchBoxSettings: true, darkAccent: '#82C7FF', shellAuthProviderConfig: { type: 'webAadWithMsaProxy', login_Hint: 'urn:spo:anon#194b14d85b7a6df6642d1daf122a6ae18485cf0d3dbe30e43c05bb1794668a52', appSignInUrl: 'https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive', appSignOutUrl: 'https:\u002f\u002ftimecusa-my.sharepoint.com\u002fpersonal\u002fstephensw_timecusa_com/_layouts/15/SignOut.aspx', appSwitchUrl: 'https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive', appSwitchToUrl: function(params) { var n = params && params.nextAccount; if(!n) { return ''; } return (!n.type || n.type.toLowerCase() === 'aad' ? 'https://www.office.com/login?ru=%2Flaunch%2Fonedrive' : 'https://onedrive.live.com/?gologin=1') + (n.memberName ? '&login_hint=' + encodeURIComponent(n.memberName) : ''); }, aad: { appId: '00000003-0000-0ff1-ce00-000000000000', wreply: 'https:\u002f\u002ftimecusa-my.sharepoint.com\u002f_forms\u002fdefault.aspx' }, msa: { siteId:'250206', wreply: 'https:\u002f\u002ftimecusa-my.sharepoint.com\u002f_forms\u002fdefault.aspx' } }, shellDataOverrides: {AccountSwitchingEnabled: true,DisableMASTPopup: true,RoundedCornersSearchBoxEnabled: true, }, supportShyHeaderMode: true, shyHeaderActivationHeight:480, initialRenderData: { AppBrandTheme: themeData, D

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": true,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://bc5d8028.26e125934b57cd512fa70e06.workers.dev

{
  "contains_trigger_text": true,
  "trigger_text": "Please stand by, while we are checking if the site connection is secure\nWe need to review the security of your connection before proceeding.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "brands": [
    "Cloudflare"
  ]
}

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Cloudflare"
  ]
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://avaraconstructions.com

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://sharepoint.com