Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report PO#578946.exe

Overview

General Information

Sample Name:PO#578946.exe
Analysis ID:457760
MD5:691bde1d30c382256ff1072b8f305841
SHA1:1ce839f49da7750ab19f0e709747a36dce1933fc
SHA256:9d1bfddea6c5c0a596af58ed64e6c38d2a274e507ca8d92d8fc801e3d8878cca
Tags:exeGuLoader
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
GuLoader behavior detected
Multi AV Scanner detection for submitted file
Sigma detected: RegAsm connects to smtp port
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Disables Windows system restore
Disables the Windows registry editor (regedit)
Disables the Windows task manager (taskmgr)
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
May check the online IP address of the machine
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Uses reg.exe to modify the Windows registry

Classification

Process Tree

  • System is w10x64
  • PO#578946.exe (PID: 3296 cmdline: 'C:\Users\user\Desktop\PO#578946.exe' MD5: 691BDE1D30C382256FF1072B8F305841)
    • RegAsm.exe (PID: 5296 cmdline: 'C:\Users\user\Desktop\PO#578946.exe' MD5: 6FD7592411112729BF6B1F2F6C34899F)
    • RegAsm.exe (PID: 1752 cmdline: 'C:\Users\user\Desktop\PO#578946.exe' MD5: 6FD7592411112729BF6B1F2F6C34899F)
    • RegAsm.exe (PID: 3948 cmdline: 'C:\Users\user\Desktop\PO#578946.exe' MD5: 6FD7592411112729BF6B1F2F6C34899F)
      • conhost.exe (PID: 3016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • reg.exe (PID: 1256 cmdline: REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

Networking:

barindex
Sigma detected: RegAsm connects to smtp portShow sources
Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 50.116.95.162, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, Initiated: true, ProcessId: 3948, Protocol: tcp, SourceIp: 192.168.2.3, SourceIsIpv6: false, SourcePort: 49745

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: PO#578946.exeAvira: detected
Multi AV Scanner detection for submitted fileShow sources
Source: PO#578946.exeVirustotal: Detection: 57%Perma Link
Source: PO#578946.exeReversingLabs: Detection: 34%
Source: PO#578946.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: unknownHTTPS traffic detected: 104.21.19.200:443 -> 192.168.2.3:49744 version: TLS 1.0
Source: unknownHTTPS traffic detected: 142.250.203.110:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.203.97:443 -> 192.168.2.3:49742 version: TLS 1.2

Networking:

barindex
May check the online IP address of the machineShow sources
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDNS query: name: checkip.dyndns.org
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDNS query: name: checkip.dyndns.org
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDNS query: name: checkip.dyndns.org
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDNS query: name: checkip.dyndns.org
Source: global trafficTCP traffic: 192.168.2.3:49745 -> 50.116.95.162:587
Source: Joe Sandbox ViewIP Address: 104.21.19.200 104.21.19.200
Source: Joe Sandbox ViewASN Name: OIS1US OIS1US
Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficTCP traffic: 192.168.2.3:49745 -> 50.116.95.162:587
Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: unknownHTTPS traffic detected: 104.21.19.200:443 -> 192.168.2.3:49744 version: TLS 1.0
Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: unknownDNS traffic detected: queries for: drive.google.com
Source: RegAsm.exe, 00000010.00000003.554569289.0000000022C51000.00000004.00000001.sdmpString found in binary or memory: http://ns.adb
Source: RegAsm.exe, 00000010.00000003.554569289.0000000022C51000.00000004.00000001.sdmpString found in binary or memory: http://ns.ado/1
Source: RegAsm.exe, 00000010.00000003.554569289.0000000022C51000.00000004.00000001.sdmpString found in binary or memory: http://ns.adobe.c/g
Source: RegAsm.exe, 00000010.00000003.554569289.0000000022C51000.00000004.00000001.sdmpString found in binary or memory: http://ns.adobe.cobj
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownHTTPS traffic detected: 142.250.203.110:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.203.97:443 -> 192.168.2.3:49742 version: TLS 1.2

System Summary:

barindex
Initial sample is a PE file and has a suspicious nameShow sources
Source: initial sampleStatic PE information: Filename: PO#578946.exe
Source: C:\Users\user\Desktop\PO#578946.exeProcess Stats: CPU usage > 98%
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess Stats: CPU usage > 98%
Source: PO#578946.exe, 00000000.00000000.212800594.0000000000418000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameUnderno3.exe vs PO#578946.exe
Source: PO#578946.exe, 00000000.00000002.493967851.0000000002260000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs PO#578946.exe
Source: PO#578946.exeBinary or memory string: OriginalFilenameUnderno3.exe vs PO#578946.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
Source: PO#578946.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\reg.exe REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f
Source: classification engineClassification label: mal100.spre.troj.spyw.evad.winEXE@10/1@243/6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\Documents\SnakeKeyloggerJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3016:120:WilError_01
Source: C:\Users\user\Desktop\PO#578946.exeFile created: C:\Users\user\AppData\Local\Temp\~DF66F3C3D05512D3AA.TMPJump to behavior
Source: PO#578946.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\PO#578946.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\Desktop\PO#578946.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: PO#578946.exeVirustotal: Detection: 57%
Source: PO#578946.exeReversingLabs: Detection: 34%
Source: unknownProcess created: C:\Users\user\Desktop\PO#578946.exe 'C:\Users\user\Desktop\PO#578946.exe'
Source: C:\Users\user\Desktop\PO#578946.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PO#578946.exe'
Source: C:\Users\user\Desktop\PO#578946.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PO#578946.exe'
Source: C:\Users\user\Desktop\PO#578946.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PO#578946.exe'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\reg.exe REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f
Source: C:\Users\user\Desktop\PO#578946.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PO#578946.exe'
Source: C:\Users\user\Desktop\PO#578946.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PO#578946.exe'
Source: C:\Users\user\Desktop\PO#578946.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PO#578946.exe'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\reg.exe REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\Desktop\PO#578946.exeCode function: 0_2_00408EF8 pushad ; ret
Source: C:\Users\user\Desktop\PO#578946.exeCode function: 0_2_0040953E push eax; iretd
Source: C:\Users\user\Desktop\PO#578946.exeCode function: 0_2_02292A10 push 32665CA0h; retf 001Dh
Source: C:\Users\user\Desktop\PO#578946.exeCode function: 0_2_02295BA0 pushfd ; retf
Source: C:\Users\user\Desktop\PO#578946.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

barindex
Detected RDTSC dummy instruction sequence (likely for instruction hammering)Show sources
Source: C:\Users\user\Desktop\PO#578946.exeRDTSC instruction interceptor: First address: 000000000229034B second address: 000000000229034B instructions:
Source: C:\Users\user\Desktop\PO#578946.exeRDTSC instruction interceptor: First address: 0000000002290BBC second address: 0000000002290BEE instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor dword ptr [ebp+68h], 48CC7240h 0x00000011 sub dword ptr [ebp+68h], 525D5669h 0x00000018 xor dword ptr [ebp+68h], 1E5E8B4Ch 0x0000001f add ebx, 04h 0x00000022 mov dword ptr [ebp+00000263h], esi 0x00000028 cmp bh, bh 0x0000002a mov esi, ebx 0x0000002c pushad 0x0000002d mov eax, 0000003Fh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\PO#578946.exeRDTSC instruction interceptor: First address: 0000000002291883 second address: 0000000002291883 instructions:
Tries to detect Any.runShow sources
Source: C:\Users\user\Desktop\PO#578946.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Users\user\Desktop\PO#578946.exeFile opened: C:\Program Files\qga\qga.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Program Files\qga\qga.exe
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
Source: PO#578946.exe, 00000000.00000002.493995174.00000000022B0000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: PO#578946.exe, 00000000.00000002.493995174.00000000022B0000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32USERPROFILE=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLL
Tries to detect virtualization through RDTSC time measurementsShow sources
Source: C:\Users\user\Desktop\PO#578946.exeRDTSC instruction interceptor: First address: 000000000229034B second address: 000000000229034B instructions:
Source: C:\Users\user\Desktop\PO#578946.exeRDTSC instruction interceptor: First address: 0000000002296191 second address: 0000000002296191 instructions: 0x00000000 rdtsc 0x00000002 mov eax, CFC9D9CCh 0x00000007 xor eax, E7B8D616h 0x0000000c xor eax, B003C39Fh 0x00000011 xor eax, 9872CC44h 0x00000016 cpuid 0x00000018 popad 0x00000019 call 00007F50A0E9671Ah 0x0000001e lfence 0x00000021 mov edx, 324626BAh 0x00000026 xor edx, 8E47B5F1h 0x0000002c xor edx, CD58843Fh 0x00000032 xor edx, 0EA71760h 0x00000038 mov edx, dword ptr [edx] 0x0000003a lfence 0x0000003d ret 0x0000003e sub edx, esi 0x00000040 ret 0x00000041 pop ecx 0x00000042 cmp cx, dx 0x00000045 add edi, edx 0x00000047 dec ecx 0x00000048 mov dword ptr [ebp+000001B1h], ecx 0x0000004e mov ecx, 1C5A7D24h 0x00000053 xor ecx, 8E853080h 0x00000059 cmp cx, cx 0x0000005c xor ecx, 6F6EDF25h 0x00000062 test ax, dx 0x00000065 sub ecx, FDB19281h 0x0000006b cmp dword ptr [ebp+000001B1h], ecx 0x00000071 mov ecx, dword ptr [ebp+000001B1h] 0x00000077 jne 00007F50A0E966C4h 0x00000079 cmp edx, eax 0x0000007b mov dword ptr [ebp+00000221h], eax 0x00000081 mov eax, ecx 0x00000083 push eax 0x00000084 mov eax, dword ptr [ebp+00000221h] 0x0000008a call 00007F50A0E967E0h 0x0000008f call 00007F50A0E9673Bh 0x00000094 lfence 0x00000097 mov edx, 324626BAh 0x0000009c xor edx, 8E47B5F1h 0x000000a2 xor edx, CD58843Fh 0x000000a8 xor edx, 0EA71760h 0x000000ae mov edx, dword ptr [edx] 0x000000b0 lfence 0x000000b3 ret 0x000000b4 mov esi, edx 0x000000b6 pushad 0x000000b7 rdtsc
Source: C:\Users\user\Desktop\PO#578946.exeRDTSC instruction interceptor: First address: 0000000002296279 second address: 000000000229648C instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 call 00007F50A0B55C9Ch 0x00000008 call 00007F50A0B55C11h 0x0000000d lfence 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PO#578946.exeRDTSC instruction interceptor: First address: 000000000229648C second address: 000000000229648C instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, E6128C86h 0x00000013 sub eax, 16292D64h 0x00000018 xor eax, 39A79C13h 0x0000001d xor eax, F64EC330h 0x00000022 jmp 00007F50A0E9676Eh 0x00000024 cmp dh, ch 0x00000026 cpuid 0x00000028 bt ecx, 1Fh 0x0000002c jc 00007F50A0E99A81h 0x00000032 cmp bh, ch 0x00000034 popad 0x00000035 call 00007F50A0E96746h 0x0000003a lfence 0x0000003d rdtsc
Source: C:\Users\user\Desktop\PO#578946.exeRDTSC instruction interceptor: First address: 0000000002290BBC second address: 0000000002290BEE instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor dword ptr [ebp+68h], 48CC7240h 0x00000011 sub dword ptr [ebp+68h], 525D5669h 0x00000018 xor dword ptr [ebp+68h], 1E5E8B4Ch 0x0000001f add ebx, 04h 0x00000022 mov dword ptr [ebp+00000263h], esi 0x00000028 cmp bh, bh 0x0000002a mov esi, ebx 0x0000002c pushad 0x0000002d mov eax, 0000003Fh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\PO#578946.exeRDTSC instruction interceptor: First address: 0000000002291883 second address: 0000000002291883 instructions:
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRDTSC instruction interceptor: First address: 0000000001106191 second address: 0000000001106191 instructions: 0x00000000 rdtsc 0x00000002 mov eax, CFC9D9CCh 0x00000007 xor eax, E7B8D616h 0x0000000c xor eax, B003C39Fh 0x00000011 xor eax, 9872CC44h 0x00000016 cpuid 0x00000018 popad 0x00000019 call 00007F50A0B55B5Ah 0x0000001e lfence 0x00000021 mov edx, 324626BAh 0x00000026 xor edx, 8E47B5F1h 0x0000002c xor edx, CD58843Fh 0x00000032 xor edx, 0EA71760h 0x00000038 mov edx, dword ptr [edx] 0x0000003a lfence 0x0000003d ret 0x0000003e sub edx, esi 0x00000040 ret 0x00000041 pop ecx 0x00000042 cmp cx, dx 0x00000045 add edi, edx 0x00000047 dec ecx 0x00000048 mov dword ptr [ebp+000001B1h], ecx 0x0000004e mov ecx, 1C5A7D24h 0x00000053 xor ecx, 8E853080h 0x00000059 cmp cx, cx 0x0000005c xor ecx, 6F6EDF25h 0x00000062 test ax, dx 0x00000065 sub ecx, FDB19281h 0x0000006b cmp dword ptr [ebp+000001B1h], ecx 0x00000071 mov ecx, dword ptr [ebp+000001B1h] 0x00000077 jne 00007F50A0B55B04h 0x00000079 cmp edx, eax 0x0000007b mov dword ptr [ebp+00000221h], eax 0x00000081 mov eax, ecx 0x00000083 push eax 0x00000084 mov eax, dword ptr [ebp+00000221h] 0x0000008a call 00007F50A0B55C20h 0x0000008f call 00007F50A0B55B7Bh 0x00000094 lfence 0x00000097 mov edx, 324626BAh 0x0000009c xor edx, 8E47B5F1h 0x000000a2 xor edx, CD58843Fh 0x000000a8 xor edx, 0EA71760h 0x000000ae mov edx, dword ptr [edx] 0x000000b0 lfence 0x000000b3 ret 0x000000b4 mov esi, edx 0x000000b6 pushad 0x000000b7 rdtsc
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRDTSC instruction interceptor: First address: 0000000001106279 second address: 000000000110648C instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 call 00007F50A0E9685Ch 0x00000008 call 00007F50A0E967D1h 0x0000000d lfence 0x00000010 rdtsc
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRDTSC instruction interceptor: First address: 000000000110648C second address: 000000000110648C instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, E6128C86h 0x00000013 sub eax, 16292D64h 0x00000018 xor eax, 39A79C13h 0x0000001d xor eax, F64EC330h 0x00000022 jmp 00007F50A0B55BAEh 0x00000024 cmp dh, ch 0x00000026 cpuid 0x00000028 bt ecx, 1Fh 0x0000002c jc 00007F50A0B58EC1h 0x00000032 cmp bh, ch 0x00000034 popad 0x00000035 call 00007F50A0B55B86h 0x0000003a lfence 0x0000003d rdtsc
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 9023
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -16602069666338586s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -100000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99843s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99733s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99624s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99500s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99374s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99265s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99156s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99046s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98937s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98827s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98718s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98609s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98499s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98390s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98281s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98172s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98047s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -97937s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -97828s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99890s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99780s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99671s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99562s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -198874s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99327s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99217s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -198218s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98983s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98874s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98765s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98655s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98546s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98437s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98327s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98218s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98109s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -97999s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -97890s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -97781s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99875s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99765s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99655s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99547s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99328s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99218s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -99000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98890s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5752Thread sleep time: -98781s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 100000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99843
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99733
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99624
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99374
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99265
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99156
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99046
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98937
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98827
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98718
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98609
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98499
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98390
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98281
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98047
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97937
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97828
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99890
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99780
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99671
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99562
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99437
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99327
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99217
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99109
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98983
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98874
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98765
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98655
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98546
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98437
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98327
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98218
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98109
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97999
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97890
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97781
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99875
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99765
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99655
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99547
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99218
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98890
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98781
Source: RegAsm.exe, 00000010.00000003.596866085.000000001EE75000.00000004.00000001.sdmpBinary or memory string: qSeijyhLAupxJP7GFRtEBI4vMci5Yn8KwAjPFEHs2eL/uAB08c1RHiJzKQFojvE1Po+v
Source: RegAsm.exe, 00000010.00000003.597075106.000000001F234000.00000004.00000001.sdmpBinary or memory string: z46e9oxTAseWY0w/Ojb81oDo+4/82u8//qclBjLyh3/0nxSbv/ZLvMcIOCdI+0gC05gE
Source: reg.exe, 00000019.00000002.516359726.00000000031D0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: PO#578946.exe, 00000000.00000002.493995174.00000000022B0000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32USERPROFILE=windir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dll
Source: reg.exe, 00000019.00000002.516359726.00000000031D0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: PO#578946.exe, 00000000.00000002.493995174.00000000022B0000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: RegAsm.exe, 00000010.00000003.596866085.000000001EE75000.00000004.00000001.sdmpBinary or memory string: V3DpwpQXUCr5++MlWREYz4Pns68z+nyiz1fft58FQn979PlWmvmcIiDUz9VJp4HLtHB8
Source: reg.exe, 00000019.00000002.516359726.00000000031D0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: reg.exe, 00000019.00000002.516359726.00000000031D0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
Source: C:\Users\user\Desktop\PO#578946.exeSystem information queried: ModuleInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformation

