Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Refund_Document_Protected.pdf
|
PDF document, version 1.4, 1 pages
|
initial sample
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6a8941.TMP (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c0668cc5-9778-4cc1-bd3d-07c09685c35d.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f6568e70-f7a7-4df8-9de7-ad6357f7d4e0.tmp
|
JSON data
|
modified
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8,
version-valid-for 2
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6284
|
PostScript document text
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 19
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSI9736c.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-16 20-41-39-285.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\1feee6ec-bb17-4a96-bb80-110a579d9907.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\539b2efc-61a5-4ead-9422-0b4f0ed2e24c.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\a859e6c6-7f02-4edd-a157-a6fee3cdb9c9.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\e7babdc3-765a-4db6-83fd-b30499049ced.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 17:42:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 17:42:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 17:42:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 17:42:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 17:42:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 179
|
ASCII text, with very long lines (769)
|
downloaded
|
||
Chrome Cache Entry: 180
|
ASCII text, with very long lines (3310), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 181
|
ASCII text, with very long lines (17679)
|
downloaded
|
||
Chrome Cache Entry: 182
|
ASCII text, with very long lines (827), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 183
|
HTML document, ASCII text, with very long lines (17208)
|
downloaded
|
||
Chrome Cache Entry: 184
|
ASCII text, with very long lines (2114)
|
downloaded
|
||
Chrome Cache Entry: 185
|
ASCII text
|
dropped
|
||
Chrome Cache Entry: 186
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 187
|
ASCII text, with very long lines (2956)
|
downloaded
|
||
Chrome Cache Entry: 188
|
PNG image data, 272 x 92, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 189
|
ASCII text, with very long lines (1519)
|
downloaded
|
||
Chrome Cache Entry: 190
|
ASCII text, with very long lines (969)
|
downloaded
|
||
Chrome Cache Entry: 191
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
Chrome Cache Entry: 192
|
ASCII text, with very long lines (2124)
|
downloaded
|
||
Chrome Cache Entry: 193
|
ASCII text, with very long lines (827), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 194
|
ASCII text, with very long lines (969)
|
downloaded
|
||
Chrome Cache Entry: 195
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components
3
|
downloaded
|
||
Chrome Cache Entry: 196
|
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 197
|
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 198
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 199
|
HTML document, ASCII text, with very long lines (15841)
|
downloaded
|
||
Chrome Cache Entry: 200
|
ASCII text, with very long lines (969)
