Windows Analysis Report
freekernelpstviewer.exe

Overview

General Information

Sample name: freekernelpstviewer.exe
Analysis ID: 1523496
MD5: e761750e919f40a6efdfbd8bb51b9fe5
SHA1: 7fbd636fdf04b0fba858c70f4704a6eb1a6be15c
SHA256: 4e2eb12620d5c06822913b82decc1c44d272082ce75a266e0ec3ab4e38c52ab9
Infos:

Detection

Score: 7
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: freekernelpstviewer.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: freekernelpstviewer.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.4:54607 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:54608 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:54609 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:54610 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:54649 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:54656 version: TLS 1.2
Source: freekernelpstviewer.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00476120 FindFirstFileA,FindNextFileA,FindClose, 2_2_00476120
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_004531A4 FindFirstFileA,GetLastError, 2_2_004531A4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_004648D0 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 2_2_004648D0
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00464D4C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 2_2_00464D4C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00463344 FindFirstFileA,FindNextFileA,FindClose, 2_2_00463344
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0049998C FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose, 2_2_0049998C
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.4:64132 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.4:54606 -> 162.159.36.2:53
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 150.171.27.10 150.171.27.10
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HDVveBNWknpUTyG&MD=RfXle5gx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HDVveBNWknpUTyG&MD=RfXle5gx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HDVveBNWknpUTyG&MD=RfXle5gx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /thanks-for-installing-kernel-pst-viewer.html HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cssnew/fonts/Montserrat-Regular.woff2 HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.nucleustechnologies.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cssnew/freeware-download.css HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cssnew/menu-update-2023.css HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jsnew/jquery-v3.6.3.js HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/logo.avif HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/cli-1.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/cli-2.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/cli-3.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/cli-1.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/logo.avif HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/cli-4.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/soc001.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/cli-2.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/cli-3.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/soc002.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/soc003.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/cli-4.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/soc004.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/soc001.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/soc005.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/soc002.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/soc003.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew/dmca.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jsnew/bootstrap.bundleV5.2.min.js HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/soc004.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ntjs/cookie.notice.js HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/soc005.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /jsnew/customscript.js HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew/dmca.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ntjs/cookie.notice.js HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jsnew/bootstrap.bundleV5.2.min.js HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/what-makes-effect-bg.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/cssnew/freeware-download.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1
Source: global traffic HTTP traffic detected: GET /jsnew/customscript.js HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/bnr-thanku.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1
Source: global traffic HTTP traffic detected: GET /imagenew20/prod-spr-El.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/cssnew/menu-update-2023.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
Source: global traffic HTTP traffic detected: GET /imagenew20/arw-menu.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/cssnew/menu-update-2023.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
Source: global traffic HTTP traffic detected: GET /imagenew20/what-makes-effect-bg.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
Source: global traffic HTTP traffic detected: GET /imagenew20/bnr-thanku.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
Source: global traffic HTTP traffic detected: GET /imagenew20/prod-spr-El.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
Source: global traffic HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global traffic HTTP traffic detected: GET /improvely.js HTTP/1.1Host: lepide.iljmp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /imagenew20/arw-menu.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
Source: global traffic HTTP traffic detected: GET /improvely.js HTTP/1.1Host: lepide.iljmp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=ZrxawPMx5H/sa4nLsgB/olJy8M171KLkW8yl63McqD8VzfzD/V3HSZ7rOD/+XwPIIGPzAWUC4fy1KURA7aCWPjbf6oEQbZ3e0z4Gb5mkHMmOrl3xQhUmLkjoc9lc
Source: global traffic HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global traffic HTTP traffic detected: GET /p/action/138001625.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global traffic HTTP traffic detected: GET /track/click?product=2&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&screen=1280x1024x24&identity=&rand=796 HTTP/1.1Host: lepide.iljmp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=2hclR1qAG/K/Tv9b4/6RgBjGXvxh2AMY5CSOis41KKtxXChsQOWIiFk/pJpy8LgZ9xmRDMg95wAMwH4JhsQ/pcmhnrujQ+5udajpaS5IJjzelRnh+cMmA+gKh5dW
Source: global traffic HTTP traffic detected: GET /p/action/138001625.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global traffic HTTP traffic detected: GET /action/0?ti=138001625&tm=gtm002&Ver=2&mid=4990f006-1680-41ab-9fed-41cbaccf42df&sid=9bc31e90800911ef948eb5c6372e0fee&vid=9bc36200800911ef8321f7e7a4dacb97&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&p=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&r=&lt=8050&evt=pageLoad&sv=1&cdb=AQAQ&rn=586376 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global traffic HTTP traffic detected: GET /td/rul/1057256791?random=1727796422723&cv=11&fst=1727796422723&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&ct_cookie_present=0 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/viewthroughconversion/1057256791/?random=1405446386&cv=11&fst=1727796422723&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQIiAQFAAUosZXZlbnQtc291cmNlLCB0cmlnZ2VyLCBub3QtbmF2aWdhdGlvbi1zb3VyY2ViBAoCAgM&eitems=ChAI8LvutwYQvYPn-4PFkqUhEh0AOih__PM4biFMzUH6O9d1ZH1mgJU_OXBioJa9Qg&pscrd=CJaUv-e7-fuZwAEiEwiP_Mugv-2IAxXBqoMHHe9PKQMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzICCBUyAggfMgIIEzICCBI6UGh0dHBzOi8vd3d3Lm51Y2xldXN0ZWNobm9sb2dpZXMuY29tL3RoYW5rcy1mb3ItaW5zdGFsbGluZy1rZXJuZWwtcHN0LXZpZXdlci5odG1sQldDaEFJOEx2dXR3WVFqLVhoMHNHTF9JMWZFaTBBcnhOaXJIbzR6eHlhdlF1VlpTUjF5c0V5TDNQam4tWGRtZGphSG5teDFPaGpKSTF5d1dMTEQ3RFN0a1k HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/1p-conversion/1057256791/?random=1405446386&cv=11&fst=1727796422723&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQIiAQFAAUosZXZlbnQtc291cmNlLCB0cmlnZ2VyLCBub3QtbmF2aWdhdGlvbi1zb3VyY2ViBAoCAgM&pscrd=CJaUv-e7-fuZwAEiEwiP_Mugv-2IAxXBqoMHHe9PKQMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzICCBUyAggfMgIIEzICCBI6UGh0dHBzOi8vd3d3Lm51Y2xldXN0ZWNobm9sb2dpZXMuY29tL3RoYW5rcy1mb3ItaW5zdGFsbGluZy1rZXJuZWwtcHN0LXZpZXdlci5odG1sQldDaEFJOEx2dXR3WVFqLVhoMHNHTF9JMWZFaTBBcnhOaXJIbzR6eHlhdlF1VlpTUjF5c0V5TDNQam4tWGRtZGphSG5teDFPaGpKSTF5d1dMTEQ3RFN0a1k&is_vtc=1&cid=CAQSGwDpaXnfV9_JuXh1IjkO3QY5AY7-YlWPalGYKw&eitems=ChAI8LvutwYQvYPn-4PFkqUhEh0AOih__MZHRD6ZuWolVe9kVwB_oqBhNjQsS9Vg8g&random=3693467989 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /track/click?product=2&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&screen=1280x1024x24&identity=&rand=796 HTTP/1.1Host: lepide.iljmp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=2hclR1qAG/K/Tv9b4/6RgBjGXvxh2AMY5CSOis41KKtxXChsQOWIiFk/pJpy8LgZ9xmRDMg95wAMwH4JhsQ/pcmhnrujQ+5udajpaS5IJjzelRnh+cMmA+gKh5dW; AWSALBCORS=Y/IuQg9mwMNB0WnXbO8RhZgww0+9OLRWCrdNpwIh9BRsVnwMoqMRfTsBdorDHAQQds/JFdtuL67Co0BcRH0X630J8wLy/KQD4drcG2JxstMVu0IRa60Ls7ZsJPXY; symfony=mt2md1q4obphaejecink4sfa7c; lepide_2=85af5be9e818ed15846cc4d04f726994