Anti Debugging:

barindex
Hides threads from debuggersShow sources
Source: C:\Users\user\Desktop\PO#578946.exeThread information set: HideFromDebugger
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebugger
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebugger
Source: C:\Users\user\Desktop\PO#578946.exeProcess queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: Debug
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion:

barindex
Writes to foreign memory regionsShow sources
Source: C:\Users\user\Desktop\PO#578946.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1100000
Source: C:\Users\user\Desktop\PO#578946.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PO#578946.exe'
Source: C:\Users\user\Desktop\PO#578946.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PO#578946.exe'
Source: C:\Users\user\Desktop\PO#578946.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PO#578946.exe'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
Disables Windows system restoreShow sources
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore DisableSRJump to behavior
Disables the Windows registry editor (regedit)Show sources
Source: C:\Windows\SysWOW64\reg.exeRegistry key created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableRegistryToolsJump to behavior
Disables the Windows task manager (taskmgr)Show sources
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgrJump to behavior

Stealing of Sensitive Information:

barindex
GuLoader behavior detectedShow sources
Source: Initial fileSignature Results: GuLoader behavior
Tries to harvest and steal browser information (history, passwords, etc)Show sources
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Tries to harvest and steal ftp login credentialsShow sources
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
Tries to steal Mail credentials (via file access)Show sources
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationDLL Side-Loading1Process Injection111Masquerading1OS Credential Dumping2Security Software Discovery511Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationInhibit System Recovery1
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Modify Registry1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools21Security Account ManagerVirtualization/Sandbox Evasion231SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Virtualization/Sandbox Evasion231NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection111LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol23Manipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsSystem Network Configuration Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsDLL Side-Loading1DCSyncSystem Information Discovery214Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 457760 Sample: PO#578946.exe Startdate: 02/08/2021 Architecture: WINDOWS Score: 100 24 rockglen.com 2->24 26 mail.rockglen.com 2->26 34 Antivirus / Scanner detection for submitted sample 2->34 36 Multi AV Scanner detection for submitted file 2->36 38 Sigma detected: RegAsm connects to smtp port 2->38 40 3 other signatures 2->40 8 PO#578946.exe 1 2->8         started        signatures3 process4 signatures5 44 Writes to foreign memory regions 8->44 46 Detected RDTSC dummy instruction sequence (likely for instruction hammering) 8->46 48 Tries to detect Any.run 8->48 50 2 other signatures 8->50 11 RegAsm.exe 18 12 8->11         started        15 RegAsm.exe 8->15         started        17 RegAsm.exe 8->17         started        process6 dnsIp7 28 rockglen.com 50.116.95.162, 49745, 49746, 49747 OIS1US United States 11->28 30 checkip.dyndns.org 11->30 32 7 other IPs or domains 11->32 52 Tries to steal Mail credentials (via file access) 11->52 54 Tries to harvest and steal ftp login credentials 11->54 56 Tries to harvest and steal browser information (history, passwords, etc) 11->56 62 4 other signatures 11->62 19 reg.exe 1 1 11->19         started        22 conhost.exe 11->22         started        58 May check the online IP address of the machine 15->58 60 Tries to detect virtualization through RDTSC time measurements 15->60 signatures8 process9 signatures10 42 Disables the Windows registry editor (regedit) 19->42

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PO#578946.exe58%VirustotalBrowse
PO#578946.exe35%ReversingLabsWin32.Trojan.Fragtor
PO#578946.exe100%AviraHEUR/AGEN.1130122

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://ns.adb0%URL Reputationsafe
http://checkip.dyndns.org/0%Avira URL Cloudsafe
http://ns.adobe.c/g0%URL Reputationsafe
http://ns.adobe.cobj0%URL Reputationsafe
http://ns.ado/10%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
rockglen.com
50.116.95.162
truetrue
    		unknown
    drive.google.com
    		142.250.203.110
    		truefalse
      		high
      freegeoip.app
      		104.21.19.200
      		truefalse
        		unknown
        googlehosted.l.googleusercontent.com
        		142.250.203.97
        		truefalse
          		high
          checkip.dyndns.com
          		158.101.44.242
          		truefalse
            		unknown
            doc-04-6s-docs.googleusercontent.com
            		unknown
            		unknownfalse
              		high
              checkip.dyndns.org
              		unknown
              		unknowntrue
                		unknown
                mail.rockglen.com
                		unknown
                		unknownfalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://checkip.dyndns.org/false
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://ns.adbRegAsm.exe, 00000010.00000003.554569289.0000000022C51000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://ns.adobe.c/gRegAsm.exe, 00000010.00000003.554569289.0000000022C51000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://ns.adobe.cobjRegAsm.exe, 00000010.00000003.554569289.0000000022C51000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://ns.ado/1RegAsm.exe, 00000010.00000003.554569289.0000000022C51000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  		unknown

                  Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public

                  IPDomainCountryFlagASNASN NameMalicious
                  142.250.203.97
                  		googlehosted.l.googleusercontent.comUnited States
                  		15169GOOGLEUSfalse
                  104.21.19.200
                  		freegeoip.appUnited States
                  		13335CLOUDFLARENETUSfalse
                  50.116.95.162
                  		rockglen.comUnited States
                  		26337OIS1UStrue
                  142.250.203.110
                  		drive.google.comUnited States
                  		15169GOOGLEUSfalse
                  158.101.44.242
                  		checkip.dyndns.comUnited States
                  		31898ORACLE-BMC-31898USfalse

                  Private

                  IP
                  192.168.2.1

                  General Information

                  Joe Sandbox Version:33.0.0 White Diamond
                  Analysis ID:457760
                  Start date:02.08.2021
                  Start time:09:35:08
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 14m 49s
                  Hypervisor based Inspection enabled:false
                  Report type:light
                  Sample file name:PO#578946.exe
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Run name:Suspected Instruction Hammering Hide Perf
                  Number of analysed new started processes analysed:42
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal100.spre.troj.spyw.evad.winEXE@10/1@243/6
                  EGA Information:Failed
                  HDC Information:
                  • Successful, ratio: 2.3% (good quality ratio 0.3%)
                  • Quality average: 14.3%
                  • Quality standard deviation: 30%
                  HCA Information:Failed
                  Cookbook Comments:
                  • Adjust boot time
                  • Enable AMSI
                  • Found application associated with file extension: .exe
                  Warnings:
                  Show All
                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, RuntimeBroker.exe, backgroundTaskHost.exe, UsoClient.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, MusNotifyIcon.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                  • TCP Packets have been reduced to 100
                  • Excluded IPs from analysis (whitelisted): 104.42.151.234, 52.147.198.201, 23.211.4.86, 20.50.102.62, 173.222.108.226, 173.222.108.210, 40.112.88.60, 80.67.82.235, 80.67.82.211, 20.82.209.183, 20.54.110.249, 20.190.159.132, 20.190.159.138, 20.190.159.136, 20.190.159.134, 40.126.31.139, 40.126.31.1, 40.126.31.8, 40.126.31.135, 51.104.136.2, 20.49.150.241
                  • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, login.live.com, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, a767.dscg3.akamai.net, www.tm.a.prd.aadg.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, login.msa.msidentity.com, settingsfd-geo.trafficmanager.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size exceeded maximum capacity and may have missing network information.
                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  09:45:19API Interceptor2915x Sleep call for process: RegAsm.exe modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                  104.21.19.200JThZQQQwZA.exeGet hashmaliciousBrowse
                  • freegeoip.app/xml/
                  Loader.exeGet hashmaliciousBrowse
                  • freegeoip.app/xml/