|
dropped
|
||
Chrome Cache Entry: 201
|
ASCII text
|
dropped
|
||
Chrome Cache Entry: 202
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
Chrome Cache Entry: 203
|
ASCII text, with very long lines (2114)
|
downloaded
|
||
Chrome Cache Entry: 204
|
ASCII text, with very long lines (593)
|
downloaded
|
||
Chrome Cache Entry: 205
|
ASCII text, with very long lines (1222), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 206
|
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 207
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 208
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 209
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 210
|
ASCII text, with very long lines (2200)
|
downloaded
|
||
Chrome Cache Entry: 211
|
ASCII text, with very long lines (736)
|
downloaded
|
||
Chrome Cache Entry: 212
|
ASCII text, with very long lines (549)
|
downloaded
|
||
Chrome Cache Entry: 213
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 214
|
PNG image data, 272 x 92, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 215
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components
3
|
dropped
|
||
Chrome Cache Entry: 216
|
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 217
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 218
|
ASCII text, with very long lines (519)
|
downloaded
|
||
Chrome Cache Entry: 219
|
ASCII text, with very long lines (12719)
|
downloaded
|
||
Chrome Cache Entry: 220
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 221
|
ASCII text, with very long lines (521)
|
downloaded
|
||
Chrome Cache Entry: 222
|
RIFF (little-endian) data, Web/P image
|
downloaded
|
||
Chrome Cache Entry: 223
|
ASCII text, with very long lines (1684), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 224
|
HTML document, Unicode text, UTF-8 text, with very long lines (1136)
|
dropped
|
||
Chrome Cache Entry: 225
|
HTML document, ASCII text
|
dropped
|
||
Chrome Cache Entry: 226
|
Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 227
|
RIFF (little-endian) data, Web/P image
|
dropped
|
||
Chrome Cache Entry: 228
|
HTML document, Unicode text, UTF-8 text, with very long lines (1136)
|
dropped
|
||
Chrome Cache Entry: 229
|
Web Open Font Format (Version 2), TrueType, length 22308, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 230
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 231
|
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 232
|
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 233
|
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 234
|
HTML document, ASCII text
|
dropped
|
||
Chrome Cache Entry: 235
|
ASCII text, with very long lines (56398), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 236
|
ASCII text, with very long lines (554)
|
downloaded
|
||
Chrome Cache Entry: 237
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 238
|
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 239
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 240
|
ASCII text, with very long lines (969)
|
dropped
|
There are 102 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Refund_Document_Protected.pdf"
|
||
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124