Source: global traffic HTTP traffic detected: GET /pagead/1p-conversion/1057256791/?random=1405446386&cv=11&fst=1727796422723&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQIiAQFAAUosZXZlbnQtc291cmNlLCB0cmlnZ2VyLCBub3QtbmF2aWdhdGlvbi1zb3VyY2ViBAoCAgM&pscrd=CJaUv-e7-fuZwAEiEwiP_Mugv-2IAxXBqoMHHe9PKQMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzICCBUyAggfMgIIEzICCBI6UGh0dHBzOi8vd3d3Lm51Y2xldXN0ZWNobm9sb2dpZXMuY29tL3RoYW5rcy1mb3ItaW5zdGFsbGluZy1rZXJuZWwtcHN0LXZpZXdlci5odG1sQldDaEFJOEx2dXR3WVFqLVhoMHNHTF9JMWZFaTBBcnhOaXJIbzR6eHlhdlF1VlpTUjF5c0V5TDNQam4tWGRtZGphSG5teDFPaGpKSTF5d1dMTEQ3RFN0a1k&is_vtc=1&cid=CAQSGwDpaXnfV9_JuXh1IjkO3QY5AY7-YlWPalGYKw&eitems=ChAI8LvutwYQvYPn-4PFkqUhEh0AOih__MZHRD6ZuWolVe9kVwB_oqBhNjQsS9Vg8g&random=3693467989 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420; lepide_2_init=1727796421787; _ga_Q687VE4VEB=GS1.1.1727796422.1.0.1727796422.0.0.0; _ga=GA1.1.681739815.1727796422; _uetsid=9bc31e90800911ef948eb5c6372e0fee; _uetvid=9bc36200800911ef8321f7e7a4dacb97; lepide_2=85af5be9e818ed15846cc4d04f726994
Source: global traffic HTTP traffic detected: GET /pagead/1p-conversion/1057256791/?random=1405446386&cv=11&fst=1727796422723&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQIiAQFAAUosZXZlbnQtc291cmNlLCB0cmlnZ2VyLCBub3QtbmF2aWdhdGlvbi1zb3VyY2ViBAoCAgM&pscrd=CJaUv-e7-fuZwAEiEwiP_Mugv-2IAxXBqoMHHe9PKQMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzICCBUyAggfMgIIEzICCBI6UGh0dHBzOi8vd3d3Lm51Y2xldXN0ZWNobm9sb2dpZXMuY29tL3RoYW5rcy1mb3ItaW5zdGFsbGluZy1rZXJuZWwtcHN0LXZpZXdlci5odG1sQldDaEFJOEx2dXR3WVFqLVhoMHNHTF9JMWZFaTBBcnhOaXJIbzR6eHlhdlF1VlpTUjF5c0V5TDNQam4tWGRtZGphSG5teDFPaGpKSTF5d1dMTEQ3RFN0a1k&is_vtc=1&cid=CAQSGwDpaXnfV9_JuXh1IjkO3QY5AY7-YlWPalGYKw&eitems=ChAI8LvutwYQvYPn-4PFkqUhEh0AOih__MZHRD6ZuWolVe9kVwB_oqBhNjQsS9Vg8g&random=3693467989 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420; lepide_2_init=1727796421787; _ga_Q687VE4VEB=GS1.1.1727796422.1.0.1727796422.0.0.0; _ga=GA1.1.681739815.1727796422; _uetsid=9bc31e90800911ef948eb5c6372e0fee; _uetvid=9bc36200800911ef8321f7e7a4dacb97; lepide_2=85af5be9e818ed15846cc4d04f726994
Source: chromecache_249.19.dr String found in binary or memory: <li><a href="https://in.linkedin.com/company/kerneldatarecovery" target="_blank" rel="noopener noreferrer"><picture><source type="image/webp" srcset="https://www.nucleustechnologies.com/imagenew20/soc003.webp"><source type="image/png" srcset="https://www.nucleustechnologies.com/imagenew20/soc003.png"><img src="https://www.nucleustechnologies.com/imagenew20/soc003.png" width="32" height="32" loading="lazy" alt="LinkedIn"></picture></a></li> equals www.linkedin.com (Linkedin)
Source: chromecache_249.19.dr String found in binary or memory: <li><a href="https://twitter.com/KernelRecovery/" target="_blank" rel="noopener noreferrer"><picture><source type="image/webp" srcset="https://www.nucleustechnologies.com/imagenew20/soc002.webp"><source type="image/png" srcset="https://www.nucleustechnologies.com/imagenew20/soc002.png"><img src="https://www.nucleustechnologies.com/imagenew20/soc002.png" width="32" height="32" loading="lazy" alt="Twitter"></picture></a></li> equals www.twitter.com (Twitter)
Source: chromecache_249.19.dr String found in binary or memory: <li><a href="https://www.facebook.com/kerneltools/" target="_blank" rel="noopener noreferrer"><picture><source type="image/webp" srcset="https://www.nucleustechnologies.com/imagenew20/soc001.webp"><source type="image/png" srcset="https://www.nucleustechnologies.com/imagenew20/soc001.png"><img src="https://www.nucleustechnologies.com/imagenew20/soc001.png" width="32" height="32" loading="lazy" alt="Facebook"></picture></a></li> equals www.facebook.com (Facebook)
Source: chromecache_249.19.dr String found in binary or memory: <li><a href="https://www.youtube.com/KernelDataRecovery" target="_blank" rel="noopener noreferrer"><picture><source type="image/webp" srcset="https://www.nucleustechnologies.com/imagenew20/soc004.webp"><source type="image/png" srcset="https://www.nucleustechnologies.com/imagenew20/soc004.png"><img src="https://www.nucleustechnologies.com/imagenew20/soc004.png" width="32" height="32" loading="lazy" alt="YouTube"></picture></a></li> equals www.youtube.com (Youtube)
Source: chromecache_191.19.dr, chromecache_217.19.dr String found in binary or memory: Math.round(q);u["gtm.videoElapsedTime"]=Math.round(f);u["gtm.videoPercent"]=r;u["gtm.videoVisible"]=t;return u},dk:function(){e=zb()},od:function(){d()}}};var gc=ja(["data-gtm-yt-inspected-"]),KC=["www.youtube.com","www.youtube-nocookie.com"],LC,MC=!1; equals www.youtube.com (Youtube)
Source: chromecache_208.19.dr, chromecache_191.19.dr, chromecache_217.19.dr, chromecache_253.19.dr String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var k=qA(a,c,e);Q(121);if(k["gtm.elementUrl"]==="https://www.facebook.com/tr/")return Q(122),!0;if(d&&f){for(var m=Kb(b,g.length),n=0;n<g.length;++n)g[n](k,m);return m.done}for(var p=0;p<g.length;++p)g[p](k,function(){});return!0},tA=function(){var a=[],b=function(c){return ob(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_191.19.dr, chromecache_217.19.dr String found in binary or memory: if(!(e||f||g||k.length||m.length))return;var p={ih:e,gh:f,hh:g,Sh:k,Th:m,Ie:n,Bb:b},q=C.YT;if(q)return q.ready&&q.ready(d),b;var r=C.onYouTubeIframeAPIReady;C.onYouTubeIframeAPIReady=function(){r&&r();d()};F(function(){for(var t=E.getElementsByTagName("script"),v=t.length,u=0;u<v;u++){var w=t[u].getAttribute("src");if(VC(w,"iframe_api")||VC(w,"player_api"))return b}for(var x=E.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!MC&&TC(x[A],p.Ie))return wc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_224.19.dr, chromecache_208.19.dr, chromecache_179.19.dr, chromecache_253.19.dr String found in binary or memory: return b}IC.F="internal.enableAutoEventOnTimer";var gc=ja(["data-gtm-yt-inspected-"]),KC=["www.youtube.com","www.youtube-nocookie.com"],LC,MC=!1; equals www.youtube.com (Youtube)
Source: chromecache_208.19.dr, chromecache_191.19.dr, chromecache_217.19.dr, chromecache_253.19.dr String found in binary or memory: var XB=function(a,b,c,d,e){var f=Oz("fsl",c?"nv.mwt":"mwt",0),g;g=c?Oz("fsl","nv.ids",[]):Oz("fsl","ids",[]);if(!g.length)return!0;var k=Tz(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);Q(121);if(m==="https://www.facebook.com/tr/")return Q(122),!0;k["gtm.elementUrl"]=m;k["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(k["gtm.interactedFormName"]=a.getAttribute("name"));e&&(k["gtm.formSubmitElement"]=e,k["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!By(k,Dy(b, equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: global traffic DNS traffic detected: DNS query: www.nucleustechnologies.com
Source: global traffic DNS traffic detected: DNS query: lepide.iljmp.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: cdn.livechatinc.com
Source: global traffic DNS traffic detected: DNS query: api.livechatinc.com
Source: global traffic DNS traffic detected: DNS query: secure.livechatinc.com
Source: global traffic DNS traffic detected: DNS query: accounts.livechatinc.com
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.dr String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.dr String found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.dr String found in binary or memory: http://crl.globalsign.com/root-r3.crl0b
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.dr String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.dr String found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.dr String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.dr String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.dr String found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.dr String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.0000000006087000.00000004.00001000.00020000.00000000.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106424647.0000000002F9F000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.dr String found in binary or memory: http://www.bcgsoft.com
Source: is-TAPQG.tmp.2.dr String found in binary or memory: http://www.chilkatforum.com/questions/11627/sftp-failed-to-get-address-info
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.dr String found in binary or memory: http://www.chilkatsoft.com/p/p_463.asp)
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.dr String found in binary or memory: http://www.cknotes.com/?p=210
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.dr String found in binary or memory: http://www.cknotes.com/?p=210WSAEWOULDBLOCK
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.dr String found in binary or memory: http://www.cknotes.com/?p=217
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.dr String found in binary or memory: http://www.cknotes.com/?p=217WSAECONNRESET
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.dr String found in binary or memory: http://www.cknotes.com/?p=91
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.dr String found in binary or memory: http://www.cknotes.com/?p=91WSAECONNABORTED
Source: freekernelpstviewer.tmp, freekernelpstviewer.tmp, 00000002.00000000.1741148152.0000000000401000.00000020.00000001.01000000.00000004.sdmp, freekernelpstviewer.tmp.1.dr, is-IGNSG.tmp.2.dr String found in binary or memory: http://www.innosetup.com/
Source: freekernelpstviewer.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: freekernelpstviewer.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: freekernelpstviewer.tmp, 00000002.00000003.1745843062.00000000021C8000.00000004.00001000.00020000.00000000.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106424647.0000000002F9F000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.dr String found in binary or memory: http://www.nucleustechnologies.com
Source: freekernelpstviewer.exe, 00000001.00000003.1737345146.0000000002091000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, 00000001.00000002.2999189446.0000000002091000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000002.2999804788.00000000021C8000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000003.1745843062.00000000021C8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.nucleustechnologies.com.
