File name:

freekernelpstviewer.exe

Full analysis: https://app.any.run/tasks/ddbb34b1-96c6-41d7-a4ef-ebbe78094750
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: February 05, 2024, 17:27:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
stealer
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

E761750E919F40A6EFDFBD8BB51B9FE5

SHA1:

7FBD636FDF04B0FBA858C70F4704A6EB1A6BE15C

SHA256:

4E2EB12620D5C06822913B82DECC1C44D272082CE75A266E0EC3AB4E38C52AB9

SSDEEP:

98304:sIJrzZB+YQ3WJ9LPnDl0nSpJW44Cybai3smAw98YPHSX/9Sd4S+Hvn3QoP4vdM4C:dlMemNp3S

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • freekernelpstviewer.exe (PID: 1652)
      • freekernelpstviewer.exe (PID: 2868)
      • freekernelpstviewer.tmp (PID: 3332)

    • Registers / Runs the DLL via REGSVR32.EXE

      • freekernelpstviewer.tmp (PID: 3332)

    • Creates a writable file in the system directory

      • freekernelpstviewer.tmp (PID: 3332)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • freekernelpstviewer.exe (PID: 1652)
      • freekernelpstviewer.exe (PID: 2868)
      • freekernelpstviewer.tmp (PID: 3332)

    • Reads the Windows owner or organization settings

      • freekernelpstviewer.tmp (PID: 3332)

    • Process drops legitimate windows executable

      • freekernelpstviewer.tmp (PID: 3332)

    • Reads the Internet Settings

      • freekernelpstviewer.tmp (PID: 3332)
      • Kernel Outlook PST Viewer.exe (PID: 3380)

    • Reads Microsoft Outlook installation path

      • Kernel Outlook PST Viewer.exe (PID: 3380)

    • Reads Internet Explorer settings

      • Kernel Outlook PST Viewer.exe (PID: 3380)

  • INFO

    • Checks supported languages

      • freekernelpstviewer.exe (PID: 1652)
      • freekernelpstviewer.tmp (PID: 1632)
      • freekernelpstviewer.exe (PID: 2868)
      • freekernelpstviewer.tmp (PID: 3332)
      • Kernel Outlook PST Viewer.exe (PID: 3380)

    • Create files in a temporary directory

      • freekernelpstviewer.exe (PID: 1652)
      • freekernelpstviewer.exe (PID: 2868)
      • Kernel Outlook PST Viewer.exe (PID: 3380)

    • Reads the computer name

      • freekernelpstviewer.tmp (PID: 1632)
      • freekernelpstviewer.tmp (PID: 3332)
      • Kernel Outlook PST Viewer.exe (PID: 3380)

    • Creates files in the program directory

      • freekernelpstviewer.tmp (PID: 3332)

    • Creates files or folders in the user directory

      • freekernelpstviewer.tmp (PID: 3332)
      • Kernel Outlook PST Viewer.exe (PID: 3380)

    • Reads the machine GUID from the registry

      • Kernel Outlook PST Viewer.exe (PID: 3380)

    • Application launched itself

      • msedge.exe (PID: 3596)
      • msedge.exe (PID: 2532)

    • Checks proxy server information

      • Kernel Outlook PST Viewer.exe (PID: 3380)

    • Manual execution by a user

      • msedge.exe (PID: 2532)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 2532)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:20 00:22:17+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 41472
InitializedDataSize: 37888
UninitializedDataSize: -
EntryPoint: 0xaa98
OSVersion: 1
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 20.3.0.0
ProductVersionNumber: 20.3.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: KernelApps Pvt.Ltd.
FileDescription: Kernel Outlook PST Viewer Setup
FileVersion: 20.3
LegalCopyright: Copyright © 2020 KernelApps Pvt.Ltd. All rights reserved.
ProductName: Kernel Outlook PST Viewer
ProductVersion: 20.3
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
72
Monitored processes
33
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start freekernelpstviewer.exe freekernelpstviewer.tmp no specs freekernelpstviewer.exe freekernelpstviewer.tmp regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs kernel outlook pst viewer.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
324"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4172 --field-trial-handle=1352,i,1525725144238259144,10162421402178108438,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
848"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=1520 --field-trial-handle=1352,i,1525725144238259144,10162421402178108438,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1432"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1352,i,1525725144238259144,10162421402178108438,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1632"C:\Users\admin\AppData\Local\Temp\is-2P636.tmp\freekernelpstviewer.tmp" /SL5="$F0184,4877973,80384,C:\Users\admin\AppData\Local\Temp\freekernelpstviewer.exe" C:\Users\admin\AppData\Local\Temp\is-2P636.tmp\freekernelpstviewer.tmpfreekernelpstviewer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-2p636.tmp\freekernelpstviewer.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
1652"C:\Users\admin\AppData\Local\Temp\freekernelpstviewer.exe" C:\Users\admin\AppData\Local\Temp\freekernelpstviewer.exe
explorer.exe
User:
admin
Company:
KernelApps Pvt.Ltd.
Integrity Level:
MEDIUM
Description:
Kernel Outlook PST Viewer Setup
Exit code:
0
Version:
20.3
Modules
Images
c:\users\admin\appdata\local\temp\freekernelpstviewer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
2044"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1608 --field-trial-handle=1352,i,1525725144238259144,10162421402178108438,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2160"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1352,i,1525725144238259144,10162421402178108438,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2372"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3340 --field-trial-handle=1352,i,1525725144238259144,10162421402178108438,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2448"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3848 --field-trial-handle=1352,i,1525725144238259144,10162421402178108438,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2508"C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\ProfMan64.dll"C:\Windows\System32\regsvr32.exefreekernelpstviewer.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
7 989
Read events
7 852
Write events
122
Delete events
15