--field-trial-handle=1588,i,1831920794384916685,15405165945631162394,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://funded-service.shantishamdasani.com/?nmOVboGWs
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1940,i,624201934020771725,3838327008599335046,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://funded-service.shantishamdasani.com/?nmOVboGWs
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=2000,i,328581604167305358,816205230176040333,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://www.google.com/sorry/index?continue=https://google.com/&q=EgRRtTk0GKSN-7AGIjAN8wKH2tLR0iCf20s48pf8elJFhPJ6XKQKrKMNrVaxME6IhLq5_5pU_REk0yz-ppwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
|||
https://funded-service.shantishamdasani.com/?nmOVboGWs
|
162.240.173.206
|
||
https://ogs.google.com/
|
unknown
|
||
https://www.google.com/gen_204?atyp=csi&ei=zMYeZoWhOOigkPIPi5WMwAE&s=promo&rt=hpbas.552,hpbarr.575&zx=1713293005099&opi=89978449
|
64.233.185.105
|
||
https://www.google.com/recaptcha/api2/reload?k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
|
64.233.185.105
|
||
https://www.google.com/gen_204?atyp=i&ei=zMYeZoWhOOigkPIPi5WMwAE&dt19=2&zx=1713293004523&opi=89978449
|
64.233.185.105
|
||
http://www.broofa.com
|
unknown
|
||
https://developers.google.com/recaptcha/docs/faq#localhost_support
|
unknown
|
||
https://www.google.com/recaptcha/api2/userverify?k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
|
64.233.185.105
|
||
https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=ucYeZoqbAcTckPIP6uKXyAE&rt=wsrt.2375,cbt.117,hst.117&opi=89978449
|
64.233.185.105
|
||
https://ogs.google.com/widget/app/so?awwd=1
|
unknown
|
||
https://support.google.com/recaptcha#6262736
|
unknown
|
||
https://www.google.com/intl/en/about/products
|
unknown
|
||
https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png
|
64.233.185.105
|
||
https://www.google.com/gen_204?atyp=csi&ei=vMYeZtOCH76tiLMPr5K7sAU&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.18,tjhs.23,jhsl.2173,dm.8&nv=ne.2,feid.94d0a5db-953d-4c12-811b-737d36c73157&hp=&rt=ttfb.680,st.681,bs.27,aaft.685,acrt.685,art.685&zx=1713292987495&opi=89978449
|
64.233.185.105
|
||
https://www.google.com/xjs/_/js/k=xjs.hd.en.DstIhYEqY00.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAkgAIAAAoAACAAAAAAgMAQACAAIACLAEgEBCAIABgAQhCAhzIBgIAJAAAACAAIAQgCAIAAAABAAQAAAAAAAAAAgAECBAAAAAAAAAAAAAA6AQAIAIBggBAAgAAAAADkAQgOwCAFAQAAAAAAAAAAAAACkCCYCxJQEAABAAAAAAAAAAAAAJBKJxbG/d=0/dg=2/br=1/rs=ACT90oEaiyiS4RoDAnQw5r8UJKy_tlb-dg/m=syev,aLUfP?xjs=s3
|
64.233.185.105
|
||
https://www.google.com/log?format=json&hasfast=true
|
unknown
|
||
https://lens.google.com
|
unknown
|
||
https://www.google.com/images/hpp/ic_wahlberg_product_core_48.png8.png
|
64.233.185.105
|
||
https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=ucYeZoqbAcTckPIP6uKXyAE.1713292985568&dpr=1&nolsbt=1
|
64.233.185.105
|
||
https://ogs.google.com/widget/callout
|
unknown
|
||
https://www.google.com/gen_204?atyp=csi&ei=zsYeZoW8BrWv5NoPxv29oAU&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.2173,dm.8&nv=ne.1,feid.9d40df31-bdb6-4fa0-9368-5310aca44467&hp=&rt=ttfb.571,st.572,bs.27,aaft.573,acrt.573,art.574&zx=1713293005098&opi=89978449
|
64.233.185.105
|
||