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.dr String found in binary or memory: http://www.nucleustechnologies.com/Microsoft-Outlook-Mail-Recovery.html
Source: freekernelpstviewer.exe, 00000001.00000003.1737247424.0000000002300000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, 00000001.00000003.1737345146.0000000002091000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, 00000001.00000002.2999189446.0000000002091000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000003.1745506949.0000000003100000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000002.2999804788.00000000021C8000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000003.1745843062.00000000021C8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.nucleustechnologies.com/Support.html
Source: freekernelpstviewer.exe, 00000001.00000003.1737345146.0000000002091000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, 00000001.00000002.2999189446.0000000002091000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000002.2999804788.00000000021C8000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000003.1745843062.00000000021C8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.nucleustechnologies.com/Support.html2
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.0000000006087000.00000004.00001000.00020000.00000000.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106424647.0000000002F9F000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.dr String found in binary or memory: http://www.nucleustechnologies.com/downloadgs.htmlPA
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.dr String found in binary or memory: http://www.nucleustechnologies.com/how-pst-viewer-works.htmlHH.EXE-mapid
Source: freekernelpstviewer.exe, 00000001.00000003.1737247424.0000000002300000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000003.1745506949.0000000003100000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.nucleustechnologies.com/http://www.nucleustechnologies.com/Support.html
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.dr String found in binary or memory: http://www.nucleustechnologies.com/pst-viewer.htmlmailto:sales
Source: freekernelpstviewer.exe, 00000001.00000003.1737928534.0000000002300000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, 00000001.00000003.1738291916.0000000002098000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, freekernelpstviewer.tmp, 00000002.00000000.1741148152.0000000000401000.00000020.00000001.01000000.00000004.sdmp, freekernelpstviewer.tmp.1.dr, is-IGNSG.tmp.2.dr String found in binary or memory: http://www.remobjects.com/ps
Source: freekernelpstviewer.exe, 00000001.00000003.1737928534.0000000002300000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, 00000001.00000003.1738291916.0000000002098000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000000.1741148152.0000000000401000.00000020.00000001.01000000.00000004.sdmp, freekernelpstviewer.tmp.1.dr, is-IGNSG.tmp.2.dr String found in binary or memory: http://www.remobjects.com/psU
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3015257701.0000000003100000.00000004.00000020.00020000.00000000.sdmp, is-TEVFK.tmp.2.dr, wbk8331.tmp.16.dr String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: sets.json.17.dr String found in binary or memory: https://07c225f3.online
Source: sets.json.17.dr String found in binary or memory: https://24.hu
Source: sets.json.17.dr String found in binary or memory: https://aajtak.in
Source: chromecache_253.19.dr String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: sets.json.17.dr String found in binary or memory: https://alice.tw
Source: sets.json.17.dr String found in binary or memory: https://ambitionbox.com
Source: chromecache_183.19.dr String found in binary or memory: https://api.livechatinc.com
Source: sets.json.17.dr String found in binary or memory: https://autobild.de
Source: sets.json.17.dr String found in binary or memory: https://bild.de
Source: sets.json.17.dr String found in binary or memory: https://blackrock.com
Source: sets.json.17.dr String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.17.dr String found in binary or memory: https://bluradio.com
Source: sets.json.17.dr String found in binary or memory: https://bolasport.com
Source: sets.json.17.dr String found in binary or memory: https://bonvivir.com
Source: sets.json.17.dr String found in binary or memory: https://bumbox.com
Source: sets.json.17.dr String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.17.dr String found in binary or memory: https://businesstoday.in
Source: sets.json.17.dr String found in binary or memory: https://cachematrix.com
Source: sets.json.17.dr String found in binary or memory: https://cafemedia.com
Source: sets.json.17.dr String found in binary or memory: https://caracoltv.com
Source: sets.json.17.dr String found in binary or memory: https://carcostadvisor.be
Source: sets.json.17.dr String found in binary or memory: https://carcostadvisor.com
Source: sets.json.17.dr String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.17.dr String found in binary or memory: https://cardsayings.net
Source: chromecache_224.19.dr, chromecache_208.19.dr, chromecache_191.19.dr, chromecache_217.19.dr, chromecache_179.19.dr, chromecache_253.19.dr String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_183.19.dr String found in binary or memory: https://cdn.livechatinc.com
Source: chromecache_183.19.dr String found in binary or memory: https://cdn.livechatinc.com/direct-link/livechat-chat-with-us.png
Source: chromecache_183.19.dr String found in binary or memory: https://cdn.livechatinc.com/widget/static/js/livechat.BPz2GY67.js
Source: sets.json.17.dr String found in binary or memory: https://chatbot.com
Source: sets.json.17.dr String found in binary or memory: https://chennien.com
Source: sets.json.17.dr String found in binary or memory: https://citybibleforum.org
Source: sets.json.17.dr String found in binary or memory: https://clarosports.com
Source: sets.json.17.dr String found in binary or memory: https://clmbtech.com
Source: sets.json.17.dr String found in binary or memory: https://closeronline.co.uk
Source: sets.json.17.dr String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.17.dr String found in binary or memory: https://cmxd.com.mx
Source: sets.json.17.dr String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.17.dr String found in binary or memory: https://cognitiveai.ru
Source: sets.json.17.dr String found in binary or memory: https://commentcamarche.com
Source: sets.json.17.dr String found in binary or memory: https://commentcamarche.net
Source: sets.json.17.dr String found in binary or memory: https://computerbild.de
Source: sets.json.17.dr String found in binary or memory: https://content-loader.com
Source: sets.json.17.dr String found in binary or memory: https://cookreactor.com
Source: sets.json.17.dr String found in binary or memory: https://cricbuzz.com
Source: sets.json.17.dr String found in binary or memory: https://css-load.com
Source: sets.json.17.dr String found in binary or memory: https://deccoria.pl
Source: sets.json.17.dr String found in binary or memory: https://deere.com
Source: sets.json.17.dr String found in binary or memory: https://desimartini.com
Source: sets.json.17.dr String found in binary or memory: https://drimer.io
Source: sets.json.17.dr String found in binary or memory: https://drimer.travel
Source: sets.json.17.dr String found in binary or memory: https://economictimes.com
Source: sets.json.17.dr String found in binary or memory: https://efront.com
Source: sets.json.17.dr String found in binary or memory: https://eleconomista.net
Source: sets.json.17.dr String found in binary or memory: https://elfinancierocr.com
Source: sets.json.17.dr String found in binary or memory: https://elgrafico.com
Source: sets.json.17.dr String found in binary or memory: https://ella.sv
Source: sets.json.17.dr String found in binary or memory: https://elpais.com.uy
Source: sets.json.17.dr String found in binary or memory: https://elpais.uy
Source: sets.json.17.dr String found in binary or memory: https://etfacademy.it
Source: sets.json.17.dr String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.17.dr String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.17.dr String found in binary or memory: https://fakt.pl
Source: sets.json.17.dr String found in binary or memory: https://finn.no
Source: sets.json.17.dr String found in binary or memory: https://firstlook.biz
Source: chromecache_272.19.dr String found in binary or memory: https://fonts.googleapis.com/css2?family=Montserrat:wght
Source: chromecache_244.19.dr String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2)
Source: chromecache_244.19.dr String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2)
Source: chromecache_244.19.dr String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2)
Source: chromecache_244.19.dr String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2)
Source: chromecache_244.19.dr String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2)
Source: sets.json.17.dr String found in binary or memory: https://gallito.com.uy
Source: sets.json.17.dr String found in binary or memory: https://geforcenow.com
Source: sets.json.17.dr String found in binary or memory: https://gettalkdesk.com
Source: chromecache_234.19.dr, chromecache_243.19.dr String found in binary or memory: https://github.com/dollarshaveclub/postmate
Source: chromecache_224.19.dr, chromecache_179.19.dr String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: sets.json.17.dr String found in binary or memory: https://gliadomain.com
Source: sets.json.17.dr String found in binary or memory: https://gnttv.com
Source: chromecache_253.19.dr String found in binary or memory: https://google.com
Source: chromecache_253.19.dr String found in binary or memory: https://googleads.g.doubleclick.net
Source: sets.json.17.dr String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.17.dr String found in binary or memory: https://grid.id
Source: sets.json.17.dr String found in binary or memory: https://gridgames.app
Source: sets.json.17.dr String found in binary or memory: https://growthrx.in
Source: sets.json.17.dr String found in binary or memory: https://grupolpg.sv
Source: sets.json.17.dr String found in binary or memory: https://gujaratijagran.com
Source: sets.json.17.dr String found in binary or memory: https://hapara.com
Source: sets.json.17.dr String found in binary or memory: https://hazipatika.com
Source: sets.json.17.dr String found in binary or memory: https://hc1.com
Source: sets.json.17.dr String found in binary or memory: https://hc1.global
Source: sets.json.17.dr String found in binary or memory: https://hc1cas.com
Source: sets.json.17.dr String found in binary or memory: https://hc1cas.global
Source: sets.json.17.dr String found in binary or memory: https://healthshots.com
Source: sets.json.17.dr String found in binary or memory: https://hearty.app
Source: sets.json.17.dr String found in binary or memory: https://hearty.gift
Source: sets.json.17.dr String found in binary or memory: https://hearty.me
Source: sets.json.17.dr String found in binary or memory: https://heartymail.com
Source: sets.json.17.dr String found in binary or memory: https://heatworld.com
Source: sets.json.17.dr String found in binary or memory: https://helpdesk.com
Source: sets.json.17.dr String found in binary or memory: https://hindustantimes.com
Source: sets.json.17.dr String found in binary or memory: https://hj.rs
Source: sets.json.17.dr String found in binary or memory: https://hjck.com
Source: sets.json.17.dr String found in binary or memory: https://html-load.cc
Source: sets.json.17.dr String found in binary or memory: https://html-load.com
Source: sets.json.17.dr String found in binary or memory: https://human-talk.org
Source: sets.json.17.dr String found in binary or memory: https://idbs-cloud.com
Source: sets.json.17.dr String found in binary or memory: https://idbs-dev.com
