Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Vessel's inquiry - 22054.exe

Overview

General Information

Sample name:Vessel's inquiry - 22054.exe
Analysis ID:1665504
MD5:ab5d08099c7c1f032e51da7d0cbc8947
SHA1:887a017cff1f998a61f4d5da82fa0df5628a9022
SHA256:abc6035072d6ee26a1e89b0465e8fdd6c3d494b374422977e719feaaba5b0705
Tags:exeFormbookuser-threatcat_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Vessel's inquiry - 22054.exe (PID: 5660 cmdline: "C:\Users\user\Desktop\Vessel's inquiry - 22054.exe" MD5: AB5D08099C7C1F032E51DA7D0CBC8947)
    • Vessel's inquiry - 22054.exe (PID: 6744 cmdline: "C:\Users\user\Desktop\Vessel's inquiry - 22054.exe" MD5: AB5D08099C7C1F032E51DA7D0CBC8947)
      • 9gqi61vFxD2dyomn.exe (PID: 5116 cmdline: "C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\EHfRmJwee.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
        • Utilman.exe (PID: 7600 cmdline: "C:\Windows\SysWOW64\Utilman.exe" MD5: 4F59EE095E37A83CDCB74091C807AFA9)
          • 9gqi61vFxD2dyomn.exe (PID: 5476 cmdline: "C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\A3bvfIlMs.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
          • firefox.exe (PID: 7776 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.3660363847.0000000005360000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.1469348449.00000000012D0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000B.00000002.3658197272.0000000004A40000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0000000B.00000002.3658115106.00000000049F0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000B.00000002.3655658054.0000000002C50000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.Vessel's inquiry - 22054.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.Vessel's inquiry - 22054.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: http://www.031234912.xyz/rxqp/Avira URL Cloud: Label: malware
                Source: http://www.mslgdkor.xyz/9y3c/Avira URL Cloud: Label: malware
                Source: http://www.mslgdkor.xyz/9y3c/?DpGLQbiX=Uxo1tjvQSOjHJBx/WL1Z4aTyqnUIfCKEew3PLayvGrhDG1kktUG/q5smNt5QZYm19xNTf7YleFFlbZBl4hDMzxotodt35qa9wClulzv4bs3vcfzQM082dco=&CF6=mh9lph0H2BrdBp0Avira URL Cloud: Label: malware
                Source: http://www.031234912.xyz/rxqp/?CF6=mh9lph0H2BrdBp0&DpGLQbiX=yNPDi0FdWVqm/NJHoQwWe9CJio47JBRaDAkSlWMNRo5hReSnGh8CdZXLFNAJOOuO+XCRLDSE17WkbvE519aJbIDpc4Zt02V4dKj2L1UwfjXgdG6iB2so0mQ=Avira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: Vessel's inquiry - 22054.exeReversingLabs: Detection: 27%
                Source: Vessel's inquiry - 22054.exeVirustotal: Detection: 31%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Vessel's inquiry - 22054.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Vessel's inquiry - 22054.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.3660363847.0000000005360000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1469348449.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3658197272.0000000004A40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3658115106.00000000049F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3655658054.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1468691450.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1470766734.0000000002AF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3658118937.0000000003B60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Joe Sandbox ML detected suspicious sample
                Source: Submited SampleNeural Call Log Analysis: 91.6%
                Source: Vessel's inquiry - 22054.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Vessel's inquiry - 22054.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: Utilman.pdb source: Vessel's inquiry - 22054.exe, 00000002.00000002.1468977276.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, 9gqi61vFxD2dyomn.exe, 0000000A.00000003.1745329546.0000000000AC5000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: Vessel's inquiry - 22054.exe, 00000002.00000002.1469525017.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000003.1471435741.0000000004992000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000003.1468990854.00000000047E6000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000002.3658321653.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000002.3658321653.0000000004B40000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: kmRZ.pdbSHA256CPi~ source: Vessel's inquiry - 22054.exe
                Source: Binary string: wntdll.pdb source: Vessel's inquiry - 22054.exe, Vessel's inquiry - 22054.exe, 00000002.00000002.1469525017.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, Utilman.exe, 0000000B.00000003.1471435741.0000000004992000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000003.1468990854.00000000047E6000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000002.3658321653.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000002.3658321653.0000000004B40000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: Utilman.pdbGCTL source: Vessel's inquiry - 22054.exe, 00000002.00000002.1468977276.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, 9gqi61vFxD2dyomn.exe, 0000000A.00000003.1745329546.0000000000AC5000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: kmRZ.pdb source: Vessel's inquiry - 22054.exe
                Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: 9gqi61vFxD2dyomn.exe, 0000000A.00000002.3656118447.000000000068F000.00000002.00000001.01000000.0000000C.sdmp, 9gqi61vFxD2dyomn.exe, 0000000C.00000000.1542329637.000000000068F000.00000002.00000001.01000000.0000000C.sdmp
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C6C2B0 FindFirstFileW,FindNextFileW,FindClose,11_2_02C6C2B0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 4x nop then xor eax, eax11_2_02C59E60
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 4x nop then mov ebx, 00000004h11_2_04E9050E

                Networking

                barindex
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.xxxvideosbox.xyz
                Source: DNS query: www.globedesign.xyz
                Source: DNS query: www.031234912.xyz
                Source: DNS query: www.mslgdkor.xyz
                Source: DNS query: www.bjogo.xyz
                Source: DNS query: www.vrpin.xyz
                Source: DNS query: www.teksto.xyz
                Source: Joe Sandbox ViewIP Address: 144.76.229.203 144.76.229.203
                Source: Joe Sandbox ViewIP Address: 172.67.183.195 172.67.183.195
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /r1zl/?DpGLQbiX=RMtocHhLv4PviDOIzD6yKdwQdedkbqGuCdUbVP3porp0rsRMSXBGxxdZR279wH8k7MV0UwICfeYC4O3VpK1XVPrPjdWbkMsoQcQuvLibN/AidLM/+9JUY2Q=&CF6=mh9lph0H2BrdBp0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.xxxvideosbox.xyzUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.1.2576 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /l81p/?DpGLQbiX=C3JkAtcW2mlHNs/rF3B2xb/ps5MIx31AXk1d8774ItIR+3LQ/2C5+kruSp+BCP/Yeile9qllhu9r/DRrJhAriAtUFviAaYrQrQ4YtbXpMznADA4vN8KlBds=&CF6=mh9lph0H2BrdBp0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.globedesign.xyzUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.1.2576 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /rxqp/?CF6=mh9lph0H2BrdBp0&DpGLQbiX=yNPDi0FdWVqm/NJHoQwWe9CJio47JBRaDAkSlWMNRo5hReSnGh8CdZXLFNAJOOuO+XCRLDSE17WkbvE519aJbIDpc4Zt02V4dKj2L1UwfjXgdG6iB2so0mQ= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.031234912.xyzUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.1.2576 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /9y3c/?DpGLQbiX=Uxo1tjvQSOjHJBx/WL1Z4aTyqnUIfCKEew3PLayvGrhDG1kktUG/q5smNt5QZYm19xNTf7YleFFlbZBl4hDMzxotodt35qa9wClulzv4bs3vcfzQM082dco=&CF6=mh9lph0H2BrdBp0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.mslgdkor.xyzUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.1.2576 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /fr2z/?CF6=mh9lph0H2BrdBp0&DpGLQbiX=b7jrB6wL5i9ET2tr+2VKnIGpMifPfxMKpM6EaP6DOHoTXwTSM6BKj7xdLyCXdIl9KJV+S8D0nqYPi4NNKef3/3JhOeOx26kNnwzkHFmue+Y+emVHJmiFyjk= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.reampul.liveUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.1.2576 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /aob6/?DpGLQbiX=XhIC4rw+QypbzuMVivQNGvvbt21XFOITR846vIosIB7Puaxny8N7Vqc5r96i8ZZbKK7HlnBg0X//wL8UJwmx2iB5WpadJZJ+12OlBS2kZX/LxwBlaoZ7JKo=&CF6=mh9lph0H2BrdBp0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.ax777.topUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.1.2576 