https://www.google.com/gen_204?atyp=i&ei=ucYeZoqbAcTckPIP6uKXyAE&ct=slh&v=t1&im=M&m=HV&pv=0.9426681267803274&me=1:1713292984852,V,0,0,1280,907:0,B,907:0,N,1,ucYeZoqbAcTckPIP6uKXyAE:0,R,1,1,0,0,1280,907:1961,x:8902,h,1,1,o:855,h,1,1,i:209,h,1,1,o:2731,e,B&zx=1713292999510&opi=89978449
|
64.233.185.105
|
||
about:blank
|
|||
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
|
unknown
|
||
https://www.gstatic.c..?/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__.
|
unknown
|
||
https://support.google.com/recaptcha/?hl=en#6223828
|
unknown
|
||
http://schema.org/WebPage
|
unknown
|
||
https://cloud.google.com/contact
|
unknown
|
||
https://lens.google.com/gen204
|
unknown
|
||
https://support.google.com/
|
unknown
|
||
https://www.google.com
|
unknown
|
||
https://www.google.com/url?q
|
unknown
|
||
https://www.google.com/xjs/_/js/k=xjs.hd.en.DstIhYEqY00.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAkgAIAAAoAACAAAAAAgMAQACAAIACLAEgEBCAIABgAQhCAhzIBgIAJAAAACAAIAQgCAIAAAABAAQAAAAAAAAAAgAECBAAAAAAAAAAAAAA6AQAIAIBggBAAgAAAAADkAQgOwCAFAQAAAAAAAAAAAAACkCCYCxJQEAABAAAAAAAAAAAAAJBKJxbG/d=0/dg=2/br=1/rs=ACT90oEaiyiS4RoDAnQw5r8UJKy_tlb-dg/m=kMFpHd,sy8l,bm51tf?xjs=s3
|
64.233.185.105
|
||
https://www.google.com/gen_204?atyp=csi&ei=zMYeZoWhOOigkPIPi5WMwAE&s=webhp&t=all&wh=907&imn=11&ima=2&imad=0&imac=0&imf=0&aft=1&aftp=-1&adh=&ime=1&imex=1&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.2173,dm.8&nv=ne.1,feid.9d40df31-bdb6-4fa0-9368-5310aca44467&net=dl.8550,ect.4g,rtt.250&hp=&sys=hc.4&p=bs.true&rt=hst.117,aft.413,afti.368,prt.413,aftqf.415,xjses.418,xjsee.450,xjs.450,lcp.370,fcp.357,wsrt.1227,cst.221,dnst.0,rqst.754,rspt.412,sslt.220,rqstt.885,unt.663,cstt.664,dit.1643&zx=1713293004426&opi=89978449
|
64.233.185.105
|
||
https://csp.withgoogle.com/csp/lcreport/
|
unknown
|
||
https://www.google.com/xjs/_/js/k=xjs.hd.en.DstIhYEqY00.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAkgAIAAAoAACAAAAAAgMAQACAAIACLAEgEBCAIABgAQhCAhzIBgIAJAAAACAAIAQgCAIAAAABAAQAAAAAAAAAAgAECBAAAAAAAAAAAAAA6AQAIAIBggBAAgAAAAADkAQgOwCAFAQAAAAAAAAAAAAACkCCYCxJQEAABAAAAAAAAAAAAAJBKJxbG/d=0/dg=2/br=1/rs=ACT90oEaiyiS4RoDAnQw5r8UJKy_tlb-dg/m=sy18y,P10Owf,syo5,sy17k,sy17m,gSZvdb,sytl,sytr,syts,WlNQGd,syo3,syu9,syub,nabPbb,syo4,syo6,syo7,syo8,syoa,DPreE,syk1,sytk,sytm,CnSW2d,kQvlef,syua,fXO0xe?xjs=s3
|
64.233.185.105
|
||
https://www.google.com/gen_204?atyp=csi&ei=ucYeZoqbAcTckPIP6uKXyAE&s=webhp&t=all&wh=907&imn=11&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=-1&adh=&ime=1&imex=1&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.18,tjhs.23,jhsl.2173,dm.8&nv=ne.2,feid.94d0a5db-953d-4c12-811b-737d36c73157&net=dl.10000,ect.4g,rtt.200&hp=&sys=hc.4&p=bs.true&rt=hst.117,cbt.117,aft.792,afti.791,prt.792,aftqf.794,xjses.1447,xjsee.1481,xjs.1481,lcp.800,fcp.797,wsrt.2375,cst.221,dnst.0,rqst.769,rspt.438,sslt.221,rqstt.2044,unt.1821,cstt.1822,dit.3172&zx=1713292985545&opi=89978449
|
64.233.185.105
|
||
https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en
|
|||
https://www.google.com/recaptcha/api.js
|
64.233.185.105
|
||
https://support.google.com/recaptcha/#6175971
|
unknown
|
||
