Windows Analysis Report
https://www.dropbox.com/l/scl/AAAdJL5V07Pd0hVjrvtltFwHjZx_pjU04CU

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://www.dropbox.com

{
    "risk_score": 1,
    "reasoning": "This is a benign performance measurement script that simply records the start time of JavaScript execution using the standard performance.now() API. This is a common and legitimate practice for performance monitoring and analytics. No data transmission, DOM manipulation, or suspicious behavior is present."
}

window.EDISON_METRICS_JS_EXECUTION_START = performance.now();

{
    "risk_score": 1,
    "reasoning": "This script performs basic performance timing measurement using standard browser APIs (performance.now()) and stores the result in a global variable. It's a legitimate performance monitoring snippet with no data transmission, DOM manipulation, or suspicious behavior. The code is clear, unobfuscated, and follows common telemetry practices."
}

(function () {
    var start = performance.now();
    window.addRequireLoadCallback(function() {
        window.EDISON_METRICS_REQUIRE_LOAD_CALLBACK_TIME = performance.now() - start;
    });
})();

{
    "risk_score": 2,
    "reasoning": "The script appears to be a legitimate file viewer integration with Dropbox. While it uses base64 encoding (which can be a red flag), the decoded content reveals standard Dropbox file viewing parameters. The script interacts with dropbox.com, a trusted domain, and uses standard require.js pattern for module loading. No high-risk behaviors like eval() or suspicious data transmission are present."
}

window.addRequireLoadCallback(function() {
    window.require(["js/edison/edison"], function (edisonModule) {
        edisonModule.Edison.registerStreamedPrefetch("EqgGCit1c2VyX3N1cnZleS5FZGlzb25Vc2VyU3VydmV5UHJlZmV0Y2hTZXJ2aWNlEhVFZGlzb25Vc2VyU3VydmV5RmV0Y2gaxQUSwgVS3gJodHRwczovL3d3dy5kcm9wYm94LmNvbS9zY2wvZmkvdHhlZThoa2dtMW44dXc2cmd5MnAyL1JILTAyLTEyLTIwMjQtRE9DLTk0NzAzLThSSjk4NDAtM0pCWDAzMzgucGRmP2RsPTAmb3JlZj1lJnI9QUNTS1dHLWMtbUhTTFp0TWRLQ29NbnJDMDV6NTJjVmJkVl96cUZWSEpSTlRQN1RucjE2bXZJSnp1OFFVWEhKcWFfUmxrVjRUUmoybG9Od3FjNFFjRmlKeHIyVEo2bVZBb2RqdFItZzhzcU1lTzBQVVZlOVduNkZjS3I0cVRvRkZMVmIzdVBVTTdhRktsS25VUU9XTWtXeXU3eTRPemFVemliQkQ0aTJob2daeHBiRm1zNkZQYzk5M2VWa3ItcEpMenhpcjkwZXR0czBlOHdBMlVsNnJodXVhYjlGZk1fNnRlYVBCSUdpc0JBQjVfQVreAmh0dHBzOi8vd3d3LmRyb3Bib3guY29tL3NjbC9maS90eGVlOGhrZ20xbjh1dzZyZ3kycDIvUkgtMDItMTItMjAyNC1ET0MtOTQ3MDMtOFJKOTg0MC0zSkJYMDMzOC5wZGY/ZGw9MCZvcmVmPWUmcj1BQ1NLV0ctYy1tSFNMWnRNZEtDb01uckMwNXo1MmNWYmRWX3pxRlZISlJOVFA3VG5yMTZtdklKenU4UVVYSEpxYV9SbGtWNFRSajJsb053cWM0UWNGaUp4cjJUSjZtVkFvZGp0Ui1nOHNxTWVPMFBVVmU5V242RmNLcjRxVG9GRkxWYjN1UFVNN2FGS2xLblVRT1dNa1d5dTd5NE96YVV6aWJCRDRpMmhvZ1p4cGJGbXM2RlBjOTkzZVZrci1wSkx6eGlyOTBldHRzMGU4d0EyVWw2cmh1dWFiOUZmTV82dGVhUEJJR2lzQkFCNV9BKgtmaWxlX3ZpZXdlcjINc2NsX29ib2VfZmlsZQ==", "",  false );
    });
});