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /68yf/?DpGLQbiX=3FdVNtuqhX/OwQ0CsUdSe+pIVTMT8TbyudsUPAIxvbc74rs8+oKFjm0JHDHCybUUYrL0pYrXwy0Xcu3Z7znVP5o4vtGhf9ErW+kRSUddUWDZ7eS70buf048=&CF6=mh9lph0H2BrdBp0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.werdienmachine.netUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.1.2576 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /lbak/?DpGLQbiX=RiladI41rhE6y2eLHZ8PC8MX2Ywduh9KijWZkCuW0O23919AnrZ1a/kf6h3+yuZgiwfSvtsq848N9KQYabsmuw/VXs8lZBaVTXW2buIYIuciUsIy4zE0yo8=&CF6=mh9lph0H2BrdBp0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.bjogo.xyzUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.1.2576 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /128e/?DpGLQbiX=s9McBJLMjVEkDg5ofsJgzIncb0tOp4vhhsS0K++y3mc9Clik8aHmC8Xx5lnrAKhG2I2Dce0nREOtuOgdst9KiVaHtpD64erfg0NqQC2fyE+aJ4gWzuFGQt4=&CF6=mh9lph0H2BrdBp0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.kpa-aution.onlineUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.1.2576 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /cifg/?DpGLQbiX=qm8XEd3ZjOm+BH2sAmNcXkAKLFxe70eGrXFy4Pa4QdhoscEF9kSXvMz8sD/pAOaMKWrVSNXRHDa31zUiavOGkZAK7pMpc4Er4zEZ9zAxY/s27eN7YaeqOlE=&CF6=mh9lph0H2BrdBp0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.vrpin.xyzUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.1.2576 Mobile Safari/537.35+
                Source: global trafficDNS traffic detected: DNS query: www.xxxvideosbox.xyz
                Source: global trafficDNS traffic detected: DNS query: www.globedesign.xyz
                Source: global trafficDNS traffic detected: DNS query: www.031234912.xyz
                Source: global trafficDNS traffic detected: DNS query: www.mslgdkor.xyz
                Source: global trafficDNS traffic detected: DNS query: www.reampul.live
                Source: global trafficDNS traffic detected: DNS query: www.ax777.top
                Source: global trafficDNS traffic detected: DNS query: www.funnyjunk.pics
                Source: global trafficDNS traffic detected: DNS query: www.mrguider.pics
                Source: global trafficDNS traffic detected: DNS query: www.werdienmachine.net
                Source: global trafficDNS traffic detected: DNS query: www.bjogo.xyz
                Source: global trafficDNS traffic detected: DNS query: www.kpa-aution.online
                Source: global trafficDNS traffic detected: DNS query: www.vrpin.xyz
                Source: global trafficDNS traffic detected: DNS query: www.teksto.xyz
                Source: unknownHTTP traffic detected: POST /l81p/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cache-Control: max-age=0Content-Length: 205Content-Type: application/x-www-form-urlencodedConnection: closeHost: www.globedesign.xyzOrigin: http://www.globedesign.xyzReferer: http://www.globedesign.xyz/l81p/User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.1.2576 Mobile Safari/537.35+Data Raw: 44 70 47 4c 51 62 69 58 3d 50 31 68 45 44 62 74 4c 78 44 45 34 45 34 2f 41 51 44 38 68 77 37 7a 47 31 59 59 77 31 45 6c 56 41 6a 6f 47 2f 73 4b 65 42 74 4a 43 30 7a 58 4a 2b 56 44 55 39 77 6d 52 66 4a 2b 54 42 4f 76 68 59 42 6f 72 71 2b 4a 7a 30 38 52 58 6f 54 39 6d 50 42 73 69 72 6a 46 4b 53 66 6d 2b 55 36 66 57 6b 6c 6b 73 74 2b 6a 73 47 69 71 61 4c 6d 41 75 4e 72 69 76 4a 75 48 68 31 61 69 39 4a 48 37 68 51 70 45 63 4e 4a 7a 64 53 45 6a 2f 39 58 39 6e 57 31 56 47 56 50 6d 61 6f 68 68 72 47 56 55 6f 33 48 78 66 30 7a 6f 44 6a 2f 6a 55 39 6d 36 32 5a 49 71 6c 54 6a 69 37 56 4c 31 5a 38 6b 50 67 62 41 3d 3d Data Ascii: DpGLQbiX=P1hEDbtLxDE4E4/AQD8hw7zG1YYw1ElVAjoG/sKeBtJC0zXJ+VDU9wmRfJ+TBOvhYBorq+Jz08RXoT9mPBsirjFKSfm+U6fWklkst+jsGiqaLmAuNrivJuHh1ai9JH7hQpEcNJzdSEj/9X9nW1VGVPmaohhrGVUo3Hxf0zoDj/jU9m62ZIqlTji7VL1Z8kPgbA==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 15 Apr 2025 13:55:07 GMTContent-Type: text/html; charset=UTF-8Content-Length: 31Connection: closeVary: Accept-EncodingSet-Cookie: from=noref; expires=Wed, 16-Apr-2025 13:55:07 GMT; Max-Age=86400; path=/Set-Cookie: lfrom=noref; expires=Wed, 16-Apr-2025 13:55:07 GMT; Max-Age=86400; path=/Set-Cookie: idcheck=1744725307; expires=Wed, 16-Apr-2025 13:55:07 GMT; Max-Age=86400; path=/Set-Cookie: lp=%2Fr1zl%2F%3FDpGLQbiX%3DRMtocHhLv4PviDOIzD6yKdwQdedkbqGuCdUbVP3porp0rsRMSXBGxxdZR279wH8k7MV0UwICfeYC4O3VpK1XVPrPjdWbkMsoQcQuvLibN%2FAidLM%2F%2B9JUY2Q%3D%26CF6%3Dmh9lph0H2BrdBp0; expires=Wed, 16-Apr-2025 13:55:07 GMT; Max-Age=86400; path=/Set-Cookie: last_url=content; expires=Wed, 16-Apr-2025 13:55:07 GMT; Max-Age=86400; path=/Set-Cookie: to=%7Curl; expires=Wed, 16-Apr-2025 13:55:07 GMT; Max-Age=86400; path=/Data Raw: 20 20 20 20 20 20 20 20 43 6f 6e 74 65 6e 74 20 6e 6f 74 20 66 6f 75 6e 64 20 70 61 67 65 20 Data Ascii: Content not found page
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:55:38 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:55:41 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:55:44 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:55:47 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:56:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:56:47 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:56:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:56:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:57:45 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZAVi49FVyw8jYixrkhSi9m7IiS8EfZd10EgBH3SbMz27JhIQzsosIy48e7buDAHqCpVKjJapE0mKVqEKAXPGT6xzTKJAuCeaAmWWg2jOrnOsItJp0F77zezuZZ%2FDKCUP"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 930bf42cdc474c12-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=126117&min_rtt=126117&rtt_var=63058&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=695&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:57:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DIEcQXwxYxDZ1TGyZau4Je73lJzHX9%2Fzd9PYg%2FMQaLiY6Af1CFz6OvNidFj7J3CMfqs2nDBbau4VlUBhagBzj%2FqThDv%2BvSEms66HUJmPpWS10jy4UvTDBsHKaMTpk36r"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 930bf43d7e6aadf4-JAXContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=115031&min_rtt=115031&rtt_var=57515&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=715&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:57:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pg6NsTLOcvERqpR9hD9jXq4ShvZ5u1r7A3YWWI2%2B3nYmmpfLSjhEr8AsBQ4e4fby0oTaPNdW1OSO9rl1XK591SARUzUMzO1l6pBZhFn%2Flk2Y6e0ZzV%2Fg67P2EZc2S4%2BU"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 930bf44e1cb07221-JAXContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=113184&min_rtt=113184&rtt_var=56592&sent=2&recv=8&lost=0&retrans=0&sent_bytes=0&recv_bytes=6972&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:57:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IoenEzG9jN%2Fgv6YWhyvfBj4%2BVJuAha7N49NMZLS8HUylWxpRDKQlmbEc%2FJqBJACFzCSef9reqzo3%2BP5Z7CCL3t4EFJXOB0dpGzEw813Sc6brPWJ9gg6dnI%2FoxQd4vssF"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 930bf45ea95668cc-JAXalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=113822&min_rtt=113822&rtt_var=56911&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=440&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:57:58 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:58:01 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:58:04 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 13:58:06 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: 9gqi61vFxD2dyomn.exe, 0000000C.00000002.3660363847.00000000053EC000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.teksto.xyz
                Source: 9gqi61vFxD2dyomn.exe, 0000000C.00000002.3660363847.00000000053EC000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.teksto.xyz/h2jy/
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1219645155.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: Utilman.exe, 0000000B.00000002.3661252861.0000000007F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