                  Domains

                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                  freegeoip.appIMG-20210802-WA0587-087.exeGet hashmaliciousBrowse
                  • 172.67.188.154
                  URGENT QUOTATION FROM CHINA SHENHUA_RFQ16602021.pdf.exeGet hashmaliciousBrowse
                  • 172.67.188.154
                  Anfrage080221.exeGet hashmaliciousBrowse
                  • 172.67.188.154
                  Quotation.exeGet hashmaliciousBrowse
                  • 172.67.188.154
                  QT2WO09000008.PDF.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  QUOTE 04202021.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  REQUEST FOR QUOTATION - PCIHBV2021MRP27220.exeGet hashmaliciousBrowse
                  • 172.67.188.154
                  REQUEST_.EXEGet hashmaliciousBrowse
                  • 104.21.19.200
                  Our Company Account Details-08-2021.xlsxGet hashmaliciousBrowse
                  • 104.21.19.200
                  SHIPPING DOCUMENT & PL.exeGet hashmaliciousBrowse
                  • 172.67.188.154
                  Referans iin orijinal nakliye belgeleri.pdf.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  REVISE INVOICE.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  Quotation for C80842178.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  order.PDF.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  DyxL4y2hv3.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  ggx6bFSU05.exeGet hashmaliciousBrowse
                  • 172.67.188.154
                  SecuriteInfo.com.Trojan.Win32.Save.a.23962.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  fBR05jzjti.exeGet hashmaliciousBrowse
                  • 172.67.188.154
                  Original Shipping .docGet hashmaliciousBrowse
                  • 104.21.19.200
                  hfJdO3BjO0.exeGet hashmaliciousBrowse
                  • 172.67.188.154

                  ASN

                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                  CLOUDFLARENETUSIMG-20210802-WA0587-087.exeGet hashmaliciousBrowse
                  • 172.67.188.154
                  URGENT QUOTATION FROM CHINA SHENHUA_RFQ16602021.pdf.exeGet hashmaliciousBrowse
                  • 172.67.188.154
                  Anfrage080221.exeGet hashmaliciousBrowse
                  • 172.67.188.154
                  Quotation.exeGet hashmaliciousBrowse
                  • 172.67.188.154
                  QT2WO09000008.PDF.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  QUOTE 04202021.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  85d8c.exeGet hashmaliciousBrowse
                  • 104.21.56.66
                  85d8c.exeGet hashmaliciousBrowse
                  • 172.67.179.203
                  REQUEST FOR QUOTATION - PCIHBV2021MRP27220.exeGet hashmaliciousBrowse
                  • 172.67.188.154
                  ATT96886.HTMGet hashmaliciousBrowse
                  • 104.16.18.94
                  REQUEST_.EXEGet hashmaliciousBrowse
                  • 104.21.19.200
                  ATT04604.HTMGet hashmaliciousBrowse
                  • 104.16.19.94
                  Our Company Account Details-08-2021.xlsxGet hashmaliciousBrowse
                  • 104.21.19.200
                  Payment For Invoice 321-1005703.exeGet hashmaliciousBrowse
                  • 23.227.38.74
                  TusisaehJA.exeGet hashmaliciousBrowse
                  • 162.159.133.233
                  XWXJTOInGn.exeGet hashmaliciousBrowse
                  • 162.159.129.233
                  NEW PO pdf.exeGet hashmaliciousBrowse
                  • 162.159.133.233
                  SHIPPING DOCUMENT & PL.exeGet hashmaliciousBrowse
                  • 172.67.188.154
                  DHL Shipment Notification,PDF.exeGet hashmaliciousBrowse
                  • 104.21.28.3
                  Referans iin orijinal nakliye belgeleri.pdf.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  OIS1USxkNBltP31j.exeGet hashmaliciousBrowse
                  • 162.241.2.218
                  #Uacac#Uc801 #Ud488#Ubaa9 #Ub9ac#Uc2a4#Ud2b8.exeGet hashmaliciousBrowse
                  • 162.241.2.78
                  GHAI SHIPMENT SCHEDULE 28TH-07-2021.exeGet hashmaliciousBrowse
                  • 162.241.203.110
                  AWD SHANGHAI SHIPMENT SCHEDULE.exeGet hashmaliciousBrowse
                  • 162.241.203.110
                  Order600567.exeGet hashmaliciousBrowse
                  • 162.241.2.103
                  PYY74882220#.exeGet hashmaliciousBrowse
                  • 162.241.203.51
                  PI-0387991.exeGet hashmaliciousBrowse
                  • 162.241.2.50
                  vGXbKUQZZpb0fE8.exeGet hashmaliciousBrowse
                  • 162.241.85.193
                  K7EnL0C9KJ.exeGet hashmaliciousBrowse
                  • 192.185.147.20
                  Gift Card 0796907.xlsbGet hashmaliciousBrowse
                  • 162.241.3.29
                  Gift Card 0796907.xlsbGet hashmaliciousBrowse
                  • 162.241.3.29
                  Order 9572478.xlsbGet hashmaliciousBrowse
                  • 162.241.2.50
                  Order 9572478.xlsbGet hashmaliciousBrowse
                  • 162.241.2.50
                  Order 161488.xlsbGet hashmaliciousBrowse
                  • 162.241.3.14
                  PO 491196.xlsbGet hashmaliciousBrowse
                  • 50.116.94.238
                  Order 161488.xlsbGet hashmaliciousBrowse
                  • 162.241.3.14
                  PO 491196.xlsbGet hashmaliciousBrowse
                  • 50.116.94.238
                  Order 46975986.xlsbGet hashmaliciousBrowse
                  • 162.241.3.29
                  WO 2308349.xlsbGet hashmaliciousBrowse
                  • 162.241.2.147
                  Order 46975986.xlsbGet hashmaliciousBrowse
                  • 162.241.3.29

                  JA3 Fingerprints

                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                  54328bd36c14bd82ddaa0c04b25ed9adIMG-20210802-WA0587-087.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  URGENT QUOTATION FROM CHINA SHENHUA_RFQ16602021.pdf.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  Anfrage080221.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  Quotation.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  QT2WO09000008.PDF.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  QUOTE 04202021.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  REQUEST FOR QUOTATION - PCIHBV2021MRP27220.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  REQUEST_.EXEGet hashmaliciousBrowse
                  • 104.21.19.200
                  Quotation Request August RFQ8012021.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  tsyUOzA9Og.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  SHIPPING DOCUMENT & PL.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  Referans iin orijinal nakliye belgeleri.pdf.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  REVISE INVOICE.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  Quotation for C80842178.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  order.PDF.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  6DSApYckXY.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  DyxL4y2hv3.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  Booking_confirmation.vbsGet hashmaliciousBrowse
                  • 104.21.19.200
                  SecuriteInfo.com.Trojan.Win32.Save.a.23962.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  fBR05jzjti.exeGet hashmaliciousBrowse
                  • 104.21.19.200
                  37f463bf4616ecd445d4a1937da06e19Zaobz-rdbmw-xdw-f.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  AR2rPMLtaN.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  NEW PO pdf.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  BFE85B846350851DD4F83DFED498AE60F85D4129329C2.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  Aging invoice.htmlGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  R5L9IoaG67.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  flJrVwWebP.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  QfVER41Fwx.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  1A263B2603212FF1E492D9E0C718F12601789E27EAABA.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  mbVrdKm3zX.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  bHC6bZhkMz.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  5qW61eKDTp.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  WWzUml7m53.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  e7V79qGVJT.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  it2TiN2UtR.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  4Dm89IWqe9.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  5mr8riiH5q.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  YoKh9rD5xR.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  Oyu6AMjXZH.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97
                  IsVEKYHPfW.exeGet hashmaliciousBrowse
                  • 142.250.203.110
                  • 142.250.203.97

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Users\user\Documents\SnakeKeylogger\Screenshot.png
                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):48086893
                  Entropy (8bit):7.944436654506759
                  Encrypted:false
                  SSDEEP:786432:9a7ua7Wa7ua7Ma7Ma7Ma7Ma7Ma7Ma7Ma7Ma7Ma7Ga7Ga7Ga7Ga7Ga7Ga7Ga7Ga7i:9gugWgugMgMgMgMgMgMgMgMgMgGgGgGF
                  MD5:B5D3338ED89342F6F4A390B855ACBFAF
                  SHA1:597B22F2CA7A5E5958FAE97944141F0EBDFA9526
                  SHA-256:FE1C848F0E71BFFC21DDA12869E6A09035B77474BC0F200D18F385D48340C294
                  SHA-512:B0B525D4EA3FD2F4F394164B44C359911C4E12D58B00A11F69DEE942277EC3533795E52D53D3C82B6FCB9D57269FBFFB99E867F788F1B3BDFF03B7A75FA189F9
                  Malicious:false
                  Reputation:low
                  Preview: .PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...uEy.}..71.F...._..`b.....&_..*.^.KD..C.^......&&y..`G..."......=k.....?.f.^{.}.g...]{..}...Y{/,........6|.Y.......Y.6....M.Z..;7l.....<.?.a.....b6.fL.G.R.;.l.s7".b....6}.Ml....A..~..`......'.......G..c..e.96.r.P.>..s...:...AA=e.@.5*......S]$....W....2P.....`.6 ..X\.q..G<v.P~.o3'4.O.G..(........6......_o.';..{..|Q.tJ..L..V.Z.&....olb...e?,7.F.D{..,nbm...#F6.Nf........P..Z..fq.gG,l.`...j..@..,n..X.4.l.....]b....r..4.Zi.....#K..b\..E.h.$.w>s......x..%./`-*...]Dg.r....?...W....G....>..d.lb.#!..< ...6.Dmn..5.....Et.?d...3>...6.D.[.....J.igk`.......@q'.H..:..a.....Nz.uHK8.....#.......z.s...>...p.....LC.....7......2..I.d.o...1...A.M/Z.bL+?./....a..N.h.XZ..@.-.J..3..3....$.u1...#./`-*...]Dg.r....?...W....G...^.B}2Uf\....@a;.?d...3>...6.D.[.....J.igk`.......@q'.H..:.J...@...D{.D.Qn.M... A.*m..i, D.....p...]`..G..........@R.dT..9..".N~..52.F....c.r..|$..)P|../'u./.

                  Static File Info

                  General

                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Entropy (8bit):6.304822927566701
                  TrID:
                  • Win32 Executable (generic) a (10002005/4) 99.15%
                  • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                  • Generic Win/DOS Executable (2004/3) 0.02%
                  • DOS Executable Generic (2002/1) 0.02%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:PO#578946.exe
                  File size:98304
                  MD5:691bde1d30c382256ff1072b8f305841
                  SHA1:1ce839f49da7750ab19f0e709747a36dce1933fc
                  SHA256:9d1bfddea6c5c0a596af58ed64e6c38d2a274e507ca8d92d8fc801e3d8878cca
                  SHA512:b8eba412543f38959d50279654d72be9f208e45d7fca1023aa07baf75c328d7bf7aba2cbd8a1a9761f6ae1942fcea0f6e593ea1ec2c74d7f941ac734a046ee3c
                  SSDEEP:1536:9xnKKKKKKKKKKKKKKKKKKKKKKKKKKKKCKKKKKKKKKKKKKKKKKKKKKKKKKKKKKDKs:oauQiP2d+a
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L...[..Z.................P...0...............`....@................