{
    "risk_score": 1,
    "reasoning": "This appears to be a legitimate RequireJS configuration file from Dropbox's content delivery network (dropboxstatic.com). It only defines paths for JavaScript modules and sets a server flag. No suspicious behaviors, external data transmission, or malicious patterns are present."
}

window.__SERVED_BY_EDISON_WEB_SERVER__ = true;
var requireConfig = {"baseUrl": "https://cfl.dropboxstatic.com/", "waitSeconds": 30, "paths": {"atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_abuse_funcaptcha_modal": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_abuse_funcaptcha_modal-vfluRZRRh", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_abuse_login_and_register_constants_fetch": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_abuse_login_and_register_constants_fetch-vflm1F8pr", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_accessibility_ax_audit": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_accessibility_ax_audit-vfl3OseNr", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_account_email": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_account_email-vflcZ8ZK5", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_account_email_verify": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_account_email_verify-vflAsNqNM", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_account_email_verify_reasons": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_account_email_verify_reasons-vfl45KzCh", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_account_menu_account_menu_contents": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_account_menu_account_menu_contents-vflMo0Bc1", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_account_menu_account_menu_upgrade_button_util": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_account_menu_account_menu_upgrade_button_util-vflBGajKs", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_account_menu_account_menu_util": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_account_menu_account_menu_util-vfltXEOaF", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_bar_file_actions_logging": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_bar_file_actions_logging-vflxk80lN", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_copy_action_action": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_copy_action_action-vflVtRlAa", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_delete_action_action": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_delete_action_action-vflbvOz4Q", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_download_action_action": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_download_action_action-vfl9nlji9", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_move_action_action": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_move_action_action-vflhLD7ge", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_open_in_action_dropdown": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_open_in_action_dropdown-vflbHTXm5", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_pdf_edit_action_action": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_pdf_edit_action_action-vflnt84v5", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_self_sign_action_action": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_self_sign_action_action-vflv0T_21", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_send_for_signature_action_action": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_send_for_signature_action_action-vflcFzAaz", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_unzip_action_action": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_unzip_action_action-vfldI_-_l", "atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_version_history_action_action": "static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_action_plugins_version_history_action_action-vflwlCEQI", "atlas/file_viewer/scl_oboe_file_bundle_

{
    "risk_score": 2,
    "reasoning": "This code appears to be a legitimate module loader with prefetch registration. It uses window.require pattern (common in AMD modules) and interacts with what seems to be an internal Edison module. The encoded strings are likely Base64-encoded configuration data rather than malicious obfuscation, and the URL points to Dropbox, a trusted domain. The code follows standard module loading practices."
}

window.addRequireLoadCallback(function() {
    window.require(["js/edison/edison"], function (edisonModule) {
        edisonModule.Edison.registerStreamedPrefetch("ErkGCjpwcml2YWN5X2NvbnNlbnRfZWRpc29uLlByaXZhY3lDb25zZW50RWRpc29uUHJlZmV0Y2hTZXJ2aWNlEhdDQ1BBSWZyYW1lUHJvcHNQcmVmZXRjaBrFBRLCBVLeAmh0dHBzOi8vd3d3LmRyb3Bib3guY29tL3NjbC9maS90eGVlOGhrZ20xbjh1dzZyZ3kycDIvUkgtMDItMTItMjAyNC1ET0MtOTQ3MDMtOFJKOTg0MC0zSkJYMDMzOC5wZGY/ZGw9MCZvcmVmPWUmcj1BQ1NLV0ctYy1tSFNMWnRNZEtDb01uckMwNXo1MmNWYmRWX3pxRlZISlJOVFA3VG5yMTZtdklKenU4UVVYSEpxYV9SbGtWNFRSajJsb053cWM0UWNGaUp4cjJUSjZtVkFvZGp0Ui1nOHNxTWVPMFBVVmU5V242RmNLcjRxVG9GRkxWYjN1UFVNN2FGS2xLblVRT1dNa1d5dTd5NE96YVV6aWJCRDRpMmhvZ1p4cGJGbXM2RlBjOTkzZVZrci1wSkx6eGlyOTBldHRzMGU4d0EyVWw2cmh1dWFiOUZmTV82dGVhUEJJR2lzQkFCNV9BWt4CaHR0cHM6Ly93d3cuZHJvcGJveC5jb20vc2NsL2ZpL3R4ZWU4aGtnbTFuOHV3NnJneTJwMi9SSC0wMi0xMi0yMDI0LURPQy05NDcwMy04Uko5ODQwLTNKQlgwMzM4LnBkZj9kbD0wJm9yZWY9ZSZyPUFDU0tXRy1jLW1IU0xadE1kS0NvTW5yQzA1ejUyY1ZiZFZfenFGVkhKUk5UUDdUbnIxNm12SUp6dThRVVhISnFhX1Jsa1Y0VFJqMmxvTndxYzRRY0ZpSnhyMlRKNm1WQW9kanRSLWc4c3FNZU8wUFVWZTlXbjZGY0tyNHFUb0ZGTFZiM3VQVU03YUZLbEtuVVFPV01rV3l1N3k0T3phVXppYkJENGkyaG9nWnhwYkZtczZGUGM5OTNlVmtyLXBKTHp4aXI5MGV0dHMwZTh3QTJVbDZyaHV1YWI5RmZNXzZ0ZWFQQklHaXNCQUI1X0EqC2ZpbGVfdmlld2VyMg1zY2xfb2JvZV9maWxl", "EAEy1AEKb01vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNhInMjQxMjYyODkyOTU0MzAwNzE5NzQzOTQzMzczMTg1Mjg3ODIxNDY1Ggw4LjQ2LjEyMy54eHgyAlVTOgZDaHJvbWVCBzExNy4wLjBKB1dpbmRvd3NSDDEwLk5vbmUuTm9uZVgB",  false );
    });
});