                Source: Utilman.exe, 0000000B.00000002.3661252861.0000000007F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: Utilman.exe, 0000000B.00000002.3661252861.0000000007F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: Utilman.exe, 0000000B.00000002.3661252861.0000000007F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: Utilman.exe, 0000000B.00000002.3661252861.0000000007F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                Source: Utilman.exe, 0000000B.00000002.3661252861.0000000007F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Utilman.exe, 0000000B.00000002.3661252861.0000000007F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
                Source: Utilman.exe, 0000000B.00000002.3661252861.0000000007F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                Source: Utilman.exe, 0000000B.00000002.3655805637.0000000002CDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oa
                Source: Utilman.exe, 0000000B.00000002.3655805637.0000000002CDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: Utilman.exe, 0000000B.00000002.3655805637.0000000002CDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: Utilman.exe, 0000000B.00000002.3655805637.0000000002D0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf
                Source: Utilman.exe, 0000000B.00000002.3655805637.0000000002CDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033$
                Source: Utilman.exe, 0000000B.00000002.3655805637.0000000002CDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: Utilman.exe, 0000000B.00000002.3655805637.0000000002D0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: Utilman.exe, 0000000B.00000003.1651883330.0000000007F4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: Utilman.exe, 0000000B.00000002.3661252861.0000000007F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20
                Source: Utilman.exe, 0000000B.00000002.3661252861.0000000007F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp
                Source: Utilman.exe, 0000000B.00000002.3658949116.00000000062C4000.00000004.10000000.00040000.00000000.sdmp, 9gqi61vFxD2dyomn.exe, 0000000C.00000002.3658387639.0000000003FA4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.werdienmachine.net/68yf/?DpGLQbiX=3FdVNtuqhX/OwQ0CsUdSe

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Vessel's inquiry - 22054.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Vessel's inquiry - 22054.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.3660363847.0000000005360000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1469348449.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3658197272.0000000004A40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3658115106.00000000049F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3655658054.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1468691450.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1470766734.0000000002AF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3658118937.0000000003B60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0042C4B3 NtClose,2_2_0042C4B3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412B60 NtClose,LdrInitializeThunk,2_2_01412B60
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_01412DF0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_01412C70
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014135C0 NtCreateMutant,LdrInitializeThunk,2_2_014135C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01414340 NtSetContextThread,2_2_01414340
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01414650 NtSuspendThread,2_2_01414650
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412BE0 NtQueryValueKey,2_2_01412BE0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412BF0 NtAllocateVirtualMemory,2_2_01412BF0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412B80 NtQueryInformationFile,2_2_01412B80
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412BA0 NtEnumerateValueKey,2_2_01412BA0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412AD0 NtReadFile,2_2_01412AD0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412AF0 NtWriteFile,2_2_01412AF0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412AB0 NtWaitForSingleObject,2_2_01412AB0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412D00 NtSetInformationFile,2_2_01412D00
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412D10 NtMapViewOfSection,2_2_01412D10
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412D30 NtUnmapViewOfSection,2_2_01412D30
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412DD0 NtDelayExecution,2_2_01412DD0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412DB0 NtEnumerateKey,2_2_01412DB0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412C60 NtCreateKey,2_2_01412C60
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412C00 NtQueryInformationProcess,2_2_01412C00
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412CC0 NtQueryVirtualMemory,2_2_01412CC0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412CF0 NtOpenProcess,2_2_01412CF0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412CA0 NtQueryInformationToken,2_2_01412CA0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412F60 NtCreateProcessEx,2_2_01412F60
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412F30 NtCreateSection,2_2_01412F30
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412FE0 NtCreateFile,2_2_01412FE0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412F90 NtProtectVirtualMemory,2_2_01412F90
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412FA0 NtQuerySection,2_2_01412FA0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412FB0 NtResumeThread,2_2_01412FB0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412E30 NtWriteVirtualMemory,2_2_01412E30
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412EE0 NtQueueApcThread,2_2_01412EE0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412E80 NtReadVirtualMemory,2_2_01412E80
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412EA0 NtAdjustPrivilegesToken,2_2_01412EA0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01413010 NtOpenDirectoryObject,2_2_01413010
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01413090 NtSetValueKey,2_2_01413090
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014139B0 NtGetContextThread,2_2_014139B0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01413D70 NtOpenThread,2_2_01413D70
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01413D10 NtOpenProcessToken,2_2_01413D10
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB4650 NtSuspendThread,LdrInitializeThunk,11_2_04BB4650
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB4340 NtSetContextThread,LdrInitializeThunk,11_2_04BB4340
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2CA0 NtQueryInformationToken,LdrInitializeThunk,11_2_04BB2CA0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2C70 NtFreeVirtualMemory,LdrInitializeThunk,11_2_04BB2C70
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2C60 NtCreateKey,LdrInitializeThunk,11_2_04BB2C60
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2DF0 NtQuerySystemInformation,LdrInitializeThunk,11_2_04BB2DF0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2DD0 NtDelayExecution,LdrInitializeThunk,11_2_04BB2DD0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2D30 NtUnmapViewOfSection,LdrInitializeThunk,11_2_04BB2D30
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2D10 NtMapViewOfSection,LdrInitializeThunk,11_2_04BB2D10
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2E80 NtReadVirtualMemory,LdrInitializeThunk,11_2_04BB2E80
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2EE0 NtQueueApcThread,LdrInitializeThunk,11_2_04BB2EE0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2FB0 NtResumeThread,LdrInitializeThunk,11_2_04BB2FB0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2FE0 NtCreateFile,LdrInitializeThunk,11_2_04BB2FE0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2F30 NtCreateSection,LdrInitializeThunk,11_2_04BB2F30
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2AF0 NtWriteFile,LdrInitializeThunk,11_2_04BB2AF0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2AD0 NtReadFile,LdrInitializeThunk,11_2_04BB2AD0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2BA0 NtEnumerateValueKey,LdrInitializeThunk,11_2_04BB2BA0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_04BB2BF0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2BE0 NtQueryValueKey,LdrInitializeThunk,11_2_04BB2BE0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2B60 NtClose,LdrInitializeThunk,11_2_04BB2B60