Source: sets.json.17.dr String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.17.dr String found in binary or memory: https://idbs-staging.com
Source: sets.json.17.dr String found in binary or memory: https://img-load.com
Source: chromecache_249.19.dr String found in binary or memory: https://in.linkedin.com/company/kerneldatarecovery
Source: sets.json.17.dr String found in binary or memory: https://indiatimes.com
Source: sets.json.17.dr String found in binary or memory: https://indiatoday.in
Source: sets.json.17.dr String found in binary or memory: https://indiatodayne.in
Source: sets.json.17.dr String found in binary or memory: https://infoedgeindia.com
Source: sets.json.17.dr String found in binary or memory: https://interia.pl
Source: sets.json.17.dr String found in binary or memory: https://intoday.in
Source: sets.json.17.dr String found in binary or memory: https://iolam.it
Source: sets.json.17.dr String found in binary or memory: https://ishares.com
Source: sets.json.17.dr String found in binary or memory: https://jagran.com
Source: sets.json.17.dr String found in binary or memory: https://johndeere.com
Source: sets.json.17.dr String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.17.dr String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.17.dr String found in binary or memory: https://journaldunet.com
Source: sets.json.17.dr String found in binary or memory: https://journaldunet.fr
Source: sets.json.17.dr String found in binary or memory: https://joyreactor.cc
Source: sets.json.17.dr String found in binary or memory: https://joyreactor.com
Source: sets.json.17.dr String found in binary or memory: https://kaksya.in
Source: sets.json.17.dr String found in binary or memory: https://knowledgebase.com
Source: sets.json.17.dr String found in binary or memory: https://kompas.com
Source: sets.json.17.dr String found in binary or memory: https://kompas.tv
Source: sets.json.17.dr String found in binary or memory: https://kompasiana.com
Source: sets.json.17.dr String found in binary or memory: https://lanacion.com.ar
Source: sets.json.17.dr String found in binary or memory: https://landyrev.com
Source: sets.json.17.dr String found in binary or memory: https://landyrev.ru
Source: sets.json.17.dr String found in binary or memory: https://laprensagrafica.com
Source: sets.json.17.dr String found in binary or memory: https://lateja.cr
Source: chromecache_249.19.dr String found in binary or memory: https://lepide.iljmp.com
Source: sets.json.17.dr String found in binary or memory: https://libero.it
Source: sets.json.17.dr String found in binary or memory: https://linternaute.com
Source: sets.json.17.dr String found in binary or memory: https://linternaute.fr
Source: sets.json.17.dr String found in binary or memory: https://livechat.com
Source: sets.json.17.dr String found in binary or memory: https://livechatinc.com
Source: sets.json.17.dr String found in binary or memory: https://livehindustan.com
Source: sets.json.17.dr String found in binary or memory: https://livemint.com
Source: sets.json.17.dr String found in binary or memory: https://max.auto
Source: sets.json.17.dr String found in binary or memory: https://medonet.pl
Source: sets.json.17.dr String found in binary or memory: https://meo.pt
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.cl
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.17.dr String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.17.dr String found in binary or memory: https://mercadolivre.com
Source: sets.json.17.dr String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.17.dr String found in binary or memory: https://mercadopago.cl
Source: sets.json.17.dr String found in binary or memory: https://mercadopago.com
Source: sets.json.17.dr String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.17.dr String found in binary or memory: https://mercadopago.com.br
Source: sets.json.17.dr String found in binary or memory: https://mercadopago.com.co
Source: sets.json.17.dr String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.17.dr String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.17.dr String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.17.dr String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.17.dr String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.17.dr String found in binary or memory: https://mercadoshops.cl
Source: sets.json.17.dr String found in binary or memory: https://mercadoshops.com
Source: sets.json.17.dr String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.17.dr String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.17.dr String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.17.dr String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.17.dr String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.17.dr String found in binary or memory: https://mightytext.net
Source: sets.json.17.dr String found in binary or memory: https://mittanbud.no
Source: sets.json.17.dr String found in binary or memory: https://motherandbaby.com
Source: sets.json.17.dr String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.17.dr String found in binary or memory: https://nacion.com
Source: sets.json.17.dr String found in binary or memory: https://naukri.com
Source: sets.json.17.dr String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.17.dr String found in binary or memory: https://nien.co
Source: sets.json.17.dr String found in binary or memory: https://nien.com
Source: sets.json.17.dr String found in binary or memory: https://nien.org
Source: sets.json.17.dr String found in binary or memory: https://nlc.hu
Source: sets.json.17.dr String found in binary or memory: https://nosalty.hu
Source: sets.json.17.dr String found in binary or memory: https://noticiascaracol.com
Source: sets.json.17.dr String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.17.dr String found in binary or memory: https://nvidia.com
Source: sets.json.17.dr String found in binary or memory: https://ocdn.eu
Source: sets.json.17.dr String found in binary or memory: https://onet.pl
Source: sets.json.17.dr String found in binary or memory: https://ottplay.com
Source: sets.json.17.dr String found in binary or memory: https://p106.net
Source: sets.json.17.dr String found in binary or memory: https://p24.hu
Source: chromecache_253.19.dr String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_224.19.dr, chromecache_208.19.dr, chromecache_191.19.dr, chromecache_217.19.dr, chromecache_179.19.dr, chromecache_253.19.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: sets.json.17.dr String found in binary or memory: https://paula.com.uy
Source: sets.json.17.dr String found in binary or memory: https://pdmp-apis.no
Source: sets.json.17.dr String found in binary or memory: https://phonandroid.com
Source: sets.json.17.dr String found in binary or memory: https://player.pl
Source: sets.json.17.dr String found in binary or memory: https://plejada.pl
Source: sets.json.17.dr String found in binary or memory: https://poalim.site
Source: sets.json.17.dr String found in binary or memory: https://poalim.xyz
Source: chromecache_249.19.dr String found in binary or memory: https://pocloudeastasia.crm.powerobjects.net/PowerWebForm/PowerWebFormData.aspx?t=aTEw5RAvbUeBXpGiR1
Source: sets.json.17.dr String found in binary or memory: https://pomponik.pl
Source: sets.json.17.dr String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.17.dr String found in binary or memory: https://prisjakt.no
Source: sets.json.17.dr String found in binary or memory: https://punjabijagran.com
Source: chromecache_230.19.dr, chromecache_250.19.dr String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: sets.json.17.dr String found in binary or memory: https://reactor.cc
Source: sets.json.17.dr String found in binary or memory: https://repid.org
Source: sets.json.17.dr String found in binary or memory: https://reshim.org
Source: sets.json.17.dr String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.17.dr String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.17.dr String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.17.dr String found in binary or memory: https://sackrace.ai
Source: sets.json.17.dr String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.17.dr String found in binary or memory: https://salemovefinancial.com
Source: sets.json.17.dr String found in binary or memory: https://salemovetravel.com
Source: sets.json.17.dr String found in binary or memory: https://samayam.com
Source: sets.json.17.dr String found in binary or memory: https://sapo.io
Source: sets.json.17.dr String found in binary or memory: https://sapo.pt
Source: chromecache_249.19.dr String found in binary or memory: https://schema.org/
Source: chromecache_183.19.dr String found in binary or memory: https://secure.livechatinc.com/
Source: sets.json.17.dr String found in binary or memory: https://shock.co
Source: sets.json.17.dr String found in binary or memory: https://smaker.pl
Source: sets.json.17.dr String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.17.dr String found in binary or memory: https://socket-to-me.vip
Source: sets.json.17.dr String found in binary or memory: https://songshare.com
Source: sets.json.17.dr String found in binary or memory: https://songstats.com
Source: sets.json.17.dr String found in binary or memory: https://startlap.hu
Source: sets.json.17.dr String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.17.dr String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.17.dr String found in binary or memory: https://startupislandtaiwan.org
Source: chromecache_191.19.dr, chromecache_217.19.dr String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: sets.json.17.dr String found in binary or memory: https://stripe.com
Source: sets.json.17.dr String found in binary or memory: https://stripe.network
Source: sets.json.17.dr String found in binary or memory: https://stripecdn.com
Source: sets.json.17.dr String found in binary or memory: https://supereva.it
Source: sets.json.17.dr String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.17.dr String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.17.dr String found in binary or memory: https://talkdeskstgid.com
Source: chromecache_224.19.dr, chromecache_208.19.dr, chromecache_191.19.dr, chromecache_217.19.dr, chromecache_179.19.dr, chromecache_253.19.dr String found in binary or memory: https://td.doubleclick.net
Source: sets.json.17.dr String found in binary or memory: https://teacherdashboard.com
Source: sets.json.17.dr String found in binary or memory: https://terazgotuje.pl
Source: sets.json.17.dr String found in binary or memory: https://text.com
Source: sets.json.17.dr String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.17.dr String found in binary or memory: https://the42.ie
Source: sets.json.17.dr String found in binary or memory: https://thejournal.ie
Source: sets.json.17.dr String found in binary or memory: https://thirdspace.org.au
Source: sets.json.17.dr String found in binary or memory: https://timesinternet.in
Source: sets.json.17.dr String found in binary or memory: https://timesofindia.com
Source: sets.json.17.dr String found in binary or memory: https://tolteck.app
Source: sets.json.17.dr String found in binary or memory: https://tolteck.com
Source: sets.json.17.dr String found in binary or memory: https://top.pl
Source: sets.json.17.dr String found in binary or memory: https://tribunnews.com
Source: sets.json.17.dr String found in binary or memory: https://trytalkdesk.com
Source: sets.json.17.dr String found in binary or memory: https://tucarro.com
Source: sets.json.17.dr String found in binary or memory: https://tucarro.com.co
Source: sets.json.17.dr String found in binary or memory: https://tucarro.com.ve
Source: sets.json.17.dr String found in binary or memory: https://tvid.in
Source: sets.json.17.dr String found in binary or memory: https://tvn.pl
Source: sets.json.17.dr String found in binary or memory: https://tvn24.pl
Source: chromecache_249.19.dr String found in binary or memory: https://twitter.com/KernelRecovery/