{
    "risk_score": 2,
    "reasoning": "The script appears to be legitimate Dropbox file viewer functionality. It uses base64 encoded parameters and makes requests to dropbox.com (a trusted domain). The code implements module loading and prefetching for file viewing capabilities. While it contains encoded data, this is standard practice for passing configuration parameters and not an attempt at malicious obfuscation."
}

window.addRequireLoadCallback(function() {
    window.require(["js/edison/edison"], function (edisonModule) {
        if (edisonModule.Edison.markServerSidePrefetchStarted) {
            edisonModule.Edison.markServerSidePrefetchStarted(["ErUGCipmaWxlX3ZpZXdlcl9lZGlzb24uRmlsZVZpZXdlckVkaXNvblNlcnZpY2USI1NoYXJlZENvbnRlbnRMaW5rUmVzb2x1dGlvblByZWZldGNoGsUFEsIFUt4CaHR0cHM6Ly93d3cuZHJvcGJveC5jb20vc2NsL2ZpL3R4ZWU4aGtnbTFuOHV3NnJneTJwMi9SSC0wMi0xMi0yMDI0LURPQy05NDcwMy04Uko5ODQwLTNKQlgwMzM4LnBkZj9kbD0wJm9yZWY9ZSZyPUFDU0tXRy1jLW1IU0xadE1kS0NvTW5yQzA1ejUyY1ZiZFZfenFGVkhKUk5UUDdUbnIxNm12SUp6dThRVVhISnFhX1Jsa1Y0VFJqMmxvTndxYzRRY0ZpSnhyMlRKNm1WQW9kanRSLWc4c3FNZU8wUFVWZTlXbjZGY0tyNHFUb0ZGTFZiM3VQVU03YUZLbEtuVVFPV01rV3l1N3k0T3phVXppYkJENGkyaG9nWnhwYkZtczZGUGM5OTNlVmtyLXBKTHp4aXI5MGV0dHMwZTh3QTJVbDZyaHV1YWI5RmZNXzZ0ZWFQQklHaXNCQUI1X0Fa3gJodHRwczovL3d3dy5kcm9wYm94LmNvbS9zY2wvZmkvdHhlZThoa2dtMW44dXc2cmd5MnAyL1JILTAyLTEyLTIwMjQtRE9DLTk0NzAzLThSSjk4NDAtM0pCWDAzMzgucGRmP2RsPTAmb3JlZj1lJnI9QUNTS1dHLWMtbUhTTFp0TWRLQ29NbnJDMDV6NTJjVmJkVl96cUZWSEpSTlRQN1RucjE2bXZJSnp1OFFVWEhKcWFfUmxrVjRUUmoybG9Od3FjNFFjRmlKeHIyVEo2bVZBb2RqdFItZzhzcU1lTzBQVVZlOVduNkZjS3I0cVRvRkZMVmIzdVBVTTdhRktsS25VUU9XTWtXeXU3eTRPemFVemliQkQ0aTJob2daeHBiRm1zNkZQYzk5M2VWa3ItcEpMenhpcjkwZXR0czBlOHdBMlVsNnJodXVhYjlGZk1fNnRlYVBCSUdpc0JBQjVfQSoLZmlsZV92aWV3ZXIyDXNjbF9vYm9lX2ZpbGU=","Ep4GCiN3ZWJfcGxhdGZvcm0uV2ViUGxhdGZvcm1FZGlzb25GZXRjaBITRWRpc29uRGV2VG9vbHNGZXRjaBrFBRLCBVLeAmh0dHBzOi8vd3d3LmRyb3Bib3guY29tL3NjbC9maS90eGVlOGhrZ20xbjh1dzZyZ3kycDIvUkgtMDItMTItMjAyNC1ET0MtOTQ3MDMtOFJKOTg0MC0zSkJYMDMzOC5wZGY/ZGw9MCZvcmVmPWUmcj1BQ1NLV0ctYy1tSFNMWnRNZEtDb01uckMwNXo1MmNWYmRWX3pxRlZISlJOVFA3VG5yMTZtdklKenU4UVVYSEpxYV9SbGtWNFRSajJsb053cWM0UWNGaUp4cjJUSjZtVkFvZGp0Ui1nOHNxTWVPMFBVVmU5V242RmNLcjRxVG9GRkxWYjN1UFVNN2FGS2xLblVRT1dNa1d5dTd5