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB35C0 NtCreateMutant,LdrInitializeThunk,11_2_04BB35C0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB39B0 NtGetContextThread,LdrInitializeThunk,11_2_04BB39B0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2CF0 NtOpenProcess,11_2_04BB2CF0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2CC0 NtQueryVirtualMemory,11_2_04BB2CC0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2C00 NtQueryInformationProcess,11_2_04BB2C00
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2DB0 NtEnumerateKey,11_2_04BB2DB0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2D00 NtSetInformationFile,11_2_04BB2D00
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2EA0 NtAdjustPrivilegesToken,11_2_04BB2EA0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2E30 NtWriteVirtualMemory,11_2_04BB2E30
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2FA0 NtQuerySection,11_2_04BB2FA0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2F90 NtProtectVirtualMemory,11_2_04BB2F90
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2F60 NtCreateProcessEx,11_2_04BB2F60
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2AB0 NtWaitForSingleObject,11_2_04BB2AB0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB2B80 NtQueryInformationFile,11_2_04BB2B80
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB3090 NtSetValueKey,11_2_04BB3090
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB3010 NtOpenDirectoryObject,11_2_04BB3010
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB3D10 NtOpenProcessToken,11_2_04BB3D10
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB3D70 NtOpenThread,11_2_04BB3D70
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C78E90 NtCreateFile,11_2_02C78E90
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C792F0 NtAllocateVirtualMemory,11_2_02C792F0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C790F0 NtDeleteFile,11_2_02C790F0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C79000 NtReadFile,11_2_02C79000
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C79190 NtClose,11_2_02C79190
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04E9F8D7 NtUnmapViewOfSection,NtClose,11_2_04E9F8D7
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04E9F95A NtUnmapViewOfSection,NtClose,11_2_04E9F95A
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04E9FB53 NtResumeThread,11_2_04E9FB53
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_00D1E0540_2_00D1E054
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_059305F80_2_059305F8
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_059310800_2_05931080
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_0593107F0_2_0593107F
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_06FF00070_2_06FF0007
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_070364200_2_07036420
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_070393A00_2_070393A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_0703F7220_2_0703F722
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_07035DD90_2_07035DD9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_07035DE80_2_07035DE8
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_070364110_2_07036411
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_0703FB500_2_0703FB50
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_0703FB600_2_0703FB60
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_0703C1B80_2_0703C1B8
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_070388C00_2_070388C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_071FE0680_2_071FE068
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_071FC8200_2_071FC820
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_07A44F300_2_07A44F30
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_07A416E80_2_07A416E8
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_07A46AD80_2_07A46AD8
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_07A420880_2_07A42088
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_07A420980_2_07A42098
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_07A400400_2_07A40040
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_0593CF270_2_0593CF27
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_0593CF280_2_0593CF28
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_0593E6900_2_0593E690
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_0593E68F0_2_0593E68F
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_0593A1C10_2_0593A1C1
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_0593723C0_2_0593723C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_0703CF5B0_2_0703CF5B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_0703CF670_2_0703CF67
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_070393200_2_07039320
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_070300060_2_07030006
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_070300400_2_07030040
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_004183532_2_00418353
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_004030A02_2_004030A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0042EAE32_2_0042EAE3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0040FAEF2_2_0040FAEF
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0040FAF32_2_0040FAF3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0040231E2_2_0040231E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_004023202_2_00402320
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_004024C22_2_004024C2
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_004024D02_2_004024D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0040DCF32_2_0040DCF3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_004165512_2_00416551
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_004165532_2_00416553
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0040FD132_2_0040FD13
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0040DE432_2_0040DE43
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0040DE382_2_0040DE38
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_004027602_2_00402760
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014681582_2_01468158
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D01002_2_013D0100
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147A1182_2_0147A118
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014981CC2_2_014981CC
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014A01AA2_2_014A01AA
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014941A22_2_014941A2
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014720002_2_01472000
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149A3522_2_0149A352
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014A03E62_2_014A03E6
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EE3F02_2_013EE3F0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014802742_2_01480274
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014602C02_2_014602C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E05352_2_013E0535
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014A05912_2_014A0591
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014924462_2_01492446
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014844202_2_01484420
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0148E4F62_2_0148E4F6
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014047502_2_01404750
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E07702_2_013E0770
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DC7C02_2_013DC7C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FC6E02_2_013FC6E0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F69622_2_013F6962
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E29A02_2_013E29A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014AA9A62_2_014AA9A6
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EA8402_2_013EA840
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E28402_2_013E2840
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013C68B82_2_013C68B8
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140E8F02_2_0140E8F0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149AB402_2_0149AB40
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01496BD72_2_01496BD7
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DEA802_2_013DEA80
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EAD002_2_013EAD00
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147CD1F2_2_0147CD1F