Source: sets.json.17.dr String found in binary or memory: https://unotv.com
Source: sets.json.17.dr String found in binary or memory: https://victorymedium.com
Source: sets.json.17.dr String found in binary or memory: https://welt.de
Source: sets.json.17.dr String found in binary or memory: https://wieistmeineip.de
Source: sets.json.17.dr String found in binary or memory: https://wordle.at
Source: sets.json.17.dr String found in binary or memory: https://www.asadcdn.com
Source: chromecache_249.19.dr String found in binary or memory: https://www.dmca.com/Protection/Status.aspx?ID=ca3ccfe6-3d1a-4c62-aacd-e28198ab9e61&amp;refurl=https
Source: is-TAPQG.tmp.2.dr String found in binary or memory: https://www.globalsign.com/repository/0
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.dr String found in binary or memory: https://www.globalsign.com/repository/06
Source: chromecache_249.19.dr String found in binary or memory: https://www.google-analytics.com/
Source: chromecache_249.19.dr String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_253.19.dr String found in binary or memory: https://www.google.com
Source: chromecache_253.19.dr String found in binary or memory: https://www.googleadservices.com
Source: chromecache_249.19.dr String found in binary or memory: https://www.googleadservices.com/pagead/conversion.js
Source: chromecache_253.19.dr String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_224.19.dr, chromecache_208.19.dr, chromecache_179.19.dr, chromecache_253.19.dr String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_249.19.dr String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_249.19.dr String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-M4JS6TD
Source: chromecache_224.19.dr, chromecache_208.19.dr, chromecache_179.19.dr, chromecache_253.19.dr String found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: chromecache_249.19.dr String found in binary or memory: https://www.instagram.com/kerneldatarecovery/
Source: chromecache_191.19.dr, chromecache_217.19.dr String found in binary or memory: https://www.merchant-center-analytics.goog
Source: freekernelpstviewer.tmp, 00000002.00000002.2999827187.00000000021E1000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.nucleustechnologies.com
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/AboutUs.html
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.dr String found in binary or memory: https://www.nucleustechnologies.com/Buy-Microsoft-Outlook-Mails-Recovery-Software.php?utm_source=Mic
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/Careers.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/Contact.html
Source: is-TAPQG.tmp.2.dr String found in binary or memory: https://www.nucleustechnologies.com/Data-Recovery-Software.html
Source: chromecache_249.19.dr, chromecache_232.19.dr, chromecache_240.19.dr String found in binary or memory: https://www.nucleustechnologies.com/Disclaimer.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/News.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/Refund-Guaranteed.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/affiliate-programme.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/awards-and-reviews.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/backup-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/backup-suite/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/bkf-repair.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/blog/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/casestudy/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/cloud-migration.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/cloud-tools.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/compress-pst.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/cssnew/fonts/Montserrat-Regular.woff2
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/cssnew/freeware-download.css
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/cssnew/menu-update-2023.css
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/data-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/database-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/dbf-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/de/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/edb-to-pst.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/email-migration.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/email-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/email-to-pdf-converter/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/eml-to-pst.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/employee-monitoring/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/es/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/eula.pdf
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/exchange-migration/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/exchange-server-backup/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/exchange-server-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/exchange-suite.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/export-office-365-to-pst/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/find-partners.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/fr/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/g-suite-backup/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/g-suite-to-office-365/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/gmail-backup/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/google-drive-migration/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/how-pst-viewer-works.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/how-to/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/image-to-pdf.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew/dmca.png
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew/dmca.png?ID=ca3ccfe6-3d1a-4c62-aacd-e28198ab9e61
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew/dmca.webp
Source: chromecache_272.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/add-to-cart-min.png)
Source: chromecache_242.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/arw-menu-up.png)
Source: chromecache_242.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/arw-menu.png)
Source: chromecache_272.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/bllt-tick.png)
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/cli-1.png
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/cli-2.png
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/cli-3.png
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/cli-4.png
Source: chromecache_272.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/clients-spr2.png)
Source: chromecache_242.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/cloud-serv-bg.png)
Source: chromecache_272.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/down-load-D.png);position:
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/logo.avif
Source: chromecache_242.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/prod-spr-El.png)
Source: chromecache_272.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/shape-buy-del.png)
Source: chromecache_272.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/shp-demo.png)
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc002.png
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc002.webp
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc003.png
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc003.webp
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc004.png
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc004.webp
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc005.png
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc005.webp
Source: chromecache_272.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/sprite-icn.png)
Source: chromecache_272.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/tick-book-black.png)
Source: chromecache_272.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imagenew20/what-makes-effect-bg.png)
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imap-backup/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/imap-migration/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/import-pst-to-office-365/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/installation/outlook-pst-viewer.pdf
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/it/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/jsnew/bootstrap.bundleV5.2.min.js
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/jsnew/customscript.js
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/jsnew/jquery-v3.6.3.js
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/kernel-store/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/kernel-suites.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/linux-data-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/lotus-notes-local-security-removal.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/lotus-notes-to-office365.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/lotus-notes-to-outlook.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/mbox-to-pst.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/merge-pst/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/microsoft-teams-backup/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/microsoft-teams-migration/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/ms-office-file-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/mysql-repair.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/nfr-license.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/nl/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/notes-conversion-suite.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/ntjs/cookie.notice.js
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/ntsearch/results.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/offers/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/office-365-backup/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/office-365-migration/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/olm-to-pst.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/oracle-database-recovery/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/ost-to-pst-converter.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/outlook-duplicates-remover.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/outlook-errors/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/outlook-express-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/outlook-password-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/outlook-pst-repair.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/outlook-suite.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/outlook-tools.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/partner-resources.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/partners-programme.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/pdf-converter/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/pdf-extractor/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/pdf-repair.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/pdf-restriction-remover.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/pdf-to-word.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/pdf-tools.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/photo-recovery/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/photo-repair/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/products.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/pst-converter/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/pst-split.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/pst-viewer.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/publisher-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/repair-access-database.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/repair-excel-file.php