https://www.google.com/async/hpba?vet=10ahUKEwiFt9HnsceFAxVoEEQIHYsKAxgQj-0KCB0..i&ei=zMYeZoWhOOigkPIPi5WMwAE&opi=89978449&yv=3&cs=0&async=isImageHp:false,_ck:xjs.hd.8L4846zfxoM.L.W.O,_k:xjs.hd.en.DstIhYEqY00.O,_am:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAkgAIAAAoAACAAAAAAgMAQACAAIACLAEgEBCAIABgAQhCAhzIBgIAJAAAACAAIAQgCAIAAAABAAQAAAAAAAAAAgAECBAAAAAAAAAAAAAA6AQAIAIBggBAAgAAAAADkAQgOwCAFAQAAAAAAAAAAAAACkCCYCxJQEAABAAAAAAAAAAAAAJBKJxbG,_cssam:cAEAAAAAAMAAAAAAAAAAAAAAAAAAgAAAAgAAAAAgAHzCAQLAhgAAAEAAAIAAACAAAACCAAAAACAIABgAABAAAAAAgRAACIAACSAJQQYCAIhgAgFSAYABAAAAIAEAAAACAhAwAAHAQwQAAAQ6AQEgAABkgBAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAACAAAABQAAAAAAAAAAAAAAAAAAAC,_csss:ACT90oHfcSzw4WMS-4IUcR0A8_PbW5cCEQ,_fmt:prog,_id:a3JU5b
|
64.233.185.105
|
||
https://www.google.com/gen_204?atyp=csi&ei=ucYeZoqbAcTckPIP6uKXyAE&s=promo&rt=hpbas.2749&zx=1713292986809&opi=89978449
|
64.233.185.105
|
||
https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=ucYeZoqbAcTckPIP6uKXyAE&rt=wsrt.2375,aft.792,afti.791,cbt.117,hst.117,prt.792&wh=907&imn=11&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=-1&opi=89978449
|
64.233.185.105
|
||
https://www.google.com/xjs/_/js/md=3/k=xjs.hd.en.DstIhYEqY00.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAkgAIAAAoAACAAAAAAgMAQACAAIACLAEgEBCAIABgAQhCAhzIBgIAJAAAACAAIAQgCAIAAAABAAQAAAAAAAAAAgAECBAAAAAAAAAAAAAA6AQAIAIBggBAAgAAAAADkAQgOwCAFAQAAAAAAAAAAAAACkCCYCxJQEAABAAAAAAAAAAAAAJBKJxbG/rs=ACT90oEaiyiS4RoDAnQw5r8UJKy_tlb-dg
|
64.233.185.105
|
||
https://www.google.com/gen_204?atyp=i&ei=ucYeZoqbAcTckPIP6uKXyAE&dt19=2&zx=1713292986807&opi=89978449
|
64.233.185.105
|
||
https://apis.google.com
|
unknown
|
||
https://www.google.com/recaptcha/api2/
|
unknown
|
||
https://www.google.com/client_204?atyp=i&biw=1280&bih=907&ei=ucYeZoqbAcTckPIP6uKXyAE&opi=89978449
|
64.233.185.105
|
||
https://domains.google.com/suggest/flow
|
unknown
|
||
https://www.google.com/client_204?atyp=i&biw=1280&bih=907&dpr=1&ei=zMYeZoWhOOigkPIPi5WMwAE&opi=89978449
|
64.233.185.105
|
||
https://support.google.com/recaptcha
|
unknown
|
||
https://www.google.com/recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
|
|||
https://jembawuk.bru-ray.com/4pTSD2e?nmOVboGWs
|
162.240.173.206
|
||
https://www.google.com/tools/feedback
|
unknown
|
||
https://chrome.cloudflare-dns.com
|
unknown
|
||
https://support.google.com/websearch/answer/106230
|
unknown
|
||
https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=zMYeZoWhOOigkPIPi5WMwAE&rt=wsrt.1227,aft.413,afti.368,hst.117,prt.413&wh=907&imn=11&ima=2&imad=0&imac=0&imf=0&aft=1&aftp=-1&opi=89978449
|
64.233.185.105
|
||
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.dCBC8e6ENbg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo8oB7UmguRctpg6togRivSNxNKjzQ/cb=gapi.loaded_0
|
142.250.105.113
|
||
https://apis.google.com/js/api.js
|
unknown
|
||
https://cloud.google.com/recaptcha-enterprise/billing-information
|
unknown
|
||
https://recaptcha.net
|
unknown
|
||
https://play.google.com/log?format=json&hasfast=true&authuser=0
|
64.233.177.100
|
||
https://www.google.com/client_204?cs=1&opi=89978449
|
64.233.185.105
|
||
https://www.google.com/favicon.ico
|
64.233.185.105
|
||
https://google.com/
|
172.217.215.113
|
||
https://www.google.com/gen_204?atyp=csi&ei=ucYeZoqbAcTckPIP6uKXyAE&s=promo&rt=hpbas.2749,hpbarr.687&zx=1713292987496&opi=89978449
|
64.233.185.105
|
||