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F8DBF2_2_013F8DBF
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DADE02_2_013DADE0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0C002_2_013E0C00
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D0CF22_2_013D0CF2
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01480CB52_2_01480CB5
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01454F402_2_01454F40
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01422F282_2_01422F28
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01400F302_2_01400F30
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01482F302_2_01482F30
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013ECFE02_2_013ECFE0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145EFA02_2_0145EFA0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D2FC82_2_013D2FC8
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0E592_2_013E0E59
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149EE262_2_0149EE26
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149EEDB2_2_0149EEDB
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F2E902_2_013F2E90
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149CE932_2_0149CE93
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014AB16B2_2_014AB16B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0141516C2_2_0141516C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CF1722_2_013CF172
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EB1B02_2_013EB1B0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0148F0CC2_2_0148F0CC
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014970E92_2_014970E9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149F0E02_2_0149F0E0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E70C02_2_013E70C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149132D2_2_0149132D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CD34C2_2_013CD34C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0142739A2_2_0142739A
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E52A02_2_013E52A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014812ED2_2_014812ED
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FB2C02_2_013FB2C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014975712_2_01497571
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147D5B02_2_0147D5B0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D14602_2_013D1460
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149F43F2_2_0149F43F
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149F7B02_2_0149F7B0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014916CC2_2_014916CC
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014759102_2_01475910
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E99502_2_013E9950
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FB9502_2_013FB950
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144D8002_2_0144D800
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E38E02_2_013E38E0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149FB762_2_0149FB76
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01455BF02_2_01455BF0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0141DBF92_2_0141DBF9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FFB802_2_013FFB80
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149FA492_2_0149FA49
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01497A462_2_01497A46
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01453A6C2_2_01453A6C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0148DAC62_2_0148DAC6
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01425AA02_2_01425AA0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147DAAC2_2_0147DAAC
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01481AA32_2_01481AA3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01491D5A2_2_01491D5A
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01497D732_2_01497D73
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E3D402_2_013E3D40
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FFDC02_2_013FFDC0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01459C322_2_01459C32
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149FCF22_2_0149FCF2
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149FF092_2_0149FF09
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E1F922_2_013E1F92
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149FFB12_2_0149FFB1
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E9EB02_2_013E9EB0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C2E4F611_2_04C2E4F6
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3244611_2_04C32446
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C2442011_2_04C24420
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C4059111_2_04C40591
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B8053511_2_04B80535
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B9C6E011_2_04B9C6E0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B8077011_2_04B80770
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BA475011_2_04BA4750
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C1200011_2_04C12000
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C381CC11_2_04C381CC
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C341A211_2_04C341A2
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C401AA11_2_04C401AA
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C0815811_2_04C08158
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B7010011_2_04B70100
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C1A11811_2_04C1A118
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C002C011_2_04C002C0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C2027411_2_04C20274
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C403E611_2_04C403E6
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B8E3F011_2_04B8E3F0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3A35211_2_04C3A352
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B70CF211_2_04B70CF2
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C20CB511_2_04C20CB5
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B80C0011_2_04B80C00
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B98DBF11_2_04B98DBF
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B7ADE011_2_04B7ADE0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B8AD0011_2_04B8AD00
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C1CD1F11_2_04C1CD1F
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3EEDB11_2_04C3EEDB
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B92E9011_2_04B92E90
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3CE9311_2_04C3CE93
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B80E5911_2_04B80E59
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3EE2611_2_04C3EE26
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BFEFA011_2_04BFEFA0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B72FC811_2_04B72FC8
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BA0F3011_2_04BA0F30
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BC2F2811_2_04BC2F28
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C22F3011_2_04C22F30
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BF4F4011_2_04BF4F40
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B668B811_2_04B668B8
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BAE8F011_2_04BAE8F0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B8284011_2_04B82840
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B8A84011_2_04B8A840
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B829A011_2_04B829A0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C4A9A611_2_04C4A9A6
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B9696211_2_04B96962
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B7EA8011_2_04B7EA80
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C36BD711_2_04C36BD7
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3AB4011_2_04C3AB40
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B7146011_2_04B71460
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3F43F11_2_04C3F43F
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C495C311_2_04C495C3
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C1D5B011_2_04C1D5B0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3757111_2_04C37571