                  File Icon

                  Icon Hash:c4e8c8cccce0e8e8

                  Static PE Info

                  General

                  Entrypoint:0x4012bc
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                  DLL Characteristics:
                  Time Stamp:0x5A01D35B [Tue Nov 7 15:38:03 2017 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:4
                  OS Version Minor:0
                  File Version Major:4
                  File Version Minor:0
                  Subsystem Version Major:4
                  Subsystem Version Minor:0
                  Import Hash:6859d1daf1cf351f8ea3b0beb22606a9

                  Entrypoint Preview

                  Instruction
                  push 00401CB0h
                  call 00007F50A0B74573h
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  xor byte ptr [eax], al
                  add byte ptr [eax], al
                  inc eax
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax-72h], ch
                  sub eax, BF76FBCFh
                  inc eax
                  mov al, byte ptr [82068D03h]
                  jmp 00007F50A0B745EAh
                  add eax, dword ptr [eax]
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [ecx], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add al, ah
                  or dword ptr [ebx+eax], 44h
                  outsd
                  outsb
                  popad
                  je 00007F50A0B745F1h
                  jc 00007F50A0B745E7h
                  outsb
                  je 00007F50A0B745E3h
                  outsb
                  bound esi, dword ptr [ecx]
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  dec esp
                  xor dword ptr [eax], eax
                  add byte ptr [esi+37h], ah
                  jle 00007F50A0B74519h
                  push ds
                  rcl cl, cl
                  inc esp
                  mov eax, 4447D896h
                  mov cl, 7Eh
                  jmp 00007F50A0B745B0h
                  push 0000007Ch
                  not byte ptr [eax+64h]
                  or al, 48h
                  lea eax, dword ptr [ecx+11h]
                  xor ah, byte ptr [ecx+4Ch]
                  cmc
                  cmp cl, byte ptr [bx-53h]
                  xor ebx, dword ptr [ecx-48EE309Ah]
                  or al, 00h
                  stosb
                  add byte ptr [eax-2Dh], ah
                  xchg eax, ebx
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  adc ecx, dword ptr [ecx]
                  add byte ptr [eax], al
                  push cs
                  or dword ptr [eax], eax
                  add byte ptr [eax], al
                  add eax, 62794800h
                  insb
                  aaa
                  add byte ptr [4D000901h], cl
                  jns 00007F50A0B745F1h
                  jo 00007F50A0B745E3h
                  je 00007F50A0B745EAh
                  jns 00007F50A0B745B7h

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x157d40x28.text
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x180000xc08.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                  IMAGE_DIRECTORY_ENTRY_IAT0x10000xe0.text
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000x14bfc0x15000False0.442638578869data6.71966680684IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  .data0x160000x11b00x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                  .rsrc0x180000xc080x1000False0.311279296875data3.24284778332IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                  Resources

                  NameRVASizeTypeLanguageCountry
                  RT_ICON0x183600x8a8data
                  RT_GROUP_ICON0x1834c0x14data
                  RT_VERSION0x180f00x25cdataChineseTaiwan

                  Imports

                  DLLImport
                  MSVBVM60.DLL_CIcos, _adj_fptan, __vbaFreeVar, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaVarForInit, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaFileOpen, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaStrToAnsi, __vbaFpI4, _CIatan, __vbaUI1Str, __vbaCastObj, __vbaStrMove, _allmul, _CItan, __vbaVarForNext, _CIexp, __vbaFreeObj, __vbaFreeStr

                  Version Infos

                  DescriptionData
                  Translation0x0404 0x04b0
                  InternalNameUnderno3
                  FileVersion1.00
                  CompanyNameCollapse Magical
                  CommentsCollapse Magical
                  ProductNamedece
                  ProductVersion1.00
                  OriginalFilenameUnderno3.exe

                  Possible Origin

                  Language of compilation systemCountry where language is spokenMap
                  ChineseTaiwan

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Aug 2, 2021 09:45:10.716114998 CEST49741443192.168.2.3142.250.203.110
                  Aug 2, 2021 09:45:10.742876053 CEST44349741142.250.203.110192.168.2.3
                  Aug 2, 2021 09:45:10.743011951 CEST49741443192.168.2.3142.250.203.110
                  Aug 2, 2021 09:45:10.775691986 CEST49741443192.168.2.3142.250.203.110
                  Aug 2, 2021 09:45:10.801050901 CEST44349741142.250.203.110192.168.2.3
                  Aug 2, 2021 09:45:10.813112974 CEST44349741142.250.203.110192.168.2.3
                  Aug 2, 2021 09:45:10.813148975 CEST44349741142.250.203.110192.168.2.3
                  Aug 2, 2021 09:45:10.813168049 CEST44349741142.250.203.110192.168.2.3
                  Aug 2, 2021 09:45:10.813184023 CEST44349741142.250.203.110192.168.2.3
                  Aug 2, 2021 09:45:10.813209057 CEST49741443192.168.2.3142.250.203.110
                  Aug 2, 2021 09:45:10.813247919 CEST49741443192.168.2.3142.250.203.110
                  Aug 2, 2021 09:45:10.914961100 CEST49741443192.168.2.3142.250.203.110
                  Aug 2, 2021 09:45:10.940931082 CEST44349741142.250.203.110192.168.2.3
                  Aug 2, 2021 09:45:10.941032887 CEST49741443192.168.2.3142.250.203.110
                  Aug 2, 2021 09:45:10.961633921 CEST49741443192.168.2.3142.250.203.110
                  Aug 2, 2021 09:45:10.991825104 CEST44349741142.250.203.110192.168.2.3
                  Aug 2, 2021 09:45:11.528084993 CEST44349741142.250.203.110192.168.2.3
                  Aug 2, 2021 09:45:11.528115988 CEST44349741142.250.203.110192.168.2.3
                  Aug 2, 2021 09:45:11.528130054 CEST44349741142.250.203.110192.168.2.3
                  Aug 2, 2021 09:45:11.528240919 CEST49741443192.168.2.3142.250.203.110
                  Aug 2, 2021 09:45:11.528327942 CEST49741443192.168.2.3142.250.203.110
                  Aug 2, 2021 09:45:11.613548040 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:11.640599966 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:11.640753984 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:11.641752005 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:11.667372942 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:11.679789066 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:11.679848909 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:11.679888964 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:11.679923058 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:11.679950953 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:11.679954052 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:11.680021048 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:11.705293894 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:11.731256962 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:11.731369972 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:11.732518911 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:11.763247013 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.057761908 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.057804108 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.057826042 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.057847023 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.057869911 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.058048010 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.058077097 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.059453964 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.059489012 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.059837103 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.061033010 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.061216116 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.061482906 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.061665058 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.063240051 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.063276052 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.063421965 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.064538002 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.064569950 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.064781904 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.066296101 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.066332102 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.066571951 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.068085909 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.068367958 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.083152056 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.083187103 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.084429026 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.084527969 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.084567070 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.084820986 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.085786104 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.085820913 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.086076975 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.087455034 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.087492943 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.088167906 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.089231014 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.089266062 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.090300083 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.090991974 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.091025114 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.091417074 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.092988968 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.093028069 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.093504906 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.094562054 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.094595909 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.095105886 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.097363949 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.097393036 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.097852945 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.097877026 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.099576950 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.099615097 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.101558924 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.101593018 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.102014065 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.102041006 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.102044106 CEST49742443192.168.2.3142.250.203.97
                  Aug 2, 2021 09:45:12.102747917 CEST44349742142.250.203.97192.168.2.3
                  Aug 2, 2021 09:45:12.103138924 CEST49742443192.168.2.3142.250.203.97