https://plus.google.com
|
unknown
|
||
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
|
unknown
|
||
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
|
unknown
|
||
https://play.google.com/log?format=json&hasfast=true
|
64.233.177.100
|
||
https://www.google.com/js/bg/KTA1qoE7ZDz05UuzGBms7CVmuC34sZ4nnXwNjg065Po.js
|
64.233.185.105
|
||
https://www.google.com/sorry/index
|
64.233.185.105
|
||
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
|
unknown
|
||
https://www.google.com/xjs/_/ss/k=xjs.hd.8L4846zfxoM.L.W.O/am=cAEAAAAAAMAAAAAAAAAAAAAAAAAAgAAAAgAAAAAgAHzCAQLAhgAAAEAAAIAAACAAAACCAAAAACAIABgAABAAAAAAgRAACIAACSAJQQYCAIhgAgFSAYABAAAAIAEAAAACAhAwAAHAQwQAAAQ6AQEgAABkgBAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAACAAAABQAAAAAAAAAAAAAAAAAAAC/d=0/dg=2/br=1/rs=ACT90oHfcSzw4WMS-4IUcR0A8_PbW5cCEQ/m=syk1?xjs=s3
|
64.233.185.105
|
||
https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=zMYeZoWhOOigkPIPi5WMwAE.1713293004461&dpr=1&nolsbt=1
|
64.233.185.105
|
||
https://push.clients6.google.com/upload/
|
unknown
|
||
https://www.google.com"
|
unknown
|
||
https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp
|
64.233.185.105
|
||
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&s=nI1Jr-gaEoIrUiJ__Co_RjbywBTTWFKrGZWDKjV-FagawKBnerz5hSEVW1Q9I8VeS6VPGsFQvGgqOfNfP4XfWjcGkUZbqsCzNsxL3HBhoXv8ZAR-Ix-pOmjKGoyKaWiioq40GnnxiXBW1S0kSX4aW_3a2qwq6B5OjR0jztYOujPxGCtIhOoIRd-1fhmrVYcqcf9gGbgBnKsfEL_1ueuyy7VJAYQxFFnV6VS923ItbDONvjM7rZVIPZmWhIDnfC-pA8IXHajdFQ96qML6RHsPcCAsyjfhcZc&cb=7n0ridkp0lj1
|
|||
https://www.google.com/xjs/_/ss/k=xjs.hd.8L4846zfxoM.L.W.O/am=cAEAAAAAAMAAAAAAAAAAAAAAAAAAgAAAAgAAAAAgAHzCAQLAhgAAAEAAAIAAACAAAACCAAAAACAIABgAABAAAAAAgRAACIAACSAJQQYCAIhgAgFSAYABAAAAIAEAAAACAhAwAAHAQwQAAAQ6AQEgAABkgBAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAACAAAABQAAAAAAAAAAAAAAAAAAAC/d=1/ed=1/br=1/rs=ACT90oHfcSzw4WMS-4IUcR0A8_PbW5cCEQ/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl
|
64.233.185.105
|
||
https://www.google.com/
|
|||
https://www.google.com/async/hpba?vet=10ahUKEwjK25LesceFAxVELkQIHWrxBRkQj-0KCB0..i&ei=ucYeZoqbAcTckPIP6uKXyAE&opi=89978449&yv=3&cs=0&async=isImageHp:false,_ck:xjs.hd.8L4846zfxoM.L.W.O,_k:xjs.hd.en.DstIhYEqY00.O,_am:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAkgAIAAAoAACAAAAAAgMAQACAAIACLAEgEBCAIABgAQhCAhzIBgIAJAAAACAAIAQgCAIAAAABAAQAAAAAAAAAAgAECBAAAAAAAAAAAAAA6AQAIAIBggBAAgAAAAADkAQgOwCAFAQAAAAAAAAAAAAACkCCYCxJQEAABAAAAAAAAAAAAAJBKJxbG,_cssam:cAEAAAAAAMAAAAAAAAAAAAAAAAAAgAAAAgAAAAAgAHzCAQLAhgAAAEAAAIAAACAAAACCAAAAACAIABgAABAAAAAAgRAACIAACSAJQQYCAIhgAgFSAYABAAAAIAEAAAACAhAwAAHAQwQAAAQ6AQEgAABkgBAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAACAAAABQAAAAAAAAAAAAAAAAAAAC,_csss:ACT90oHfcSzw4WMS-4IUcR0A8_PbW5cCEQ,_fmt:prog,_id:a3JU5b
|
64.233.185.105
|
||
https://www.google.com/gen_204?atyp=csi&ei=zMYeZoWhOOigkPIPi5WMwAE&s=promo&rt=hpbas.552&zx=1713293004524&opi=89978449
|
64.233.185.105
|
||
https://www.google.com/gen_204?atyp=i&ei=zMYeZoWhOOigkPIPi5WMwAE&ct=slh&v=t1&m=HV&pv=0.15924134073065854&me=1:1713293004385,V,0,0,1280,907:0,B,907:0,N,1,zMYeZoWhOOigkPIPi5WMwAE:0,R,1,1,0,0,1280,907:142,x:996,e,B&zx=1713293005523&opi=89978449
|
64.233.185.105
|
||
https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=zMYeZoWhOOigkPIPi5WMwAE&zx=1713293005229&opi=89978449