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C316CC11_2_04C316CC
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BC563011_2_04BC5630
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3F7B011_2_04C3F7B0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C2F0CC11_2_04C2F0CC
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3F0E011_2_04C3F0E0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C370E911_2_04C370E9
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B870C011_2_04B870C0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B8B1B011_2_04B8B1B0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C4B16B11_2_04C4B16B
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B6F17211_2_04B6F172
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BB516C11_2_04BB516C
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B852A011_2_04B852A0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C212ED11_2_04C212ED
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B9B2C011_2_04B9B2C0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B8D20D11_2_04B8D20D
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BC739A11_2_04BC739A
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3132D11_2_04C3132D
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B6D34C11_2_04B6D34C
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3FCF211_2_04C3FCF2
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BF9C3211_2_04BF9C32
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B9FDC011_2_04B9FDC0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C31D5A11_2_04C31D5A
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C37D7311_2_04C37D73
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B83D4011_2_04B83D40
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B89EB011_2_04B89EB0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B81F9211_2_04B81F92
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B43FD511_2_04B43FD5
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B43FD211_2_04B43FD2
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3FFB111_2_04C3FFB1
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3FF0911_2_04C3FF09
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B838E011_2_04B838E0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BED80011_2_04BED800
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C1591011_2_04C15910
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B8995011_2_04B89950
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B9B95011_2_04B9B950
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C2DAC611_2_04C2DAC6
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BC5AA011_2_04BC5AA0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C21AA311_2_04C21AA3
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C1DAAC11_2_04C1DAAC
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C37A4611_2_04C37A46
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3FA4911_2_04C3FA49
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BF3A6C11_2_04BF3A6C
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B9FB8011_2_04B9FB80
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BBDBF911_2_04BBDBF9
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04BF5BF011_2_04BF5BF0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04C3FB7611_2_04C3FB76
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C6194011_2_02C61940
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C5C7CC11_2_02C5C7CC
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C5C7D011_2_02C5C7D0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C5AB1511_2_02C5AB15
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C5AB2011_2_02C5AB20
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C5A9D011_2_02C5A9D0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C5C9F011_2_02C5C9F0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C6322E11_2_02C6322E
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C6323011_2_02C63230
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C6503011_2_02C65030
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C7B7C011_2_02C7B7C0
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04E9E77D11_2_04E9E77D
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04E9E2C511_2_04E9E2C5
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04E9E3E311_2_04E9E3E3
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04E9D84811_2_04E9D848
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04E9CAE811_2_04E9CAE8
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04E9CA4011_2_04E9CA40
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: String function: 0145F290 appears 105 times
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: String function: 013CB970 appears 280 times
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: String function: 01427E54 appears 102 times
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: String function: 0144EA12 appears 86 times
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: String function: 01415130 appears 58 times
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: String function: 04BEEA12 appears 86 times
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: String function: 04B6B970 appears 280 times
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: String function: 04BB5130 appears 58 times
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: String function: 04BFF290 appears 105 times
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: String function: 04BC7E54 appears 111 times
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1221276958.0000000007860000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Vessel's inquiry - 22054.exe
                Source: Vessel's inquiry - 22054.exe, 00000000.00000002.1214045074.00000000008AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Vessel's inquiry - 22054.exe
                Source: Vessel's inquiry - 22054.exe, 00000000.00000000.1190380473.0000000000384000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamekmRZ.exe* vs Vessel's inquiry - 22054.exe
                Source: Vessel's inquiry - 22054.exe, 00000002.00000002.1468977276.0000000000F48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameutilman2.exej% vs Vessel's inquiry - 22054.exe
                Source: Vessel's inquiry - 22054.exe, 00000002.00000002.1469525017.00000000014CD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Vessel's inquiry - 22054.exe
                Source: Vessel's inquiry - 22054.exeBinary or memory string: OriginalFilenamekmRZ.exe* vs Vessel's inquiry - 22054.exe
                Source: Vessel's inquiry - 22054.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Vessel's inquiry - 22054.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@13/9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Vessel's inquiry - 22054.exe.logJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\Utilman.exeFile created: C:\Users\user\AppData\Local\Temp\1b71JpJump to behavior
                Source: Vessel's inquiry - 22054.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Vessel's inquiry - 22054.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Utilman.exe, 0000000B.00000002.3655805637.0000000002D3D000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000003.1652979893.0000000002D3D000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000003.1652849826.0000000002D1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Vessel's inquiry - 22054.exeReversingLabs: Detection: 27%
                Source: Vessel's inquiry - 22054.exeVirustotal: Detection: 31%
                Source: unknownProcess created: C:\Users\user\Desktop\Vessel's inquiry - 22054.exe "C:\Users\user\Desktop\Vessel's inquiry - 22054.exe"
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess created: C:\Users\user\Desktop\Vessel's inquiry - 22054.exe "C:\Users\user\Desktop\Vessel's inquiry - 22054.exe"
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeProcess created: C:\Windows\SysWOW64\Utilman.exe "C:\Windows\SysWOW64\Utilman.exe"