NE96YVV6aWJCRDRpMmhvZ1p4cGJGbXM2RlBjOTkzZVZrci1wSkx6eGlyOTBldHRzMGU4d0EyVWw2cmh1dWFiOUZmTV82dGVhUEJJR2lzQkFCNV9BWt4CaHR0cHM6Ly93d3cuZHJvcGJveC5jb20vc2NsL2ZpL3R4ZWU4aGtnbTFuOHV3NnJneTJwMi9SSC0wMi0xMi0yMDI0LURPQy05NDcwMy04Uko5ODQwLTNKQlgwMzM4LnBkZj9kbD0wJm9yZWY9ZSZyPUFDU0tXRy1jLW1IU0xadE1kS0NvTW5yQzA1ejUyY1ZiZFZfenFGVkhKUk5UUDdUbnIxNm12SUp6dThRVVhISnFhX1Jsa1Y0VFJqMmxvTndxYzRRY0ZpSnhyMlRKNm1WQW9kanRSLWc4c3FNZU8wUFVWZTlXbjZGY0tyNHFUb0ZGTFZiM3VQVU03YUZLbEtuVVFPV01rV3l1N3k0T3phVXppYkJENGkyaG9nWnhwYkZtczZGUGM5OTNlVmtyLXBKTHp4aXI5MGV0dHMwZTh3QTJVbDZyaHV1YWI5RmZNXzZ0ZWFQQklHaXNCQUI1X0EqC2ZpbGVfdmlld2VyMg1zY2xfb2JvZV9maWxl","Ep8GCiljb250YWN0cy5Db250YWN0c0NvbnN0YW50c1ByZWZldGNoU2VydmljZRIORmV0Y2hDb25zdGFudHMaxQUSwgVS3gJodHRwczovL3d3dy5kcm9wYm94LmNvbS9zY2wvZmkvdHhlZThoa2dtMW44dXc2cmd5MnAyL1JILTAyLTEyLTIwMjQtRE9DLTk0NzAzLThSSjk4NDAtM0pCWDAzMzgucGRmP2RsPTAmb3JlZj1lJnI9QUNTS1dHLWMtbUhTTFp0TWRLQ29NbnJDMDV6NTJjVmJkVl96cUZWSEpSTlRQN1RucjE2bXZJSnp1OFFVWEhKcWFfUmxrVjRUUmoybG9Od3FjNFFjRmlKeHIyVEo2bVZBb2RqdFItZzhzcU1lTzBQVVZlOVduNkZjS3I0cVRvRkZMVmIzdVBVTTdhRktsS25VUU9XTWtXeXU3eTRPemFVemliQkQ0aTJob2daeHBiRm1zNkZQYzk5M2VWa3ItcEpMenhpcjkwZXR0czBlOHdBMlVsNnJodXVhYjlGZk1fNnRlYVBCSUdpc0JBQjVfQVreAmh0dHBzOi8vd3d3LmRyb3Bib3guY29tL3NjbC9maS90eGVlOGhrZ20xbjh1dzZyZ3kycDIvUkgtMDItMTItMjAyNC1ET0MtOTQ3MDMtOFJKOTg0MC0zSkJYMDMzOC5wZGY/ZGw9MCZvcmVmPWUmcj1BQ1NLV0ctYy1tSFNMWnRNZEtDb01uckMwNXo1MmNWYmRWX3pxRlZISlJOVFA3VG5yMTZtdklKenU4UVVYSEpxYV9SbGtWNFRSajJsb053cWM0UWNGaUp4cjJUSjZtVkFvZGp0Ui1nOHNxTWVPMFBVVmU5V242RmNLcjRxVG9GRkxWYjN1UFVNN2FGS2xLblVRT1dNa1d5dTd5NE96YVV6aWJCRDRpMmhvZ1p4cGJGbXM2RlBjOTkzZVZrci1wSkx6eGlyOTBldHRzMGU4d0EyVWw2cmh1dWFiOUZmTV82dGVhUEJJR2lzQkFCNV9BKgtmaWxlX3ZpZXdlcjINc2NsX29ib2VfZmlsZQ==","Ep4GCiVzaWdudXBfc2lnbmluLk1hZ2ljTGlua0VkaXNvblByZWZldGNoEhFHb29nbGVPbmVUYXBGZXRjaBrFBRLCBVLeAmh0dHBzOi8vd3d3LmRyb3Bib3guY29tL3NjbC9maS90eGVlOGhrZ20xbjh1dzZyZ3kycDIvUkgtMDItMTItMjAyNC1ET0MtOTQ3MDMtOFJKOTg0MC0zSkJYMDMzOC5wZGY/ZGw9MCZvcmVmPWUmcj1BQ1NLV0ctYy1tSFNMWnRNZEtDb01uckMwNXo1MmNWYmRWX3pxRlZISlJOVFA3VG5yMTZtdklKenU4UVVYSEpxYV9SbGtWNFRSajJsb053cWM0UWNGaUp4cjJUSjZtVkFvZGp0Ui1nOHNxTWVPMFBVVmU5V242RmNLcjRxVG9GRkxWYjN1UFVNN2FGS2xLblVRT1dNa1d5dTd5NE96YVV6aWJCRDRpMmhvZ1p4cGJGbXM2RlBjOTkzZVZrci1wSkx6eGlyOTBldHRzMGU4