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/repair-powerpoint-file.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/repair-word-file.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/resellers-programme.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/services/cloud-migration/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/sharepoint-document-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/sharepoint-migration/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/sitemap.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/sitemap.xml
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/split-pdf.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/sql-backup-recovery/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/sql-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/sqlite-database-recovery/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/supportcenter/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/supportcenter/knowledgebase
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/tape-data-recovery.html
Source: unins000.dat.2.dr String found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html2
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html8
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html?msg=Thanks
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlK
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlZ
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlbu
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmle
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlf
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlhttps://www.nucleust
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmli
Source: freekernelpstviewer.tmp, 00000002.00000002.2999066618.0000000000540000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmllC:
Source: freekernelpstviewer.tmp, 00000002.00000002.2999827187.00000000021E1000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlnel
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/vhd-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/video-repair/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/vmdk-recovery/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/windows-data-recovery.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/word-to-pdf.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/zimbra-mailbox-backup/
Source: chromecache_249.19.dr String found in binary or memory: https://www.nucleustechnologies.com/zip-repair.html
Source: chromecache_249.19.dr String found in binary or memory: https://www.youtube.com/KernelDataRecovery
Source: chromecache_191.19.dr, chromecache_217.19.dr String found in binary or memory: https://www.youtube.com/iframe_api
Source: sets.json.17.dr String found in binary or memory: https://yours.co.uk
Source: sets.json.17.dr String found in binary or memory: https://zdrowietvn.pl
Source: unknown Network traffic detected: HTTP traffic on port 54668 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54659
Source: unknown Network traffic detected: HTTP traffic on port 54616 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54645 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54639 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54654
Source: unknown Network traffic detected: HTTP traffic on port 54651 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54653
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54652
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54651
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54658
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54657
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54656
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54655
Source: unknown Network traffic detected: HTTP traffic on port 54631 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54661
Source: unknown Network traffic detected: HTTP traffic on port 54677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54654 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54625 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 54619 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54663 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54664
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54663
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54662
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54669
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54668
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54667
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54672
Source: unknown Network traffic detected: HTTP traffic on port 54657 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54670
Source: unknown Network traffic detected: HTTP traffic on port 54622 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54618 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54691 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54647 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54676
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54675
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54673
Source: unknown Network traffic detected: HTTP traffic on port 54610 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54689 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54678
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54677
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54683
Source: unknown Network traffic detected: HTTP traffic on port 54652 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54682
Source: unknown Network traffic detected: HTTP traffic on port 54675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54607
Source: unknown Network traffic detected: HTTP traffic on port 54644 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54669 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54609
Source: unknown Network traffic detected: HTTP traffic on port 54638 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54608
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54687
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54685
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54684
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54689
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54690
Source: unknown Network traffic detected: HTTP traffic on port 54630 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54607 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54683 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54693
Source: unknown Network traffic detected: HTTP traffic on port 54655 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54691
Source: unknown Network traffic detected: HTTP traffic on port 54624 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54618
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54617
Source: unknown Network traffic detected: HTTP traffic on port 54693 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54616
Source: unknown Network traffic detected: HTTP traffic on port 54670 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54619
Source: unknown Network traffic detected: HTTP traffic on port 54664 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54649 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54610
Source: unknown Network traffic detected: HTTP traffic on port 54687 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54695
Source: unknown Network traffic detected: HTTP traffic on port 54658 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54635 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54684 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54629 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54661 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54629
Source: unknown Network traffic detected: HTTP traffic on port 54667 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54626
Source: unknown Network traffic detected: HTTP traffic on port 54646 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54650 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54625
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54624
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54623
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54622
Source: unknown Network traffic detected: HTTP traffic on port 54678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54632 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54609 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54653 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54626 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54639
Source: unknown Network traffic detected: HTTP traffic on port 54643 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54638
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54637
Source: unknown Network traffic detected: HTTP traffic on port 54695 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54632
Source: unknown Network traffic detected: HTTP traffic on port 54637 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54631
Source: unknown Network traffic detected: HTTP traffic on port 54685 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54630
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54635
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54634
Source: unknown Network traffic detected: HTTP traffic on port 54608 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54682 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54656 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54623 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54649
Source: unknown Network traffic detected: HTTP traffic on port 54617 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54648
Source: unknown Network traffic detected: HTTP traffic on port 54690 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54648 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54643
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54647
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54646
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54645
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54644
Source: unknown Network traffic detected: HTTP traffic on port 54634 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54650
Source: unknown Network traffic detected: HTTP traffic on port 54659 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54662 -> 443
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.4:54607 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:54608 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:54609 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:54610 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:54649 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:54656 version: TLS 1.2
Potential key logger detected (key state polling based)
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Code function: 16_2_2000686B GetKeyState,GetKeyState,GetKeyState,GetKeyState, 16_2_2000686B
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Code function: 16_2_20010CC7 GetKeyState,GetKeyState,GetKeyState, 16_2_20010CC7
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Code function: 16_2_20006D21 GetKeyState,GetKeyState,GetKeyState,GetKeyState, 16_2_20006D21
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Code function: 16_2_20017FD3 GetKeyState,GetKeyState,GetKeyState,ReleaseCapture,DoDragDrop, 16_2_20017FD3
Contains functionality to call native functions
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0042F9C0 NtdllDefWindowProc_A, 2_2_0042F9C0
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00423FD4 NtdllDefWindowProc_A, 2_2_00423FD4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00412A28 NtdllDefWindowProc_A, 2_2_00412A28
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00479D08 NtdllDefWindowProc_A, 2_2_00479D08
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00457D90 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A, 2_2_00457D90
Contains functionality to communicate with device drivers