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                  Aug 2, 2021 09:45:10.640245914 CEST192.168.2.38.8.8.80x80ecStandard query (0)drive.google.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:11.564100981 CEST192.168.2.38.8.8.80x9fdeStandard query (0)doc-04-6s-docs.googleusercontent.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:13.597980022 CEST192.168.2.38.8.8.80xe456Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:13.643327951 CEST192.168.2.38.8.8.80xaa84Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:17.139657974 CEST192.168.2.38.8.8.80x7c97Standard query (0)freegeoip.appA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:19.637984037 CEST192.168.2.38.8.8.80x127eStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:20.323144913 CEST192.168.2.38.8.8.80xb09dStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:32.048849106 CEST192.168.2.38.8.8.80x9623Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:32.509639978 CEST192.168.2.38.8.8.80x25efStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:34.357639074 CEST192.168.2.38.8.8.80x5cf3Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:34.672751904 CEST192.168.2.38.8.8.80x45f9Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:36.615605116 CEST192.168.2.38.8.8.80xcb07Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:36.959482908 CEST192.168.2.38.8.8.80xfef9Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:43.884396076 CEST192.168.2.38.8.8.80x274cStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:44.496228933 CEST192.168.2.38.8.8.80x280fStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:46.270169020 CEST192.168.2.38.8.8.80x5ee7Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:46.367569923 CEST192.168.2.38.8.8.80x6851Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:52.692579985 CEST192.168.2.38.8.8.80x53e1Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:52.750407934 CEST192.168.2.38.8.8.80xf402Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:54.362121105 CEST192.168.2.38.8.8.80xbc4dStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:54.468421936 CEST192.168.2.38.8.8.80xfedfStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:00.213664055 CEST192.168.2.38.8.8.80xab50Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:00.347135067 CEST192.168.2.38.8.8.80x2400Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:02.108325958 CEST192.168.2.38.8.8.80xec00Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:02.257860899 CEST192.168.2.38.8.8.80x7528Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:08.918612957 CEST192.168.2.38.8.8.80xe257Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:08.969393969 CEST192.168.2.38.8.8.80x973eStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:10.599953890 CEST192.168.2.38.8.8.80xc3dbStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:10.634927988 CEST192.168.2.38.8.8.80x72b5Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:15.514090061 CEST192.168.2.38.8.8.80xe345Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:15.555104017 CEST192.168.2.38.8.8.80x44c3Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:18.459589005 CEST192.168.2.38.8.8.80x2fa4Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:18.554449081 CEST192.168.2.38.8.8.80x6c53Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:23.017002106 CEST192.168.2.38.8.8.80xbd2aStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:23.060204029 CEST192.168.2.38.8.8.80x81e8Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:24.685610056 CEST192.168.2.38.8.8.80xe4d8Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:24.718059063 CEST192.168.2.38.8.8.80x4846Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:29.056474924 CEST192.168.2.38.8.8.80x2d8bStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:29.192763090 CEST192.168.2.38.8.8.80x8b30Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:30.817903042 CEST192.168.2.38.8.8.80xd20eStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:30.897021055 CEST192.168.2.38.8.8.80xc0fdStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:35.420763969 CEST192.168.2.38.8.8.80x7844Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:35.529314995 CEST192.168.2.38.8.8.80xa7fdStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:37.188121080 CEST192.168.2.38.8.8.80x4622Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:37.309073925 CEST192.168.2.38.8.8.80x796fStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:41.945988894 CEST192.168.2.38.8.8.80xa1ebStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:41.988800049 CEST192.168.2.38.8.8.80x88c5Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:43.611129045 CEST192.168.2.38.8.8.80xd70fStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:43.646833897 CEST192.168.2.38.8.8.80xa1d9Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:46.819241047 CEST192.168.2.38.8.8.80x181bStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:46.870369911 CEST192.168.2.38.8.8.80x6d66Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:49.189351082 CEST192.168.2.38.8.8.80x270Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:49.235949993 CEST192.168.2.38.8.8.80x522Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:54.219289064 CEST192.168.2.38.8.8.80x5bf7Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:54.265743971 CEST192.168.2.38.8.8.80x6409Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:55.881211996 CEST192.168.2.38.8.8.80x4007Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:55.980108023 CEST192.168.2.38.8.8.80x76efStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:00.384989977 CEST192.168.2.38.8.8.80x6252Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:00.475630045 CEST192.168.2.38.8.8.80x7f67Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:02.355247974 CEST192.168.2.38.8.8.80xf8beStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:02.398333073 CEST192.168.2.38.8.8.80xa37eStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:08.053877115 CEST192.168.2.38.8.8.80x90bfStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:08.138573885 CEST192.168.2.38.8.8.80x5bd8Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:09.744910955 CEST192.168.2.38.8.8.80x6ed2Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:09.840356112 CEST192.168.2.38.8.8.80x5496Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:14.109736919 CEST192.168.2.38.8.8.80x1a54Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:14.163242102 CEST192.168.2.38.8.8.80xb252Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:15.796964884 CEST192.168.2.38.8.8.80x18deStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:15.902574062 CEST192.168.2.38.8.8.80xf0c8Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:18.536673069 CEST192.168.2.38.8.8.80x9735Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:18.624488115 CEST192.168.2.38.8.8.80xd552Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:20.214270115 CEST192.168.2.38.8.8.80x424Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:20.312262058 CEST192.168.2.38.8.8.80x141dStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:23.070590019 CEST192.168.2.38.8.8.80x2f66Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:23.116637945 CEST192.168.2.38.8.8.80x8a74Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:24.721445084 CEST192.168.2.38.8.8.80x6653Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:24.808417082 CEST192.168.2.38.8.8.80x448fStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:28.925772905 CEST192.168.2.38.8.8.80xa8b0Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:28.964011908 CEST192.168.2.38.8.8.80x10b2Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:30.612150908 CEST192.168.2.38.8.8.80x1496Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:30.652931929 CEST192.168.2.38.8.8.80x2d1aStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:33.250725031 CEST192.168.2.38.8.8.80x88d9Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:33.330559969 CEST192.168.2.38.8.8.80x442eStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:34.903143883 CEST192.168.2.38.8.8.80xf9a7Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:34.950479984 CEST192.168.2.38.8.8.80x4005Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:37.646593094 CEST192.168.2.38.8.8.80x95f8Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:37.700334072 CEST192.168.2.38.8.8.80x2a5fStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:39.613461971 CEST192.168.2.38.8.8.80x8fa3Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:39.658422947 CEST192.168.2.38.8.8.80x35ffStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:43.596174002 CEST192.168.2.38.8.8.80xe894Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:43.650342941 CEST192.168.2.38.8.8.80x4adaStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:45.482462883 CEST192.168.2.38.8.8.80x294dStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:45.551743984 CEST192.168.2.38.8.8.80x223cStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:48.462874889 CEST192.168.2.38.8.8.80x3bcbStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:48.533044100 CEST192.168.2.38.8.8.80x9f87Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:50.307912111 CEST192.168.2.38.8.8.80x11b6Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:50.358747005 CEST192.168.2.38.8.8.80x989fStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:54.096009970 CEST192.168.2.38.8.8.80x1637Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:54.147169113 CEST192.168.2.38.8.8.80x88dStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:55.992556095 CEST192.168.2.38.8.8.80x8e50Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:56.052067041 CEST192.168.2.38.8.8.80x43b3Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:59.556706905 CEST192.168.2.38.8.8.80xe208Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:59.595194101 CEST192.168.2.38.8.8.80x6adcStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:01.143593073 CEST192.168.2.38.8.8.80x1494Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:01.204919100 CEST192.168.2.38.8.8.80x83caStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:05.257616043 CEST192.168.2.38.8.8.80xa672Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:05.304929972 CEST192.168.2.38.8.8.80xce48Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:07.086226940 CEST192.168.2.38.8.8.80xe253Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:07.126219034 CEST192.168.2.38.8.8.80x541Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:13.373615980 CEST192.168.2.38.8.8.80x862eStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:13.439543962 CEST192.168.2.38.8.8.80x4297Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:15.288620949 CEST192.168.2.38.8.8.80x78abStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:15.327954054 CEST192.168.2.38.8.8.80xaaa5Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:19.677969933 CEST192.168.2.38.8.8.80x393dStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:19.722038031 CEST192.168.2.38.8.8.80x8761Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:21.329210997 CEST192.168.2.38.8.8.80x439bStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:21.363841057 CEST192.168.2.38.8.8.80x9dc0Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:24.191248894 CEST192.168.2.38.8.8.80xd25dStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:24.230210066 CEST192.168.2.38.8.8.80x3daStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:26.437469006 CEST192.168.2.38.8.8.80x3c46Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:26.474533081 CEST192.168.2.38.8.8.80x98e5Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:31.493525982 CEST192.168.2.38.8.8.80x7510Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:31.533984900 CEST192.168.2.38.8.8.80xf6Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:33.178018093 CEST192.168.2.38.8.8.80x1486Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:33.214296103 CEST192.168.2.38.8.8.80xc297Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:37.187067986 CEST192.168.2.38.8.8.80x7626Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:37.226885080 CEST192.168.2.38.8.8.80xa113Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:39.003607988 CEST192.168.2.38.8.8.80xf25dStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:39.043895006 CEST192.168.2.38.8.8.80xa1a9Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:42.078654051 CEST192.168.2.38.8.8.80x6a04Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:42.156810999 CEST192.168.2.38.8.8.80xb3caStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:44.001760960 CEST192.168.2.38.8.8.80xfc96Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:44.053275108 CEST192.168.2.38.8.8.80xb9aStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:48.623001099 CEST192.168.2.38.8.8.80x69faStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:48.688002110 CEST192.168.2.38.8.8.80x11d5Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:50.292376041 CEST192.168.2.38.8.8.80x38c0Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:50.324325085 CEST192.168.2.38.8.8.80x5a5fStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:53.415193081 CEST192.168.2.38.8.8.80x9bc1Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:53.467700958 CEST192.168.2.38.8.8.80x5607Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:55.081229925 CEST192.168.2.38.8.8.80x11Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:55.114909887 CEST192.168.2.38.8.8.80x99acStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:59.318881989 CEST192.168.2.38.8.8.80xce5eStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:59.362307072 CEST192.168.2.38.8.8.80x5552Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:00.973576069 CEST192.168.2.38.8.8.80x3261Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:01.025768042 CEST192.168.2.38.8.8.80xf1fStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:06.290157080 CEST192.168.2.38.8.8.80xfacbStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:06.341736078 CEST192.168.2.38.8.8.80x8b6dStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:07.947299004 CEST192.168.2.38.8.8.80x36deStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:07.979257107 CEST192.168.2.38.8.8.80xfb16Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:11.445768118 CEST192.168.2.38.8.8.80x13daStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:11.488622904 CEST192.168.2.38.8.8.80x30d3Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:13.030420065 CEST192.168.2.38.8.8.80xe02dStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:13.071042061 CEST192.168.2.38.8.8.80xc0b0Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:17.438395977 CEST192.168.2.38.8.8.80x9cf8Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:17.497136116 CEST192.168.2.38.8.8.80x5f82Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:19.212860107 CEST192.168.2.38.8.8.80x9e77Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:19.256315947 CEST192.168.2.38.8.8.80x8aeaStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:22.850569963 CEST192.168.2.38.8.8.80xdd54Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:22.907529116 CEST192.168.2.38.8.8.80x6f0eStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:24.594942093 CEST192.168.2.38.8.8.80x5Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:24.631819963 CEST192.168.2.38.8.8.80x6e9dStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:27.344866991 CEST192.168.2.38.8.8.80x6d8eStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:27.381747961 CEST192.168.2.38.8.8.80xe3dbStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:29.231806040 CEST192.168.2.38.8.8.80xb885Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:29.277112961 CEST192.168.2.38.8.8.80x5e6bStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:32.918514013 CEST192.168.2.38.8.8.80x36eeStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:32.964795113 CEST192.168.2.38.8.8.80x91aeStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:34.543216944 CEST192.168.2.38.8.8.80xf81fStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:34.595784903 CEST192.168.2.38.8.8.80x5ff2Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:38.784696102 CEST192.168.2.38.8.8.80x3f6fStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:38.845967054 CEST192.168.2.38.8.8.80x5f42Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:40.489392042 CEST192.168.2.38.8.8.80x79b3Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:40.538132906 CEST192.168.2.38.8.8.80x8e6eStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:46.565867901 CEST192.168.2.38.8.8.80xc4a4Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:46.607477903 CEST192.168.2.38.8.8.80xfabcStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:48.158648968 CEST192.168.2.38.8.8.80xec91Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:48.198754072 CEST192.168.2.38.8.8.80x838Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:52.416177988 CEST192.168.2.38.8.8.80xd50bStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:52.462438107 CEST192.168.2.38.8.8.80x740aStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:54.028203964 CEST192.168.2.38.8.8.80xb069Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:54.068487883 CEST192.168.2.38.8.8.80x2bd4Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:56.735129118 CEST192.168.2.38.8.8.80x291Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:56.787566900 CEST192.168.2.38.8.8.80xd5c7Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:58.397207022 CEST192.168.2.38.8.8.80x43a6Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:58.432275057 CEST192.168.2.38.8.8.80x7b12Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:02.413136959 CEST192.168.2.38.8.8.80xab13Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:02.457256079 CEST192.168.2.38.8.8.80x5db1Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:05.235943079 CEST192.168.2.38.8.8.80x5250Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:05.270788908 CEST192.168.2.38.8.8.80x790eStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:09.795066118 CEST192.168.2.38.8.8.80x5a91Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:09.855068922 CEST192.168.2.38.8.8.80x1ff6Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:11.409172058 CEST192.168.2.38.8.8.80x1c3fStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:11.458642006 CEST192.168.2.38.8.8.80xfae0Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:14.506166935 CEST192.168.2.38.8.8.80x45d2Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:14.547188997 CEST192.168.2.38.8.8.80x69abStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:16.227551937 CEST192.168.2.38.8.8.80x90dcStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:16.341790915 CEST192.168.2.38.8.8.80x399dStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:20.418946981 CEST192.168.2.38.8.8.80xde9cStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:20.490657091 CEST192.168.2.38.8.8.80xf32eStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:22.110155106 CEST192.168.2.38.8.8.80xbe6aStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:22.140851974 CEST192.168.2.38.8.8.80x42eeStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:26.349066019 CEST192.168.2.38.8.8.80x49a7Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:26.386087894 CEST192.168.2.38.8.8.80x87ebStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:27.977926970 CEST192.168.2.38.8.8.80xf20aStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:28.037537098 CEST192.168.2.38.8.8.80x1b9Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:32.442382097 CEST192.168.2.38.8.8.80x7c27Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:32.488639116 CEST192.168.2.38.8.8.80x21faStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:35.846986055 CEST192.168.2.38.8.8.80x36bfStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:35.955698013 CEST192.168.2.38.8.8.80xd788Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:39.246634960 CEST192.168.2.38.8.8.80x431aStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:39.281991959 CEST192.168.2.38.8.8.80xb574Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:40.907927036 CEST192.168.2.38.8.8.80x880Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:40.946526051 CEST192.168.2.38.8.8.80x12bcStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:45.066673040 CEST192.168.2.38.8.8.80xfb6Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:45.100013018 CEST192.168.2.38.8.8.80xc4f7Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:46.717093945 CEST192.168.2.38.8.8.80x93e5Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:46.757356882 CEST192.168.2.38.8.8.80xa0e4Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:49.539978027 CEST192.168.2.38.8.8.80x6b29Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:49.581866980 CEST192.168.2.38.8.8.80xc9dfStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:51.413666964 CEST192.168.2.38.8.8.80x515Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:51.445415974 CEST192.168.2.38.8.8.80xcf88Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:54.076545954 CEST192.168.2.38.8.8.80xd933Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:54.135405064 CEST192.168.2.38.8.8.80xd312Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:55.752223015 CEST192.168.2.38.8.8.80xacebStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:55.788212061 CEST192.168.2.38.8.8.80xef74Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:59.619259119 CEST192.168.2.38.8.8.80xd84aStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:59.655174971 CEST192.168.2.38.8.8.80x1176Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:01.296392918 CEST192.168.2.38.8.8.80x8d0dStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:01.352019072 CEST192.168.2.38.8.8.80x6dd4Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:06.689783096 CEST192.168.2.38.8.8.80xb2f2Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:06.752317905 CEST192.168.2.38.8.8.80xf3d0Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:08.603878021 CEST192.168.2.38.8.8.80x975cStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:08.648519993 CEST192.168.2.38.8.8.80x7f5cStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:12.000540972 CEST192.168.2.38.8.8.80xb55eStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:12.033730984 CEST192.168.2.38.8.8.80x2283Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:13.631350994 CEST192.168.2.38.8.8.80x41e5Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:13.686340094 CEST192.168.2.38.8.8.80x877cStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:16.266062975 CEST192.168.2.38.8.8.80xe4ecStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:16.302858114 CEST192.168.2.38.8.8.80x6b4fStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:17.903397083 CEST192.168.2.38.8.8.80xc94fStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:17.966917038 CEST192.168.2.38.8.8.80x4cb2Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:21.112507105 CEST192.168.2.38.8.8.80xcf7eStandard query (0)mail.rockglen.comA (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:21.167426109 CEST192.168.2.38.8.8.80x5f4Standard query (0)mail.rockglen.comA (IP address)IN (0x0001)