                Source: C:\Windows\SysWOW64\Utilman.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess created: C:\Users\user\Desktop\Vessel's inquiry - 22054.exe "C:\Users\user\Desktop\Vessel's inquiry - 22054.exe"Jump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeProcess created: C:\Windows\SysWOW64\Utilman.exe "C:\Windows\SysWOW64\Utilman.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: oleacc.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: duser.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: dui70.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Vessel's inquiry - 22054.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Vessel's inquiry - 22054.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Vessel's inquiry - 22054.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: Utilman.pdb source: Vessel's inquiry - 22054.exe, 00000002.00000002.1468977276.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, 9gqi61vFxD2dyomn.exe, 0000000A.00000003.1745329546.0000000000AC5000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: Vessel's inquiry - 22054.exe, 00000002.00000002.1469525017.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000003.1471435741.0000000004992000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000003.1468990854.00000000047E6000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000002.3658321653.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000002.3658321653.0000000004B40000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: kmRZ.pdbSHA256CPi~ source: Vessel's inquiry - 22054.exe
                Source: Binary string: wntdll.pdb source: Vessel's inquiry - 22054.exe, Vessel's inquiry - 22054.exe, 00000002.00000002.1469525017.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, Utilman.exe, 0000000B.00000003.1471435741.0000000004992000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000003.1468990854.00000000047E6000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000002.3658321653.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, 0000000B.00000002.3658321653.0000000004B40000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: Utilman.pdbGCTL source: Vessel's inquiry - 22054.exe, 00000002.00000002.1468977276.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, 9gqi61vFxD2dyomn.exe, 0000000A.00000003.1745329546.0000000000AC5000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: kmRZ.pdb source: Vessel's inquiry - 22054.exe
                Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: 9gqi61vFxD2dyomn.exe, 0000000A.00000002.3656118447.000000000068F000.00000002.00000001.01000000.0000000C.sdmp, 9gqi61vFxD2dyomn.exe, 0000000C.00000000.1542329637.000000000068F000.00000002.00000001.01000000.0000000C.sdmp
                Source: Vessel's inquiry - 22054.exeStatic PE information: 0xD0BC5F28 [Sat Dec 21 11:27:36 2080 UTC]
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_00D1DA4A pushfd ; retf 0_2_00D1DA81
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_059309D8 pushad ; iretd 0_2_059309D9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_06FFC603 pushad ; ret 0_2_06FFC609
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_07037440 push cs; ret 0_2_0703744E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 0_2_07038398 push eax; ret 0_2_0703849D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0040A9ED push ebx; ret 2_2_0040A9EE
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0040D256 pushad ; ret 2_2_0040D259
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_00401ADF push edi; retf 2_2_00401B02
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_00403320 push eax; ret 2_2_00403322
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_00402DD3 pushad ; ret 2_2_00402DD4
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_004115DC push edi; ret 2_2_004115E6
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_004115DC push edx; retf 2_2_00411701
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_004085E2 push es; ret 2_2_004085F8
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_00408588 push esp; ret 2_2_0040858A
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_004085A0 push ss; iretd 2_2_004085E0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_00418E38 push ebx; iretd 2_2_00418E45
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_004116C1 push edx; retf 2_2_00411701
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D09AD push ecx; mov dword ptr [esp], ecx2_2_013D09B6
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B427FA pushad ; ret 11_2_04B427F9
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B4225F pushad ; ret 11_2_04B427F9
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B4283D push eax; iretd 11_2_04B42858
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B709AD push ecx; mov dword ptr [esp], ecx11_2_04B709B6
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_04B418F3 push edx; ret 11_2_04B41906
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C5E2B9 push edi; ret 11_2_02C5E2C3
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C5E2B9 push edx; retf 11_2_02C5E3DE
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C5E39E push edx; retf 11_2_02C5E3DE
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C6834C push 8FCC23F0h; iretd 11_2_02C6836E
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C6832E push 26FEC064h; ret 11_2_02C6833A
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C6201D push edi; iretd 11_2_02C62025
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C552BF push es; ret 11_2_02C552D5
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C55265 push esp; ret 11_2_02C55267
                Source: Vessel's inquiry - 22054.exeStatic PE information: section name: .text entropy: 7.578682792138885
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: Vessel's inquiry - 22054.exe PID: 5660, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFCC372D324
                Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFCC372D7E4
                Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFCC372D944
                Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFCC372D504
                Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFCC372D544
                Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFCC372D1E4
                Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFCC3730154
                Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFCC372DA44
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeMemory allocated: AA0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeMemory allocated: 26E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeMemory allocated: D40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeMemory allocated: 8DF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeMemory allocated: 9DF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeMemory allocated: A010000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeMemory allocated: B010000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0141096E rdtsc 2_2_0141096E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeWindow / User API: threadDelayed 9841Jump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\Utilman.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exe TID: 4064Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exe TID: 1684Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exe TID: 7644Thread sleep count: 132 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exe TID: 7644Thread sleep time: -264000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exe TID: 7644Thread sleep count: 9841 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exe TID: 7644Thread sleep time: -19682000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exe TID: 7688Thread sleep time: -55000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exe TID: 7688Thread sleep time: -43500s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exe TID: 7688Thread sleep count: 34 > 30Jump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exe TID: 7688Thread sleep time: -34000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\Utilman.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\Utilman.exeCode function: 11_2_02C6C2B0 FindFirstFileW,FindNextFileW,FindClose,11_2_02C6C2B0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeThread delayed: delay time: 30000Jump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: firefox.exe, 0000000D.00000002.1767413099.0000027C8410C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllNN2