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0042ED84: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError, 2_2_0042ED84
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_004098E8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 1_2_004098E8
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00455D80 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 2_2_00455D80
Creates files inside the system directory
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\Windows\SysWOW64\is-1E6U8.tmp Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\sets.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\manifest.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\LICENSE Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\_metadata\ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\_metadata\verified_contents.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\manifest.fingerprint Jump to behavior
Deletes files inside the Windows folder
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File deleted: C:\Windows\SystemTemp\chrome_BITS_3300_1054330487 Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_00408888 1_2_00408888
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00468034 2_2_00468034
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00471688 2_2_00471688
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00488030 2_2_00488030
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0046A088 2_2_0046A088
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00452100 2_2_00452100
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0043E1F0 2_2_0043E1F0
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_004307FC 2_2_004307FC
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00444968 2_2_00444968
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00434A64 2_2_00434A64
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00444F10 2_2_00444F10
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00488F90 2_2_00488F90
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00431388 2_2_00431388
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00445608 2_2_00445608
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0048F6BC 2_2_0048F6BC
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00435768 2_2_00435768
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0045F8C0 2_2_0045F8C0
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0045B970 2_2_0045B970
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00445A14 2_2_00445A14
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Code function: 16_2_10006120 16_2_10006120
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Code function: 16_2_10001230 16_2_10001230
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Code function: 16_2_10005950 16_2_10005950
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Code function: 16_2_10005280 16_2_10005280
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Code function: 16_2_20002448 16_2_20002448
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: String function: 00446274 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: String function: 0040596C appears 114 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: String function: 00453AAC appears 97 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: String function: 0043497C appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: String function: 00458718 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: String function: 00403400 appears 62 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: String function: 0040905C appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: String function: 00407D44 appears 43 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: String function: 00446544 appears 58 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: String function: 0045850C appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: String function: 00403494 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: String function: 0040357C appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: String function: 00406F14 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: String function: 00403684 appears 229 times
PE file contains executable resources (Code or Archives)
Source: freekernelpstviewer.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: freekernelpstviewer.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: freekernelpstviewer.tmp.1.dr Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-IGNSG.tmp.2.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-IGNSG.tmp.2.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-IGNSG.tmp.2.dr Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Sample file is different than original file name gathered from version info
Source: freekernelpstviewer.exe, 00000001.00000003.1737928534.0000000002300000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs freekernelpstviewer.exe
Source: freekernelpstviewer.exe, 00000001.00000003.1738291916.0000000002098000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs freekernelpstviewer.exe
Uses 32bit PE files
Source: freekernelpstviewer.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engine Classification label: clean7.winEXE@45/199@11/9
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_004098E8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 1_2_004098E8
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00455D80 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 2_2_00455D80
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_004565A8 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceExA,GetDiskFreeSpaceA, 2_2_004565A8
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00456DD4 CoCreateInstance,CoCreateInstance,SysFreeString,SysFreeString, 2_2_00456DD4
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_0040A0D4 FindResourceA,SizeofResource,LoadResource,LockResource, 1_2_0040A0D4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\Program Files (x86)\Kernel Outlook PST Viewer Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\{71993500-DCC6-49b5-9C61-DE9117608DSA}
Source: C:\Users\user\Desktop\freekernelpstviewer.exe File created: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File read: C:\Windows\win.ini Jump to behavior
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: freekernelpstviewer.exe String found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t
Source: freekernelpstviewer.exe String found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\freekernelpstviewer.exe File read: C:\Users\user\Desktop\freekernelpstviewer.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\freekernelpstviewer.exe "C:\Users\user\Desktop\freekernelpstviewer.exe"
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Process created: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp "C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp" /SL5="$10432,4877973,80384,C:\Users\user\Desktop\freekernelpstviewer.exe"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\Redemption.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\ProfMan.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\Redemption.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\ProfMan.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\Redemption64.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\ProfMan64.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\Redemption64.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\ProfMan64.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\RICHTX32.OCX"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe "C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1856,i,4981765526884018428,11496894683768264734,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Process created: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp "C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp" /SL5="$10432,4877973,80384,C:\Users\user\Desktop\freekernelpstviewer.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\Redemption.dll" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\ProfMan.dll" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\Redemption.dll" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\ProfMan.dll" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\Redemption64.dll" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\ProfMan64.dll" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\Redemption64.dll" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\ProfMan64.dll" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\RICHTX32.OCX" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe "C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1856,i,4981765526884018428,11496894683768264734,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: redemption.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: profman.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: redemption.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: profman.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: redemption64.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: profman64.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: oledlg.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: zlib1.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: oledlg.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: riched32.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: msiso.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: mshtml.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: inetcomm.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: msoert2.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: inetres.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: msimtf.dll Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: Kernel Outlook PST Viewer.lnk.2.dr LNK file: ..\..\..\..\..\..\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
Source: Uninstall Kernel Outlook PST Viewer .lnk.2.dr LNK file: ..\..\..\..\..\..\Program Files (x86)\Kernel Outlook PST Viewer\unins000.exe
Source: Kernel Outlook PST Viewer .lnk.2.dr LNK file: ..\..\..\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
Source: Kernel Outlook PST Viewer.lnk0.2.dr LNK file: ..\..\..\..\..\..\..\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Window found: window name: TMainForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Automated click: I accept the agreement
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: Next >
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: Next >
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: Next >
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: Next >
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: Next >
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: Next >
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Automated click: Next >
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe File opened: C:\Windows\SysWOW64\RICHED32.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Window detected: Number of UI elements: 44
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Window detected: Number of UI elements: 40
Source: freekernelpstviewer.exe Static PE information: certificate valid
Source: freekernelpstviewer.exe Static file information: File size 5169960 > 1048576
Source: freekernelpstviewer.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00450994 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 2_2_00450994
Registers a DLL
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\Redemption.dll"
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_00406A18 push 00406A55h; ret 1_2_00406A4D
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_004040B5 push eax; ret 1_2_004040F1
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_00404185 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_00404206 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_004042E8 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_00404283 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_004093B4 push 004093E7h; ret 1_2_004093DF