Modification events

(PID) Process:(3052) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}
Operation:delete keyName:(default)
Value:
(PID) Process:(3052) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}
Operation:delete keyName:(default)
Value:
(PID) Process:(3052) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}
Operation:delete keyName:(default)
Value:
(PID) Process:(3052) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib
Operation:writeName:Version
Value:
2.0
(PID) Process:(3052) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib
Operation:writeName:Version
Value:
2.0
(PID) Process:(3052) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}
Operation:delete keyName:(default)
Value:
(PID) Process:(3332) freekernelpstviewer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:RegFilesHash
Value:
CF88A70F5B6193F8DF8C8B7BA12F86E47FF4F4D4237D9EC8E1689EBE7C9398C5
(PID) Process:(3332) freekernelpstviewer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:RegFiles0000
Value:
C:\Program Files\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
(PID) Process:(3332) freekernelpstviewer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Sequence
Value:
1
(PID) Process:(3332) freekernelpstviewer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:SessionHash
Value:
398D7E4E73D4048D591575C241350257E44D2E9FA67595A6EF99C247A46F0625
Executable files
11
Suspicious files
115
Text files
46
Unknown types
0

Dropped files

PID
Process
Filename
Type
3332freekernelpstviewer.tmpC:\Program Files\Kernel Outlook PST Viewer\is-UJ90E.tmp
MD5:
SHA256:
3332freekernelpstviewer.tmpC:\Program Files\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
MD5:
SHA256:
3332freekernelpstviewer.tmpC:\Program Files\Kernel Outlook PST Viewer\is-UGGFJ.tmp
MD5:
SHA256:
3332freekernelpstviewer.tmpC:\Program Files\Kernel Outlook PST Viewer\progress.html
MD5:
SHA256:
1652freekernelpstviewer.exeC:\Users\admin\AppData\Local\Temp\is-2P636.tmp\freekernelpstviewer.tmpexecutable
MD5:94A04BEE414E9B518666B1303AAA6AE2
SHA256:AD46BD7DE5DEC1B864C4BA2FD064A5323BFEDD7C59CDBEC1FA56A8B1757E7CA3
3332freekernelpstviewer.tmpC:\Program Files\Kernel Outlook PST Viewer\is-H5Q5H.tmptext
MD5:38370CD9A614F3683E28F8579F07EFBC
SHA256:EE1D3CD970931C4993D3BED16FBD86325E226CB7F0FB637E13FEC19AEEEA24EB
3332freekernelpstviewer.tmpC:\Windows\system32\is-Q0UML.tmpexecutable
MD5:045A16822822426C305EA7280270A3D6
SHA256:318CC48CBCFABA9592956E4298886823CC5F37626C770D6DADBCD224849680C5
2868freekernelpstviewer.exeC:\Users\admin\AppData\Local\Temp\is-MCB86.tmp\freekernelpstviewer.tmpexecutable
MD5:94A04BEE414E9B518666B1303AAA6AE2
SHA256:AD46BD7DE5DEC1B864C4BA2FD064A5323BFEDD7C59CDBEC1FA56A8B1757E7CA3
3332freekernelpstviewer.tmpC:\Program Files\Kernel Outlook PST Viewer\is-D0R0C.tmpexecutable
MD5:2CA5B3044A7D5FCB3DE1B3AA9B37DCBB
SHA256:39185D5BA2D3D7A272E2AB01DEABB8DCAE06665F613401DFD3B4028D0E8E6E6D
3332freekernelpstviewer.tmpC:\Program Files\Kernel Outlook PST Viewer\is-R23G7.tmpimage
MD5:3D218E7512460BEA998BC70AC2EF6F14
SHA256:2E4DBFA0914074B33EE8859D343857964F7212252E9215F2BF1826DBA8D22D89
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
44
DNS requests
64
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2532
msedge.exe
239.255.255.250:1900
unknown
1432
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1432
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1432
msedge.exe
67.227.166.81:443
www.nucleustechnologies.com
LIQUIDWEB
US
unknown
1432
msedge.exe
142.250.185.110:443
www.google-analytics.com
GOOGLE
US
whitelisted
1432
msedge.exe
52.3.94.236:443
lepide.iljmp.com
AMAZON-AES
US
unknown
1432
msedge.exe
142.250.184.194:443
www.googleadservices.com
GOOGLE
US
unknown

DNS requests

Domain
IP
Reputation
www.nucleustechnologies.com
  • 67.227.166.81
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.google-analytics.com
  • 142.250.185.110
whitelisted
www.googleadservices.com
  • 142.250.184.194
whitelisted
lepide.iljmp.com
  • 52.3.94.236
  • 52.0.212.75
unknown
www.google.com
  • 142.250.185.196
whitelisted
fonts.googleapis.com
  • 142.250.185.74
whitelisted
fonts.gstatic.com
  • 216.58.212.131
whitelisted
www.googletagmanager.com
  • 142.250.186.168
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
freekernelpstviewer.exe