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                  Aug 2, 2021 09:45:10.675059080 CEST8.8.8.8192.168.2.30x80ecNo error (0)drive.google.com142.250.203.110A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:11.611283064 CEST8.8.8.8192.168.2.30x9fdeNo error (0)doc-04-6s-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:11.611283064 CEST8.8.8.8192.168.2.30x9fdeNo error (0)googlehosted.l.googleusercontent.com142.250.203.97A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:13.623677969 CEST8.8.8.8192.168.2.30xe456No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:13.623677969 CEST8.8.8.8192.168.2.30xe456No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:13.623677969 CEST8.8.8.8192.168.2.30xe456No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:13.623677969 CEST8.8.8.8192.168.2.30xe456No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:13.623677969 CEST8.8.8.8192.168.2.30xe456No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:13.623677969 CEST8.8.8.8192.168.2.30xe456No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:13.669503927 CEST8.8.8.8192.168.2.30xaa84No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:13.669503927 CEST8.8.8.8192.168.2.30xaa84No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:13.669503927 CEST8.8.8.8192.168.2.30xaa84No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:13.669503927 CEST8.8.8.8192.168.2.30xaa84No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:13.669503927 CEST8.8.8.8192.168.2.30xaa84No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:13.669503927 CEST8.8.8.8192.168.2.30xaa84No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:17.176549911 CEST8.8.8.8192.168.2.30x7c97No error (0)freegeoip.app104.21.19.200A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:17.176549911 CEST8.8.8.8192.168.2.30x7c97No error (0)freegeoip.app172.67.188.154A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:19.802139044 CEST8.8.8.8192.168.2.30x127eNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:19.802139044 CEST8.8.8.8192.168.2.30x127eNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:20.359965086 CEST8.8.8.8192.168.2.30xb09dNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:20.359965086 CEST8.8.8.8192.168.2.30xb09dNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:32.210872889 CEST8.8.8.8192.168.2.30x9623No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:32.210872889 CEST8.8.8.8192.168.2.30x9623No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:32.543447971 CEST8.8.8.8192.168.2.30x25efNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:32.543447971 CEST8.8.8.8192.168.2.30x25efNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:34.390393972 CEST8.8.8.8192.168.2.30x5cf3No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:34.390393972 CEST8.8.8.8192.168.2.30x5cf3No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:34.705049038 CEST8.8.8.8192.168.2.30x45f9No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:34.705049038 CEST8.8.8.8192.168.2.30x45f9No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:36.650825977 CEST8.8.8.8192.168.2.30xcb07No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:36.650825977 CEST8.8.8.8192.168.2.30xcb07No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:36.996237040 CEST8.8.8.8192.168.2.30xfef9No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:36.996237040 CEST8.8.8.8192.168.2.30xfef9No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:43.919423103 CEST8.8.8.8192.168.2.30x274cNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:43.919423103 CEST8.8.8.8192.168.2.30x274cNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:44.536176920 CEST8.8.8.8192.168.2.30x280fNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:44.536176920 CEST8.8.8.8192.168.2.30x280fNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:46.303602934 CEST8.8.8.8192.168.2.30x5ee7No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:46.303602934 CEST8.8.8.8192.168.2.30x5ee7No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:46.400320053 CEST8.8.8.8192.168.2.30x6851No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:46.400320053 CEST8.8.8.8192.168.2.30x6851No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:52.726667881 CEST8.8.8.8192.168.2.30x53e1No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:52.726667881 CEST8.8.8.8192.168.2.30x53e1No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:52.783135891 CEST8.8.8.8192.168.2.30xf402No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:52.783135891 CEST8.8.8.8192.168.2.30xf402No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:54.395288944 CEST8.8.8.8192.168.2.30xbc4dNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:54.395288944 CEST8.8.8.8192.168.2.30xbc4dNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:45:54.506649971 CEST8.8.8.8192.168.2.30xfedfNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:45:54.506649971 CEST8.8.8.8192.168.2.30xfedfNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:00.238648891 CEST8.8.8.8192.168.2.30xab50No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:00.238648891 CEST8.8.8.8192.168.2.30xab50No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:00.383205891 CEST8.8.8.8192.168.2.30x2400No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:00.383205891 CEST8.8.8.8192.168.2.30x2400No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:02.133900881 CEST8.8.8.8192.168.2.30xec00No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:02.133900881 CEST8.8.8.8192.168.2.30xec00No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:02.294014931 CEST8.8.8.8192.168.2.30x7528No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:02.294014931 CEST8.8.8.8192.168.2.30x7528No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:08.953720093 CEST8.8.8.8192.168.2.30xe257No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:08.953720093 CEST8.8.8.8192.168.2.30xe257No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:08.994194031 CEST8.8.8.8192.168.2.30x973eNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:08.994194031 CEST8.8.8.8192.168.2.30x973eNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:10.624488115 CEST8.8.8.8192.168.2.30xc3dbNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:10.624488115 CEST8.8.8.8192.168.2.30xc3dbNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:10.660054922 CEST8.8.8.8192.168.2.30x72b5No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:10.660054922 CEST8.8.8.8192.168.2.30x72b5No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:15.546286106 CEST8.8.8.8192.168.2.30xe345No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:15.546286106 CEST8.8.8.8192.168.2.30xe345No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:15.589193106 CEST8.8.8.8192.168.2.30x44c3No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:15.589193106 CEST8.8.8.8192.168.2.30x44c3No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:18.487131119 CEST8.8.8.8192.168.2.30x2fa4No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:18.487131119 CEST8.8.8.8192.168.2.30x2fa4No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:18.588205099 CEST8.8.8.8192.168.2.30x6c53No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:18.588205099 CEST8.8.8.8192.168.2.30x6c53No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:23.045922041 CEST8.8.8.8192.168.2.30xbd2aNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:23.045922041 CEST8.8.8.8192.168.2.30xbd2aNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:23.085026026 CEST8.8.8.8192.168.2.30x81e8No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:23.085026026 CEST8.8.8.8192.168.2.30x81e8No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:24.710597992 CEST8.8.8.8192.168.2.30xe4d8No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:24.710597992 CEST8.8.8.8192.168.2.30xe4d8No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:24.750432014 CEST8.8.8.8192.168.2.30x4846No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:24.750432014 CEST8.8.8.8192.168.2.30x4846No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:29.091962099 CEST8.8.8.8192.168.2.30x2d8bNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:29.091962099 CEST8.8.8.8192.168.2.30x2d8bNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:29.225049973 CEST8.8.8.8192.168.2.30x8b30No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:29.225049973 CEST8.8.8.8192.168.2.30x8b30No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:30.845866919 CEST8.8.8.8192.168.2.30xd20eNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:30.845866919 CEST8.8.8.8192.168.2.30xd20eNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:30.929594040 CEST8.8.8.8192.168.2.30xc0fdNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:30.929594040 CEST8.8.8.8192.168.2.30xc0fdNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:35.453747988 CEST8.8.8.8192.168.2.30x7844No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:35.453747988 CEST8.8.8.8192.168.2.30x7844No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:35.557121038 CEST8.8.8.8192.168.2.30xa7fdNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:35.557121038 CEST8.8.8.8192.168.2.30xa7fdNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:37.216846943 CEST8.8.8.8192.168.2.30x4622No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:37.216846943 CEST8.8.8.8192.168.2.30x4622No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:37.337997913 CEST8.8.8.8192.168.2.30x796fNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:37.337997913 CEST8.8.8.8192.168.2.30x796fNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:41.974180937 CEST8.8.8.8192.168.2.30xa1ebNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:41.974180937 CEST8.8.8.8192.168.2.30xa1ebNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:42.013942957 CEST8.8.8.8192.168.2.30x88c5No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:42.013942957 CEST8.8.8.8192.168.2.30x88c5No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:43.636275053 CEST8.8.8.8192.168.2.30xd70fNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:43.636275053 CEST8.8.8.8192.168.2.30xd70fNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:43.672496080 CEST8.8.8.8192.168.2.30xa1d9No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:43.672496080 CEST8.8.8.8192.168.2.30xa1d9No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:46.854779959 CEST8.8.8.8192.168.2.30x181bNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:46.854779959 CEST8.8.8.8192.168.2.30x181bNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:46.903321028 CEST8.8.8.8192.168.2.30x6d66No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:46.903321028 CEST8.8.8.8192.168.2.30x6d66No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:49.226006031 CEST8.8.8.8192.168.2.30x270No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:49.226006031 CEST8.8.8.8192.168.2.30x270No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:49.271109104 CEST8.8.8.8192.168.2.30x522No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:49.271109104 CEST8.8.8.8192.168.2.30x522No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:54.244044065 CEST8.8.8.8192.168.2.30x5bf7No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:54.244044065 CEST8.8.8.8192.168.2.30x5bf7No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:54.293328047 CEST8.8.8.8192.168.2.30x6409No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:54.293328047 CEST8.8.8.8192.168.2.30x6409No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:55.915323973 CEST8.8.8.8192.168.2.30x4007No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:55.915323973 CEST8.8.8.8192.168.2.30x4007No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:46:56.005091906 CEST8.8.8.8192.168.2.30x76efNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:46:56.005091906 CEST8.8.8.8192.168.2.30x76efNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:00.411555052 CEST8.8.8.8192.168.2.30x6252No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:00.411555052 CEST8.8.8.8192.168.2.30x6252No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:00.501795053 CEST8.8.8.8192.168.2.30x7f67No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:00.501795053 CEST8.8.8.8192.168.2.30x7f67No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:02.383023977 CEST8.8.8.8192.168.2.30xf8beNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:02.383023977 CEST8.8.8.8192.168.2.30xf8beNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:02.433551073 CEST8.8.8.8192.168.2.30xa37eNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:02.433551073 CEST8.8.8.8192.168.2.30xa37eNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:08.079009056 CEST8.8.8.8192.168.2.30x90bfNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:08.079009056 CEST8.8.8.8192.168.2.30x90bfNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:08.166241884 CEST8.8.8.8192.168.2.30x5bd8No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:08.166241884 CEST8.8.8.8192.168.2.30x5bd8No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:09.771312952 CEST8.8.8.8192.168.2.30x6ed2No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:09.771312952 CEST8.8.8.8192.168.2.30x6ed2No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:09.867958069 CEST8.8.8.8192.168.2.30x5496No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:09.867958069 CEST8.8.8.8192.168.2.30x5496No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:14.145710945 CEST8.8.8.8192.168.2.30x1a54No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:14.145710945 CEST8.8.8.8192.168.2.30x1a54No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:14.191154957 CEST8.8.8.8192.168.2.30xb252No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:14.191154957 CEST8.8.8.8192.168.2.30xb252No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:15.829444885 CEST8.8.8.8192.168.2.30x18deNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:15.829444885 CEST8.8.8.8192.168.2.30x18deNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:15.935539007 CEST8.8.8.8192.168.2.30xf0c8No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:15.935539007 CEST8.8.8.8192.168.2.30xf0c8No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:18.565794945 CEST8.8.8.8192.168.2.30x9735No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:18.565794945 CEST8.8.8.8192.168.2.30x9735No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:18.659775019 CEST8.8.8.8192.168.2.30xd552No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:18.659775019 CEST8.8.8.8192.168.2.30xd552No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:20.243352890 CEST8.8.8.8192.168.2.30x424No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:20.243352890 CEST8.8.8.8192.168.2.30x424No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:20.339773893 CEST8.8.8.8192.168.2.30x141dNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:20.339773893 CEST8.8.8.8192.168.2.30x141dNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:23.097969055 CEST8.8.8.8192.168.2.30x2f66No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:23.097969055 CEST8.8.8.8192.168.2.30x2f66No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:23.153294086 CEST8.8.8.8192.168.2.30x8a74No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:23.153294086 CEST8.8.8.8192.168.2.30x8a74No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:24.754427910 CEST8.8.8.8192.168.2.30x6653No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:24.754427910 CEST8.8.8.8192.168.2.30x6653No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:24.840810061 CEST8.8.8.8192.168.2.30x448fNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:24.840810061 CEST8.8.8.8192.168.2.30x448fNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:28.951178074 CEST8.8.8.8192.168.2.30xa8b0No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:28.951178074 CEST8.8.8.8192.168.2.30xa8b0No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:28.997778893 CEST8.8.8.8192.168.2.30x10b2No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:28.997778893 CEST8.8.8.8192.168.2.30x10b2No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:30.637267113 CEST8.8.8.8192.168.2.30x1496No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:30.637267113 CEST8.8.8.8192.168.2.30x1496No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:30.677478075 CEST8.8.8.8192.168.2.30x2d1aNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:30.677478075 CEST8.8.8.8192.168.2.30x2d1aNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:33.286360979 CEST8.8.8.8192.168.2.30x88d9No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:33.286360979 CEST8.8.8.8192.168.2.30x88d9No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:33.358063936 CEST8.8.8.8192.168.2.30x442eNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:33.358063936 CEST8.8.8.8192.168.2.30x442eNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:34.938680887 CEST8.8.8.8192.168.2.30xf9a7No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:34.938680887 CEST8.8.8.8192.168.2.30xf9a7No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:34.978513956 CEST8.8.8.8192.168.2.30x4005No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:34.978513956 CEST8.8.8.8192.168.2.30x4005No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:37.674222946 CEST8.8.8.8192.168.2.30x95f8No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:37.674222946 CEST8.8.8.8192.168.2.30x95f8No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:37.726599932 CEST8.8.8.8192.168.2.30x2a5fNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:37.726599932 CEST8.8.8.8192.168.2.30x2a5fNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:39.638144016 CEST8.8.8.8192.168.2.30x8fa3No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:39.638144016 CEST8.8.8.8192.168.2.30x8fa3No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:39.683432102 CEST8.8.8.8192.168.2.30x35ffNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:39.683432102 CEST8.8.8.8192.168.2.30x35ffNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:42.020966053 CEST8.8.8.8192.168.2.30xe8a9No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:43.632828951 CEST8.8.8.8192.168.2.30xe894No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:43.632828951 CEST8.8.8.8192.168.2.30xe894No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:43.684366941 CEST8.8.8.8192.168.2.30x4adaNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:43.684366941 CEST8.8.8.8192.168.2.30x4adaNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:45.507745028 CEST8.8.8.8192.168.2.30x294dNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:45.507745028 CEST8.8.8.8192.168.2.30x294dNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:45.576371908 CEST8.8.8.8192.168.2.30x223cNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:45.576371908 CEST8.8.8.8192.168.2.30x223cNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:48.489809990 CEST8.8.8.8192.168.2.30x3bcbNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:48.489809990 CEST8.8.8.8192.168.2.30x3bcbNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:48.561033964 CEST8.8.8.8192.168.2.30x9f87No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:48.561033964 CEST8.8.8.8192.168.2.30x9f87No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:50.337532043 CEST8.8.8.8192.168.2.30x11b6No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:50.337532043 CEST8.8.8.8192.168.2.30x11b6No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:50.388566017 CEST8.8.8.8192.168.2.30x989fNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:50.388566017 CEST8.8.8.8192.168.2.30x989fNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:54.122206926 CEST8.8.8.8192.168.2.30x1637No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:54.122206926 CEST8.8.8.8192.168.2.30x1637No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:54.171746016 CEST8.8.8.8192.168.2.30x88dNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:54.171746016 CEST8.8.8.8192.168.2.30x88dNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:56.028076887 CEST8.8.8.8192.168.2.30x8e50No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:56.028076887 CEST8.8.8.8192.168.2.30x8e50No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:56.080285072 CEST8.8.8.8192.168.2.30x43b3No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:56.080285072 CEST8.8.8.8192.168.2.30x43b3No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:59.582168102 CEST8.8.8.8192.168.2.30xe208No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:59.582168102 CEST8.8.8.8192.168.2.30xe208No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:47:59.626265049 CEST8.8.8.8192.168.2.30x6adcNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:47:59.626265049 CEST8.8.8.8192.168.2.30x6adcNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:01.173187971 CEST8.8.8.8192.168.2.30x1494No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:01.173187971 CEST8.8.8.8192.168.2.30x1494No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:01.232215881 CEST8.8.8.8192.168.2.30x83caNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:01.232215881 CEST8.8.8.8192.168.2.30x83caNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:05.285020113 CEST8.8.8.8192.168.2.30xa672No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:05.285020113 CEST8.8.8.8192.168.2.30xa672No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:05.332750082 CEST8.8.8.8192.168.2.30xce48No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:05.332750082 CEST8.8.8.8192.168.2.30xce48No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:07.112206936 CEST8.8.8.8192.168.2.30xe253No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:07.112206936 CEST8.8.8.8192.168.2.30xe253No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:07.286163092 CEST8.8.8.8192.168.2.30x541No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:07.286163092 CEST8.8.8.8192.168.2.30x541No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:13.398262978 CEST8.8.8.8192.168.2.30x862eNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:13.398262978 CEST8.8.8.8192.168.2.30x862eNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:13.465425014 CEST8.8.8.8192.168.2.30x4297No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:13.465425014 CEST8.8.8.8192.168.2.30x4297No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:15.315458059 CEST8.8.8.8192.168.2.30x78abNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:15.315458059 CEST8.8.8.8192.168.2.30x78abNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:15.353044033 CEST8.8.8.8192.168.2.30xaaa5No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:15.353044033 CEST8.8.8.8192.168.2.30xaaa5No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:19.704077959 CEST8.8.8.8192.168.2.30x393dNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:19.704077959 CEST8.8.8.8192.168.2.30x393dNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:19.757760048 CEST8.8.8.8192.168.2.30x8761No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:19.757760048 CEST8.8.8.8192.168.2.30x8761No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:21.354238033 CEST8.8.8.8192.168.2.30x439bNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:21.354238033 CEST8.8.8.8192.168.2.30x439bNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:21.391601086 CEST8.8.8.8192.168.2.30x9dc0No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:21.391601086 CEST8.8.8.8192.168.2.30x9dc0No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:24.221292973 CEST8.8.8.8192.168.2.30xd25dNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:24.221292973 CEST8.8.8.8192.168.2.30xd25dNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:24.256548882 CEST8.8.8.8192.168.2.30x3daNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:24.256548882 CEST8.8.8.8192.168.2.30x3daNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:26.463398933 