{
    "risk_score": 5,
    "reasoning": "Script contains heavily encoded/obfuscated strings (+3) and makes external requests to Dropbox (+2). However, Dropbox is a legitimate service (-1) and the code appears to be part of a file viewing system. The encoded parameters could be legitimate session or authentication tokens, but obfuscation warrants caution. Pattern suggests file prefetching functionality but requires further context verification."
}

window.addRequireLoadCallback(function() {
    window.require(["js/edison/edison"], function (edisonModule) {
        edisonModule.Edison.registerStreamedPrefetch("EpgGCiJmaW5nZXJwcmludGpzLkZpbmdlclByaW50SlNTZXJ2aWNlEg5GZXRjaENvbnN0YW50cxrFBRLCBVLeAmh0dHBzOi8vd3d3LmRyb3Bib3guY29tL3NjbC9maS90eGVlOGhrZ20xbjh1dzZyZ3kycDIvUkgtMDItMTItMjAyNC1ET0MtOTQ3MDMtOFJKOTg0MC0zSkJYMDMzOC5wZGY/ZGw9MCZvcmVmPWUmcj1BQ1NLV0ctYy1tSFNMWnRNZEtDb01uckMwNXo1MmNWYmRWX3pxRlZISlJOVFA3VG5yMTZtdklKenU4UVVYSEpxYV9SbGtWNFRSajJsb053cWM0UWNGaUp4cjJUSjZtVkFvZGp0Ui1nOHNxTWVPMFBVVmU5V242RmNLcjRxVG9GRkxWYjN1UFVNN2FGS2xLblVRT1dNa1d5dTd5NE96YVV6aWJCRDRpMmhvZ1p4cGJGbXM2RlBjOTkzZVZrci1wSkx6eGlyOTBldHRzMGU4d0EyVWw2cmh1dWFiOUZmTV82dGVhUEJJR2lzQkFCNV9BWt4CaHR0cHM6Ly93d3cuZHJvcGJveC5jb20vc2NsL2ZpL3R4ZWU4aGtnbTFuOHV3NnJneTJwMi9SSC0wMi0xMi0yMDI0LURPQy05NDcwMy04Uko5ODQwLTNKQlgwMzM4LnBkZj9kbD0wJm9yZWY9ZSZyPUFDU0tXRy1jLW1IU0xadE1kS0NvTW5yQzA1ejUyY1ZiZFZfenFGVkhKUk5UUDdUbnIxNm12SUp6dThRVVhISnFhX1Jsa1Y0VFJqMmxvTndxYzRRY0ZpSnhyMlRKNm1WQW9kanRSLWc4c3FNZU8wUFVWZTlXbjZGY0tyNHFUb0ZGTFZiM3VQVU03YUZLbEtuVVFPV01rV3l1N3k0T3phVXppYkJENGkyaG9nWnhwYkZtczZGUGM5OTNlVmtyLXBKTHp4aXI5MGV0dHMwZTh3QTJVbDZyaHV1YWI5RmZNXzZ0ZWFQQklHaXNCQUI1X0EqC2ZpbGVfdmlld2VyMg1zY2xfb2JvZV9maWxl", "ChRoU3JnVkVqczNhbXhMb2xvY1ExOBABGgJ1cw==",  false );
    });
});