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_00408580 push ecx; mov dword ptr [esp], eax 1_2_00408585
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00409D9C push 00409DD9h; ret 2_2_00409DD1
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0041A078 push ecx; mov dword ptr [esp], ecx 2_2_0041A07D
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00452100 push ecx; mov dword ptr [esp], eax 2_2_00452105
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0040A273 push ds; ret 2_2_0040A29D
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_004062C4 push ecx; mov dword ptr [esp], eax 2_2_004062C5
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0040A29F push ds; ret 2_2_0040A2A0
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00460518 push ecx; mov dword ptr [esp], ecx 2_2_0046051C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00496594 push ecx; mov dword ptr [esp], ecx 2_2_00496599
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_004587B4 push 004587ECh; ret 2_2_004587E4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00410930 push ecx; mov dword ptr [esp], edx 2_2_00410935
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00486A94 push ecx; mov dword ptr [esp], ecx 2_2_00486A99
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00478D50 push ecx; mov dword ptr [esp], edx 2_2_00478D51
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00412D78 push 00412DDBh; ret 2_2_00412DD3
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0040D288 push ecx; mov dword ptr [esp], edx 2_2_0040D28A
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0040546D push eax; ret 2_2_004054A9
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0040553D push 00405749h; ret 2_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_004055BE push 00405749h; ret 2_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0040563B push 00405749h; ret 2_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_004056A0 push 00405749h; ret 2_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0040F7E8 push ecx; mov dword ptr [esp], edx 2_2_0040F7EA
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_004438E0 push ecx; mov dword ptr [esp], ecx 2_2_004438E4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00459ACC push 00459B10h; ret 2_2_00459B08
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0049BD44 pushad ; retf 2_2_0049BD53
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\Windows\SysWOW64\is-1E6U8.tmp Jump to dropped file
Source: C:\Users\user\Desktop\freekernelpstviewer.exe File created: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\Program Files (x86)\Kernel Outlook PST Viewer\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\Program Files (x86)\Kernel Outlook PST Viewer\is-IGNSG.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\Program Files (x86)\Kernel Outlook PST Viewer\is-TAPQG.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\Users\user\AppData\Local\Temp\is-1BHTD.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\Windows\SysWOW64\RICHTX32.OCX (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\Program Files (x86)\Kernel Outlook PST Viewer\is-I80GQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\Program Files (x86)\Kernel Outlook PST Viewer\zlib1.dll (copy) Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\Windows\SysWOW64\is-1E6U8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\Windows\SysWOW64\RICHTX32.OCX (copy) Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kernel Outlook PST Viewer Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kernel Outlook PST Viewer\Uninstall Kernel Outlook PST Viewer .lnk Jump to behavior
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0042405C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, 2_2_0042405C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0042405C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, 2_2_0042405C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00422CAC SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow, 2_2_00422CAC
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0041811E IsIconic,SetWindowPos, 2_2_0041811E
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00418120 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement, 2_2_00418120
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_004245E4 IsIconic,SetActiveWindow, 2_2_004245E4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0042462C IsIconic,SetActiveWindow,SetFocus, 2_2_0042462C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_004187D4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient, 2_2_004187D4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00484D28 IsIconic,GetWindowLongA,ShowWindow,ShowWindow, 2_2_00484D28
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0042F71C IsIconic,GetWindowLongA,GetWindowLongA,GetActiveWindow,MessageBoxA,SetActiveWindow,GetActiveWindow,MessageBoxA,SetActiveWindow, 2_2_0042F71C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_004179E8 IsIconic,GetCapture, 2_2_004179E8
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0041F568 GetVersion,SetErrorMode,LoadLibraryA,SetErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary, 2_2_0041F568
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Memory allocated: 5DA0000 memory reserve | memory write watch Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Dropped PE file which has not been started: C:\Windows\SysWOW64\is-1E6U8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Kernel Outlook PST Viewer\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Kernel Outlook PST Viewer\is-IGNSG.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-1BHTD.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Kernel Outlook PST Viewer\is-I80GQ.tmp Jump to dropped file
Found evasive API chain (date check)
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Evasive API call chain: GetSystemTime,DecisionNodes
Found large amount of non-executed APIs
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe API coverage: 0.6 %
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00476120 FindFirstFileA,FindNextFileA,FindClose, 2_2_00476120
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_004531A4 FindFirstFileA,GetLastError, 2_2_004531A4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_004648D0 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 2_2_004648D0
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00464D4C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 2_2_00464D4C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00463344 FindFirstFileA,FindNextFileA,FindClose, 2_2_00463344
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0049998C FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose, 2_2_0049998C
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_0040A018 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery, 1_2_0040A018
Source: C:\Users\user\Desktop\freekernelpstviewer.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process information queried: ProcessInformation Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00450994 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 2_2_00450994
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Code function: 16_2_20001821 HeapAlloc,GetProcessHeap, 16_2_20001821
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0047974C ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle, 2_2_0047974C
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0042F254 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateMutexA, 2_2_0042F254
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_0042E4EC AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid, 2_2_0042E4EC
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: GetLocaleInfoA, 1_2_0040565C
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: GetLocaleInfoA, 1_2_004056A8
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: GetLocaleInfoA, 2_2_004089B8
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: GetLocaleInfoA, 2_2_00408A04
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Code function: EnterCriticalSection,GetLocaleInfoA,GetLocaleInfoA,LoadStringA,wsprintfA,GetModuleFileNameA,LoadLibraryA,LoadLibraryA,lstrlenA,wsprintfA,LoadLibraryA,GetLocaleInfoA,lstrlenA,LoadLibraryA,wsprintfA,LoadLibraryA,LeaveCriticalSection,GetModuleFileNameA, 16_2_20007BD0
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Code function: lstrcpyA,GetLocaleInfoA,lstrcpyA,CharNextA,CharNextA,lstrcpyA,CharNextA, 16_2_20007E15
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00458DC4 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle, 2_2_00458DC4
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_004026C4 GetSystemTime, 1_2_004026C4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp Code function: 2_2_00455D38 GetUserNameA, 2_2_00455D38
Source: C:\Users\user\Desktop\freekernelpstviewer.exe Code function: 1_2_00404654 GetModuleHandleA,GetVersion,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetProcessDEPPolicy, 1_2_00404654
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523496 Sample: freekernelpstviewer.exe Startdate: 01/10/2024 Architecture: WINDOWS Score: 7 36 www.nucleustechnologies.com 2->36 38 www.google.com 2->38 40 12 other IPs or domains 2->40 8 freekernelpstviewer.exe 2 2->8         started        process3 file4 26 C:\Users\user\...\freekernelpstviewer.tmp, PE32 8->26 dropped 11 freekernelpstviewer.tmp 24 42 8->11         started        process5 file6 28 C:\Windows\SysWOW64\is-1E6U8.tmp, PE32 11->28 dropped 30 C:\Windows\SysWOW64\RICHTX32.OCX (copy), PE32 11->30 dropped 32 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 11->32 dropped 34 6 other files (none is malicious) 11->34 dropped 14 chrome.exe 8 11->14         started        17 Kernel Outlook PST Viewer.exe 1 20 11->17         started        19 regsvr32.exe 65 11->19         started        21 8 other processes 11->21 process7 dnsIp8 48 192.168.2.4, 138, 443, 49672 unknown unknown 14->48 50 192.168.2.8 unknown unknown 14->50 52 239.255.255.250 unknown Reserved 14->52 23 chrome.exe 14->23         started        process9 dnsIp10 42 ax-0001.ax-msedge.net 150.171.27.10, 443, 54673, 54676 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 23->42 44 nucleustechnologies.com 67.227.166.81, 443, 54616, 54617 LIQUIDWEBUS United States 23->44 46 4 other IPs or domains 23->46
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.217.18.4
 www.google.com United States
15169 GOOGLEUS false
216.58.206.34
 googleads.g.doubleclick.net United States
15169 GOOGLEUS false
67.227.166.81
 nucleustechnologies.com United States
32244 LIQUIDWEBUS false
150.171.27.10
 ax-0001.ax-msedge.net United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
3.224.56.91
 improvely-com-2021-1842759544.us-east-1.elb.amazonaws.com United States
14618 AMAZON-AESUS false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.185.130
 td.doubleclick.net United States
15169 GOOGLEUS false

Private

IP
192.168.2.8
192.168.2.4

Contacted Domains

Name IP Active
googleads.g.doubleclick.net 216.58.206.34 true
improvely-com-2021-1842759544.us-east-1.elb.amazonaws.com 3.224.56.91 true
www.google.com 172.217.18.4 true
td.doubleclick.net 142.250.185.130 true
nucleustechnologies.com 67.227.166.81 true
ax-0001.ax-msedge.net 150.171.27.10 true
www.nucleustechnologies.com unknown unknown
lepide.iljmp.com unknown unknown
secure.livechatinc.com unknown unknown
206.23.85.13.in-addr.arpa unknown unknown
api.livechatinc.com unknown unknown
accounts.livechatinc.com unknown unknown
cdn.livechatinc.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.nucleustechnologies.com/imagenew20/prod-spr-El.png false
    		unknown
    https://www.nucleustechnologies.com/imagenew20/cli-4.png false
      		unknown
      https://www.nucleustechnologies.com/imagenew/dmca.webp false
        		unknown
        https://www.nucleustechnologies.com/cssnew/freeware-download.css false
          		unknown