CEST8.8.8.8192.168.2.30x3c46No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:26.463398933 CEST8.8.8.8192.168.2.30x3c46No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:26.499485016 CEST8.8.8.8192.168.2.30x98e5No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:26.499485016 CEST8.8.8.8192.168.2.30x98e5No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:31.519855022 CEST8.8.8.8192.168.2.30x7510No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:31.519855022 CEST8.8.8.8192.168.2.30x7510No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:31.567975998 CEST8.8.8.8192.168.2.30xf6No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:31.567975998 CEST8.8.8.8192.168.2.30xf6No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:33.206607103 CEST8.8.8.8192.168.2.30x1486No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:33.206607103 CEST8.8.8.8192.168.2.30x1486No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:33.239758015 CEST8.8.8.8192.168.2.30xc297No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:33.239758015 CEST8.8.8.8192.168.2.30xc297No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:37.215221882 CEST8.8.8.8192.168.2.30x7626No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:37.215221882 CEST8.8.8.8192.168.2.30x7626No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:37.259480000 CEST8.8.8.8192.168.2.30xa113No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:37.259480000 CEST8.8.8.8192.168.2.30xa113No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:39.031550884 CEST8.8.8.8192.168.2.30xf25dNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:39.031550884 CEST8.8.8.8192.168.2.30xf25dNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:39.071533918 CEST8.8.8.8192.168.2.30xa1a9No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:39.071533918 CEST8.8.8.8192.168.2.30xa1a9No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:42.112571955 CEST8.8.8.8192.168.2.30x6a04No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:42.112571955 CEST8.8.8.8192.168.2.30x6a04No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:42.190823078 CEST8.8.8.8192.168.2.30xb3caNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:42.190823078 CEST8.8.8.8192.168.2.30xb3caNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:44.030039072 CEST8.8.8.8192.168.2.30xfc96No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:44.030039072 CEST8.8.8.8192.168.2.30xfc96No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:44.087276936 CEST8.8.8.8192.168.2.30xb9aNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:44.087276936 CEST8.8.8.8192.168.2.30xb9aNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:48.650943041 CEST8.8.8.8192.168.2.30x69faNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:48.650943041 CEST8.8.8.8192.168.2.30x69faNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:48.715929031 CEST8.8.8.8192.168.2.30x11d5No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:48.715929031 CEST8.8.8.8192.168.2.30x11d5No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:50.317080021 CEST8.8.8.8192.168.2.30x38c0No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:50.317080021 CEST8.8.8.8192.168.2.30x38c0No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:50.351003885 CEST8.8.8.8192.168.2.30x5a5fNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:50.351003885 CEST8.8.8.8192.168.2.30x5a5fNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:53.440887928 CEST8.8.8.8192.168.2.30x9bc1No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:53.440887928 CEST8.8.8.8192.168.2.30x9bc1No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:53.496656895 CEST8.8.8.8192.168.2.30x5607No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:53.496656895 CEST8.8.8.8192.168.2.30x5607No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:55.105834961 CEST8.8.8.8192.168.2.30x11No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:55.105834961 CEST8.8.8.8192.168.2.30x11No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:55.140094995 CEST8.8.8.8192.168.2.30x99acNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:55.140094995 CEST8.8.8.8192.168.2.30x99acNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:59.346158981 CEST8.8.8.8192.168.2.30xce5eNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:59.346158981 CEST8.8.8.8192.168.2.30xce5eNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:48:59.388432026 CEST8.8.8.8192.168.2.30x5552No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:48:59.388432026 CEST8.8.8.8192.168.2.30x5552No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:01.000808954 CEST8.8.8.8192.168.2.30x3261No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:01.000808954 CEST8.8.8.8192.168.2.30x3261No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:01.054342985 CEST8.8.8.8192.168.2.30xf1fNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:01.054342985 CEST8.8.8.8192.168.2.30xf1fNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:06.318507910 CEST8.8.8.8192.168.2.30xfacbNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:06.318507910 CEST8.8.8.8192.168.2.30xfacbNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:06.369237900 CEST8.8.8.8192.168.2.30x8b6dNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:06.369237900 CEST8.8.8.8192.168.2.30x8b6dNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:07.973026037 CEST8.8.8.8192.168.2.30x36deNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:07.973026037 CEST8.8.8.8192.168.2.30x36deNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:08.006680965 CEST8.8.8.8192.168.2.30xfb16No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:08.006680965 CEST8.8.8.8192.168.2.30xfb16No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:11.475783110 CEST8.8.8.8192.168.2.30x13daNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:11.475783110 CEST8.8.8.8192.168.2.30x13daNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:11.517000914 CEST8.8.8.8192.168.2.30x30d3No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:11.517000914 CEST8.8.8.8192.168.2.30x30d3No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:13.058198929 CEST8.8.8.8192.168.2.30xe02dNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:13.058198929 CEST8.8.8.8192.168.2.30xe02dNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:13.101252079 CEST8.8.8.8192.168.2.30xc0b0No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:13.101252079 CEST8.8.8.8192.168.2.30xc0b0No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:17.463104010 CEST8.8.8.8192.168.2.30x9cf8No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:17.463104010 CEST8.8.8.8192.168.2.30x9cf8No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:17.523101091 CEST8.8.8.8192.168.2.30x5f82No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:17.523101091 CEST8.8.8.8192.168.2.30x5f82No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:19.245274067 CEST8.8.8.8192.168.2.30x9e77No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:19.245274067 CEST8.8.8.8192.168.2.30x9e77No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:19.284338951 CEST8.8.8.8192.168.2.30x8aeaNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:19.284338951 CEST8.8.8.8192.168.2.30x8aeaNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:22.875940084 CEST8.8.8.8192.168.2.30xdd54No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:22.875940084 CEST8.8.8.8192.168.2.30xdd54No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:22.934118032 CEST8.8.8.8192.168.2.30x6f0eNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:22.934118032 CEST8.8.8.8192.168.2.30x6f0eNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:24.621123075 CEST8.8.8.8192.168.2.30x5No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:24.621123075 CEST8.8.8.8192.168.2.30x5No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:24.661618948 CEST8.8.8.8192.168.2.30x6e9dNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:24.661618948 CEST8.8.8.8192.168.2.30x6e9dNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:27.374284029 CEST8.8.8.8192.168.2.30x6d8eNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:27.374284029 CEST8.8.8.8192.168.2.30x6d8eNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:27.407407045 CEST8.8.8.8192.168.2.30xe3dbNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:27.407407045 CEST8.8.8.8192.168.2.30xe3dbNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:29.258428097 CEST8.8.8.8192.168.2.30xb885No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:29.258428097 CEST8.8.8.8192.168.2.30xb885No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:29.303128004 CEST8.8.8.8192.168.2.30x5e6bNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:29.303128004 CEST8.8.8.8192.168.2.30x5e6bNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:32.947340965 CEST8.8.8.8192.168.2.30x36eeNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:32.947340965 CEST8.8.8.8192.168.2.30x36eeNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:32.992738008 CEST8.8.8.8192.168.2.30x91aeNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:32.992738008 CEST8.8.8.8192.168.2.30x91aeNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:34.568233013 CEST8.8.8.8192.168.2.30xf81fNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:34.568233013 CEST8.8.8.8192.168.2.30xf81fNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:34.623317957 CEST8.8.8.8192.168.2.30x5ff2No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:34.623317957 CEST8.8.8.8192.168.2.30x5ff2No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:38.809675932 CEST8.8.8.8192.168.2.30x3f6fNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:38.809675932 CEST8.8.8.8192.168.2.30x3f6fNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:38.874167919 CEST8.8.8.8192.168.2.30x5f42No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:38.874167919 CEST8.8.8.8192.168.2.30x5f42No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:40.514384031 CEST8.8.8.8192.168.2.30x79b3No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:40.514384031 CEST8.8.8.8192.168.2.30x79b3No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:40.563189030 CEST8.8.8.8192.168.2.30x8e6eNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:40.563189030 CEST8.8.8.8192.168.2.30x8e6eNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:46.590503931 CEST8.8.8.8192.168.2.30xc4a4No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:46.590503931 CEST8.8.8.8192.168.2.30xc4a4No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:46.632550001 CEST8.8.8.8192.168.2.30xfabcNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:46.632550001 CEST8.8.8.8192.168.2.30xfabcNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:48.184451103 CEST8.8.8.8192.168.2.30xec91No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:48.184451103 CEST8.8.8.8192.168.2.30xec91No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:48.223400116 CEST8.8.8.8192.168.2.30x838No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:48.223400116 CEST8.8.8.8192.168.2.30x838No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:52.448669910 CEST8.8.8.8192.168.2.30xd50bNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:52.448669910 CEST8.8.8.8192.168.2.30xd50bNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:52.487369061 CEST8.8.8.8192.168.2.30x740aNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:52.487369061 CEST8.8.8.8192.168.2.30x740aNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:54.057838917 CEST8.8.8.8192.168.2.30xb069No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:54.057838917 CEST8.8.8.8192.168.2.30xb069No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:54.094023943 CEST8.8.8.8192.168.2.30x2bd4No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:54.094023943 CEST8.8.8.8192.168.2.30x2bd4No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:56.759948015 CEST8.8.8.8192.168.2.30x291No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:56.759948015 CEST8.8.8.8192.168.2.30x291No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:56.817641020 CEST8.8.8.8192.168.2.30xd5c7No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:56.817641020 CEST8.8.8.8192.168.2.30xd5c7No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:58.422708988 CEST8.8.8.8192.168.2.30x43a6No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:58.422708988 CEST8.8.8.8192.168.2.30x43a6No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:49:58.463932991 CEST8.8.8.8192.168.2.30x7b12No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:49:58.463932991 CEST8.8.8.8192.168.2.30x7b12No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:02.439412117 CEST8.8.8.8192.168.2.30xab13No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:02.439412117 CEST8.8.8.8192.168.2.30xab13No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:02.482144117 CEST8.8.8.8192.168.2.30x5db1No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:02.482144117 CEST8.8.8.8192.168.2.30x5db1No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:05.263669968 CEST8.8.8.8192.168.2.30x5250No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:05.263669968 CEST8.8.8.8192.168.2.30x5250No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:05.298639059 CEST8.8.8.8192.168.2.30x790eNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:05.298639059 CEST8.8.8.8192.168.2.30x790eNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:09.821121931 CEST8.8.8.8192.168.2.30x5a91No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:09.821121931 CEST8.8.8.8192.168.2.30x5a91No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:09.881120920 CEST8.8.8.8192.168.2.30x1ff6No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:09.881120920 CEST8.8.8.8192.168.2.30x1ff6No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:11.435391903 CEST8.8.8.8192.168.2.30x1c3fNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:11.435391903 CEST8.8.8.8192.168.2.30x1c3fNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:11.484046936 CEST8.8.8.8192.168.2.30xfae0No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:11.484046936 CEST8.8.8.8192.168.2.30xfae0No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:14.530935049 CEST8.8.8.8192.168.2.30x45d2No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:14.530935049 CEST8.8.8.8192.168.2.30x45d2No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:14.571953058 CEST8.8.8.8192.168.2.30x69abNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:14.571953058 CEST8.8.8.8192.168.2.30x69abNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:16.260355949 CEST8.8.8.8192.168.2.30x90dcNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:16.260355949 CEST8.8.8.8192.168.2.30x90dcNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:16.369369030 CEST8.8.8.8192.168.2.30x399dNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:16.369369030 CEST8.8.8.8192.168.2.30x399dNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:20.446760893 CEST8.8.8.8192.168.2.30xde9cNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:20.446760893 CEST8.8.8.8192.168.2.30xde9cNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:20.515379906 CEST8.8.8.8192.168.2.30xf32eNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:20.515379906 CEST8.8.8.8192.168.2.30xf32eNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:22.135353088 CEST8.8.8.8192.168.2.30xbe6aNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:22.135353088 CEST8.8.8.8192.168.2.30xbe6aNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:22.165380955 CEST8.8.8.8192.168.2.30x42eeNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:22.165380955 CEST8.8.8.8192.168.2.30x42eeNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:26.376738071 CEST8.8.8.8192.168.2.30x49a7No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:26.376738071 CEST8.8.8.8192.168.2.30x49a7No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:26.411938906 CEST8.8.8.8192.168.2.30x87ebNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:26.411938906 CEST8.8.8.8192.168.2.30x87ebNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:28.003098965 CEST8.8.8.8192.168.2.30xf20aNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:28.003098965 CEST8.8.8.8192.168.2.30xf20aNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:28.065094948 CEST8.8.8.8192.168.2.30x1b9No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:28.065094948 CEST8.8.8.8192.168.2.30x1b9No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:32.468842030 CEST8.8.8.8192.168.2.30x7c27No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:32.468842030 CEST8.8.8.8192.168.2.30x7c27No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:32.517771006 CEST8.8.8.8192.168.2.30x21faNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:32.517771006 CEST8.8.8.8192.168.2.30x21faNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:35.883368015 CEST8.8.8.8192.168.2.30x36bfNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:35.883368015 CEST8.8.8.8192.168.2.30x36bfNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:35.981316090 CEST8.8.8.8192.168.2.30xd788No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:35.981316090 CEST8.8.8.8192.168.2.30xd788No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:39.271228075 CEST8.8.8.8192.168.2.30x431aNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:39.271228075 CEST8.8.8.8192.168.2.30x431aNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:39.310633898 CEST8.8.8.8192.168.2.30xb574No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:39.310633898 CEST8.8.8.8192.168.2.30xb574No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:40.932914972 CEST8.8.8.8192.168.2.30x880No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:40.932914972 CEST8.8.8.8192.168.2.30x880No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:40.978878975 CEST8.8.8.8192.168.2.30x12bcNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:40.978878975 CEST8.8.8.8192.168.2.30x12bcNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:45.091705084 CEST8.8.8.8192.168.2.30xfb6No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:45.091705084 CEST8.8.8.8192.168.2.30xfb6No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:45.124627113 CEST8.8.8.8192.168.2.30xc4f7No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:45.124627113 CEST8.8.8.8192.168.2.30xc4f7No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:46.741981983 CEST8.8.8.8192.168.2.30x93e5No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:46.741981983 CEST8.8.8.8192.168.2.30x93e5No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:46.786699057 CEST8.8.8.8192.168.2.30xa0e4No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:46.786699057 CEST8.8.8.8192.168.2.30xa0e4No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:49.564523935 CEST8.8.8.8192.168.2.30x6b29No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:49.564523935 CEST8.8.8.8192.168.2.30x6b29No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:49.606739044 CEST8.8.8.8192.168.2.30xc9dfNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:49.606739044 CEST8.8.8.8192.168.2.30xc9dfNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:51.438769102 CEST8.8.8.8192.168.2.30x515No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:51.438769102 CEST8.8.8.8192.168.2.30x515No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:51.471240997 CEST8.8.8.8192.168.2.30xcf88No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:51.471240997 CEST8.8.8.8192.168.2.30xcf88No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:54.104126930 CEST8.8.8.8192.168.2.30xd933No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:54.104126930 CEST8.8.8.8192.168.2.30xd933No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:54.161185980 CEST8.8.8.8192.168.2.30xd312No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:54.161185980 CEST8.8.8.8192.168.2.30xd312No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:55.777972937 CEST8.8.8.8192.168.2.30xacebNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:55.777972937 CEST8.8.8.8192.168.2.30xacebNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:55.815747976 CEST8.8.8.8192.168.2.30xef74No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:55.815747976 CEST8.8.8.8192.168.2.30xef74No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:59.648690939 CEST8.8.8.8192.168.2.30xd84aNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:59.648690939 CEST8.8.8.8192.168.2.30xd84aNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:50:59.682889938 CEST8.8.8.8192.168.2.30x1176No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:50:59.682889938 CEST8.8.8.8192.168.2.30x1176No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:01.321376085 CEST8.8.8.8192.168.2.30x8d0dNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:01.321376085 CEST8.8.8.8192.168.2.30x8d0dNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:01.379951000 CEST8.8.8.8192.168.2.30x6dd4No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:01.379951000 CEST8.8.8.8192.168.2.30x6dd4No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:06.716548920 CEST8.8.8.8192.168.2.30xb2f2No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:06.716548920 CEST8.8.8.8192.168.2.30xb2f2No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:06.778675079 CEST8.8.8.8192.168.2.30xf3d0No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:06.778675079 CEST8.8.8.8192.168.2.30xf3d0No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:08.631591082 CEST8.8.8.8192.168.2.30x975cNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:08.631591082 CEST8.8.8.8192.168.2.30x975cNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:08.674249887 CEST8.8.8.8192.168.2.30x7f5cNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:08.674249887 CEST8.8.8.8192.168.2.30x7f5cNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:12.025502920 CEST8.8.8.8192.168.2.30xb55eNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:12.025502920 CEST8.8.8.8192.168.2.30xb55eNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:12.067959070 CEST8.8.8.8192.168.2.30x2283No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:12.067959070 CEST8.8.8.8192.168.2.30x2283No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:13.658449888 CEST8.8.8.8192.168.2.30x41e5No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:13.658449888 CEST8.8.8.8192.168.2.30x41e5No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:13.711007118 CEST8.8.8.8192.168.2.30x877cNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:13.711007118 CEST8.8.8.8192.168.2.30x877cNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:16.293859005 CEST8.8.8.8192.168.2.30xe4ecNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:16.293859005 CEST8.8.8.8192.168.2.30xe4ecNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:16.339611053 CEST8.8.8.8192.168.2.30x6b4fNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:16.339611053 CEST8.8.8.8192.168.2.30x6b4fNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:17.940845013 CEST8.8.8.8192.168.2.30xc94fNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:17.940845013 CEST8.8.8.8192.168.2.30xc94fNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:17.994832039 CEST8.8.8.8192.168.2.30x4cb2No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:17.994832039 CEST8.8.8.8192.168.2.30x4cb2No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:21.137686968 CEST8.8.8.8192.168.2.30xcf7eNo error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:21.137686968 CEST8.8.8.8192.168.2.30xcf7eNo error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)
                  Aug 2, 2021 09:51:21.192719936 CEST8.8.8.8192.168.2.30x5f4No error (0)mail.rockglen.comrockglen.comCNAME (Canonical name)IN (0x0001)
                  Aug 2, 2021 09:51:21.192719936 CEST8.8.8.8192.168.2.30x5f4No error (0)rockglen.com50.116.95.162A (IP address)IN (0x0001)