{
    "risk_score": 2,
    "reasoning": "The script uses base64 encoded strings which could be seen as mild obfuscation (+1), but appears to be a legitimate module loading system with a registration function. The 'stormcrow' module name and pattern matches common feature flag or A/B testing systems. The encoded data likely contains configuration parameters. No external data transmission or suspicious behaviors detected."
}

window.addRequireLoadCallback(function() {
    window.require(["js/data_modules/stormcrow"], function (module) {
        module.Stormcrow.registerAssignment("ChkKF3ByZXZpZXdzX2FpX3RyYW5zbGF0aW9u", "ChdwcmV2aWV3c19haV90cmFuc2xhdGlvbhIDT0ZGGgAiGggIEhZNaXNzaW5nIHNlbGVjdG9yIHVzZXIuIhoICBIWTWlzc2luZyBzZWxlY3RvciB1c2VyLiIaCAgSFk1pc3Npbmcgc2VsZWN0b3IgdGVhbS4iGggIEhZNaXNzaW5nIHNlbGVjdG9yIHRlYW0uIhoICBIWTWlzc2luZyBzZWxlY3RvciB1c2VyLiIYCAYSFEVtcHR5IHNlbGVjdG9yIHVzZXIuIhgIBhIURW1wdHkgc2VsZWN0b3IgdXNlci4=");
    });
});

{
    "risk_score": 2,
    "reasoning": "The code appears to be a legitimate file prefetching mechanism for Dropbox, using a structured module loading system. While it contains a long encoded URL parameter, this is typical for Dropbox's file sharing links. The code uses proper module loading practices and interacts with a trusted domain (dropbox.com). No high-risk behaviors like eval() or suspicious data transmission are present."
}

window.addRequireLoadCallback(function() {
    window.require(["js/edison/edison"], function (edisonModule) {
        edisonModule.Edison.registerStreamedPrefetch("EpIGChxwaXRob3MuRWRpc29uUHJlZmV0Y2hTZXJ2aWNlEg5QaXRob3NQcmVmZXRjaBrFBRLCBVLeAmh0dHBzOi8vd3d3LmRyb3Bib3guY29tL3NjbC9maS90eGVlOGhrZ20xbjh1dzZyZ3kycDIvUkgtMDItMTItMjAyNC1ET0MtOTQ3MDMtOFJKOTg0MC0zSkJYMDMzOC5wZGY/ZGw9MCZvcmVmPWUmcj1BQ1NLV0ctYy1tSFNMWnRNZEtDb01uckMwNXo1MmNWYmRWX3pxRlZISlJOVFA3VG5yMTZtdklKenU4UVVYSEpxYV9SbGtWNFRSajJsb053cWM0UWNGaUp4cjJUSjZtVkFvZGp0Ui1nOHNxTWVPMFBVVmU5V242RmNLcjRxVG9GRkxWYjN1UFVNN2FGS2xLblVRT1dNa1d5dTd5NE96YVV6aWJCRDRpMmhvZ1p4cGJGbXM2RlBjOTkzZVZrci1wSkx6eGlyOTBldHRzMGU4d0EyVWw2cmh1dWFiOUZmTV82dGVhUEJJR2lzQkFCNV9BWt4CaHR0cHM6Ly93d3cuZHJvcGJveC5jb20vc2NsL2ZpL3R4ZWU4aGtnbTFuOHV3NnJneTJwMi9SSC0wMi0xMi0yMDI0LURPQy05NDcwMy04Uko5ODQwLTNKQlgwMzM4LnBkZj9kbD0wJm9yZWY9ZSZyPUFDU0tXRy1jLW1IU0xadE1kS0NvTW5yQzA1ejUyY1ZiZFZfenFGVkhKUk5UUDdUbnIxNm12SUp6dThRVVhISnFhX1Jsa1Y0VFJqMmxvTndxYzRRY0ZpSnhyMlRKNm1WQW9kanRSLWc4c3FNZU8wUFVWZTlXbjZGY0tyNHFUb0ZGTFZiM3VQVU03YUZLbEtuVVFPV01rV3l1N3k0T3phVXppYkJENGkyaG9nWnhwYkZtczZGUGM5OTNlVmtyLXBKTHp4aXI5MGV0dHMwZTh3QTJVbDZyaHV1YWI5RmZNXzZ0ZWFQQklHaXNCQUI1X0EqC2ZpbGVfdmlld2VyMg1zY2xfb2JvZV9maWxl", "CAE=",  false );
    });
});