|
64.233.185.105
|
||
https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=ucYeZoqbAcTckPIP6uKXyAE&zx=1713292988590&opi=89978449
|
64.233.185.105
|
||
https://clients6.google.com
|
unknown
|
||
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-
|
64.233.185.105
|
There are 79 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
google.com
|
172.217.215.113
|
||
www3.l.google.com
|
64.233.176.101
|
||
plus.l.google.com
|
142.250.105.113
|
||
play.google.com
|
64.233.177.100
|
||
www.google.com
|
64.233.185.105
|
||
jembawuk.bru-ray.com
|
162.240.173.206
|
||
ogs.google.com
|
unknown
|
||
apis.google.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
74.125.138.102
|
unknown
|
United States
|
||
172.217.215.113
|
google.com
|
United States
|
||
142.250.105.113
|
plus.l.google.com
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
184.31.48.185
|
unknown
|
United States
|
||
162.240.173.206
|
jembawuk.bru-ray.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
64.233.177.100
|
play.google.com
|
United States
|
||
64.233.185.105
|
www.google.com
|
United States
|
||
142.251.15.147
|
unknown
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sAssetId
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uFileSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uPageCount
|
There are 8 hidden registries, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://www.google.com/sorry/index?continue=https://google.com/&q=EgRRtTk0GKSN-7AGIjAN8wKH2tLR0iCf20s48pf8elJFhPJ6XKQKrKMNrVaxME6IhLq5_5pU_REk0yz-ppwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
||
https://www.google.com/sorry/index?continue=https://google.com/&q=EgRRtTk0GKSN-7AGIjAN8wKH2tLR0iCf20s48pf8elJFhPJ6XKQKrKMNrVaxME6IhLq5_5pU_REk0yz-ppwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
||
https://www.google.com/sorry/index?continue=https://google.com/&q=EgRRtTk0GKSN-7AGIjAN8wKH2tLR0iCf20s48pf8elJFhPJ6XKQKrKMNrVaxME6IhLq5_5pU_REk0yz-ppwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
||
about:blank
|
||
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&s=nI1Jr-gaEoIrUiJ__Co_RjbywBTTWFKrGZWDKjV-FagawKBnerz5hSEVW1Q9I8VeS6VPGsFQvGgqOfNfP4XfWjcGkUZbqsCzNsxL3HBhoXv8ZAR-Ix-pOmjKGoyKaWiioq40GnnxiXBW1S0kSX4aW_3a2qwq6B5OjR0jztYOujPxGCtIhOoIRd-1fhmrVYcqcf9gGbgBnKsfEL_1ueuyy7VJAYQxFFnV6VS923ItbDONvjM7rZVIPZmWhIDnfC-pA8IXHajdFQ96qML6RHsPcCAsyjfhcZc&cb=7n0ridkp0lj1
|
||
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&s=nI1Jr-gaEoIrUiJ__Co_RjbywBTTWFKrGZWDKjV-FagawKBnerz5hSEVW1Q9I8VeS6VPGsFQvGgqOfNfP4XfWjcGkUZbqsCzNsxL3HBhoXv8ZAR-Ix-pOmjKGoyKaWiioq40GnnxiXBW1S0kSX4aW_3a2qwq6B5OjR0jztYOujPxGCtIhOoIRd-1fhmrVYcqcf9gGbgBnKsfEL_1ueuyy7VJAYQxFFnV6VS923ItbDONvjM7rZVIPZmWhIDnfC-pA8IXHajdFQ96qML6RHsPcCAsyjfhcZc&cb=7n0ridkp0lj1
|
||
https://www.google.com/recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
|
||
https://www.google.com/recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
|
||
https://www.google.com/recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
|
||
https://www.google.com/
|
||
https://www.google.com/
|
||
https://www.google.com/
|
||
https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en
|
There are 3 hidden doms, click here to show them.