                  HTTP Request Dependency Graph

                  • checkip.dyndns.org

                  Code Manipulations

                  Statistics

                  Behavior

                  Click to jump to process

                  System Behavior

                  Analysis Process: PO#578946.exe PID: 3296 Parent PID: 5672

                  General

                  Start time:09:42:55
                  Start date:02/08/2021
                  Path:C:\Users\user\Desktop\PO#578946.exe
                  Wow64 process (32bit):true
                  Commandline:'C:\Users\user\Desktop\PO#578946.exe'
                  Imagebase:0x400000
                  File size:98304 bytes
                  MD5 hash:691BDE1D30C382256FF1072B8F305841
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Visual Basic
                  Reputation:low

                  Analysis Process: RegAsm.exe PID: 5296 Parent PID: 3296

                  General

                  Start time:09:44:00
                  Start date:02/08/2021
                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                  Wow64 process (32bit):false
                  Commandline:'C:\Users\user\Desktop\PO#578946.exe'
                  Imagebase:0x510000
                  File size:64616 bytes
                  MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high

                  Analysis Process: RegAsm.exe PID: 1752 Parent PID: 3296

                  General

                  Start time:09:44:01
                  Start date:02/08/2021
                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                  Wow64 process (32bit):false
                  Commandline:'C:\Users\user\Desktop\PO#578946.exe'
                  Imagebase:0x1c0000
                  File size:64616 bytes
                  MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high

                  Analysis Process: RegAsm.exe PID: 3948 Parent PID: 3296

                  General

                  Start time:09:44:01
                  Start date:02/08/2021
                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                  Wow64 process (32bit):true
                  Commandline:'C:\Users\user\Desktop\PO#578946.exe'
                  Imagebase:0xce0000
                  File size:64616 bytes
                  MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:.Net C# or VB.NET
                  Reputation:high

                  Analysis Process: conhost.exe PID: 3016 Parent PID: 3948

                  General

                  Start time:09:44:01
                  Start date:02/08/2021
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6b2800000
                  File size:625664 bytes
                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high

                  Analysis Process: reg.exe PID: 1256 Parent PID: 3948

                  General

                  Start time:09:45:17
                  Start date:02/08/2021
                  Path:C:\Windows\SysWOW64\reg.exe
                  Wow64 process (32bit):true
                  Commandline:REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f
                  Imagebase:0x7ff7488e0000
                  File size:59392 bytes
                  MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high

                  Disassembly

                  Code Analysis

                  Reset < >