{
    "risk_score": 2,
    "reasoning": "The code appears to be a legitimate file viewer integration with Dropbox. While it contains a long encoded URL parameter, it's a standard Dropbox file sharing URL. The code uses proper module loading patterns and registered callbacks. The only minor concern is the encoded parameter string, but this is common for file sharing URLs."
}

window.addRequireLoadCallback(function() {
    window.require(["js/edison/edison"], function (edisonModule) {
        edisonModule.Edison.registerStreamedPrefetch("Ep4GCiN3ZWJfcGxhdGZvcm0uV2ViUGxhdGZvcm1FZGlzb25GZXRjaBITRWRpc29uRGV2VG9vbHNGZXRjaBrFBRLCBVLeAmh0dHBzOi8vd3d3LmRyb3Bib3guY29tL3NjbC9maS90eGVlOGhrZ20xbjh1dzZyZ3kycDIvUkgtMDItMTItMjAyNC1ET0MtOTQ3MDMtOFJKOTg0MC0zSkJYMDMzOC5wZGY/ZGw9MCZvcmVmPWUmcj1BQ1NLV0ctYy1tSFNMWnRNZEtDb01uckMwNXo1MmNWYmRWX3pxRlZISlJOVFA3VG5yMTZtdklKenU4UVVYSEpxYV9SbGtWNFRSajJsb053cWM0UWNGaUp4cjJUSjZtVkFvZGp0Ui1nOHNxTWVPMFBVVmU5V242RmNLcjRxVG9GRkxWYjN1UFVNN2FGS2xLblVRT1dNa1d5dTd5NE96YVV6aWJCRDRpMmhvZ1p4cGJGbXM2RlBjOTkzZVZrci1wSkx6eGlyOTBldHRzMGU4d0EyVWw2cmh1dWFiOUZmTV82dGVhUEJJR2lzQkFCNV9BWt4CaHR0cHM6Ly93d3cuZHJvcGJveC5jb20vc2NsL2ZpL3R4ZWU4aGtnbTFuOHV3NnJneTJwMi9SSC0wMi0xMi0yMDI0LURPQy05NDcwMy04Uko5ODQwLTNKQlgwMzM4LnBkZj9kbD0wJm9yZWY9ZSZyPUFDU0tXRy1jLW1IU0xadE1kS0NvTW5yQzA1ejUyY1ZiZFZfenFGVkhKUk5UUDdUbnIxNm12SUp6dThRVVhISnFhX1Jsa1Y0VFJqMmxvTndxYzRRY0ZpSnhyMlRKNm1WQW9kanRSLWc4c3FNZU8wUFVWZTlXbjZGY0tyNHFUb0ZGTFZiM3VQVU03YUZLbEtuVVFPV01rV3l1N3k0T3phVXppYkJENGkyaG9nWnhwYkZtczZGUGM5OTNlVmtyLXBKTHp4aXI5MGV0dHMwZTh3QTJVbDZyaHV1YWI5RmZNXzZ0ZWFQQklHaXNCQUI1X0EqC2ZpbGVfdmlld2VyMg1zY2xfb2JvZV9maWxl", "IhAxNzMzNzQxMzYxMzA1MTk3",  false );
    });
});