                Source: Utilman.exe, 0000000B.00000002.3655805637.0000000002CCE000.00000004.00000020.00020000.00000000.sdmp, 9gqi61vFxD2dyomn.exe, 0000000C.00000002.3657491867.0000000000E3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0141096E rdtsc 2_2_0141096E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_004174E3 LdrLoadDll,2_2_004174E3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01464144 mov eax, dword ptr fs:[00000030h]2_2_01464144
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01464144 mov eax, dword ptr fs:[00000030h]2_2_01464144
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01464144 mov ecx, dword ptr fs:[00000030h]2_2_01464144
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01464144 mov eax, dword ptr fs:[00000030h]2_2_01464144
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01464144 mov eax, dword ptr fs:[00000030h]2_2_01464144
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01468158 mov eax, dword ptr fs:[00000030h]2_2_01468158
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147E10E mov eax, dword ptr fs:[00000030h]2_2_0147E10E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147E10E mov ecx, dword ptr fs:[00000030h]2_2_0147E10E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147E10E mov eax, dword ptr fs:[00000030h]2_2_0147E10E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147E10E mov eax, dword ptr fs:[00000030h]2_2_0147E10E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147E10E mov ecx, dword ptr fs:[00000030h]2_2_0147E10E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147E10E mov eax, dword ptr fs:[00000030h]2_2_0147E10E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147E10E mov eax, dword ptr fs:[00000030h]2_2_0147E10E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147E10E mov ecx, dword ptr fs:[00000030h]2_2_0147E10E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147E10E mov eax, dword ptr fs:[00000030h]2_2_0147E10E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147E10E mov ecx, dword ptr fs:[00000030h]2_2_0147E10E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01490115 mov eax, dword ptr fs:[00000030h]2_2_01490115
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147A118 mov ecx, dword ptr fs:[00000030h]2_2_0147A118
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147A118 mov eax, dword ptr fs:[00000030h]2_2_0147A118
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147A118 mov eax, dword ptr fs:[00000030h]2_2_0147A118
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147A118 mov eax, dword ptr fs:[00000030h]2_2_0147A118
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01400124 mov eax, dword ptr fs:[00000030h]2_2_01400124
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D6154 mov eax, dword ptr fs:[00000030h]2_2_013D6154
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D6154 mov eax, dword ptr fs:[00000030h]2_2_013D6154
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CC156 mov eax, dword ptr fs:[00000030h]2_2_013CC156
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014961C3 mov eax, dword ptr fs:[00000030h]2_2_014961C3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014961C3 mov eax, dword ptr fs:[00000030h]2_2_014961C3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144E1D0 mov eax, dword ptr fs:[00000030h]2_2_0144E1D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144E1D0 mov eax, dword ptr fs:[00000030h]2_2_0144E1D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144E1D0 mov ecx, dword ptr fs:[00000030h]2_2_0144E1D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144E1D0 mov eax, dword ptr fs:[00000030h]2_2_0144E1D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144E1D0 mov eax, dword ptr fs:[00000030h]2_2_0144E1D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CA197 mov eax, dword ptr fs:[00000030h]2_2_013CA197
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CA197 mov eax, dword ptr fs:[00000030h]2_2_013CA197
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CA197 mov eax, dword ptr fs:[00000030h]2_2_013CA197
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014A61E5 mov eax, dword ptr fs:[00000030h]2_2_014A61E5
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014001F8 mov eax, dword ptr fs:[00000030h]2_2_014001F8
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0148C188 mov eax, dword ptr fs:[00000030h]2_2_0148C188
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0148C188 mov eax, dword ptr fs:[00000030h]2_2_0148C188
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01410185 mov eax, dword ptr fs:[00000030h]2_2_01410185
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01474180 mov eax, dword ptr fs:[00000030h]2_2_01474180
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01474180 mov eax, dword ptr fs:[00000030h]2_2_01474180
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145019F mov eax, dword ptr fs:[00000030h]2_2_0145019F
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145019F mov eax, dword ptr fs:[00000030h]2_2_0145019F
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145019F mov eax, dword ptr fs:[00000030h]2_2_0145019F
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145019F mov eax, dword ptr fs:[00000030h]2_2_0145019F
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01456050 mov eax, dword ptr fs:[00000030h]2_2_01456050
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CA020 mov eax, dword ptr fs:[00000030h]2_2_013CA020
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CC020 mov eax, dword ptr fs:[00000030h]2_2_013CC020
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EE016 mov eax, dword ptr fs:[00000030h]2_2_013EE016
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EE016 mov eax, dword ptr fs:[00000030h]2_2_013EE016
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EE016 mov eax, dword ptr fs:[00000030h]2_2_013EE016
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EE016 mov eax, dword ptr fs:[00000030h]2_2_013EE016
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01454000 mov ecx, dword ptr fs:[00000030h]2_2_01454000
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01472000 mov eax, dword ptr fs:[00000030h]2_2_01472000
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01472000 mov eax, dword ptr fs:[00000030h]2_2_01472000
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01472000 mov eax, dword ptr fs:[00000030h]2_2_01472000
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01472000 mov eax, dword ptr fs:[00000030h]2_2_01472000
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01472000 mov eax, dword ptr fs:[00000030h]2_2_01472000
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01472000 mov eax, dword ptr fs:[00000030h]2_2_01472000
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01472000 mov eax, dword ptr fs:[00000030h]2_2_01472000
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01472000 mov eax, dword ptr fs:[00000030h]2_2_01472000
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FC073 mov eax, dword ptr fs:[00000030h]2_2_013FC073
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D2050 mov eax, dword ptr fs:[00000030h]2_2_013D2050
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01466030 mov eax, dword ptr fs:[00000030h]2_2_01466030
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014520DE mov eax, dword ptr fs:[00000030h]2_2_014520DE
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014560E0 mov eax, dword ptr fs:[00000030h]2_2_014560E0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014120F0 mov ecx, dword ptr fs:[00000030h]2_2_014120F0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D208A mov eax, dword ptr fs:[00000030h]2_2_013D208A
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CC0F0 mov eax, dword ptr fs:[00000030h]2_2_013CC0F0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D80E9 mov eax, dword ptr fs:[00000030h]2_2_013D80E9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CA0E3 mov ecx, dword ptr fs:[00000030h]2_2_013CA0E3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014680A8 mov eax, dword ptr fs:[00000030h]2_2_014680A8
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014960B8 mov eax, dword ptr fs:[00000030h]2_2_014960B8
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014960B8 mov ecx, dword ptr fs:[00000030h]2_2_014960B8
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01452349 mov eax, dword ptr fs:[00000030h]2_2_01452349
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01478350 mov ecx, dword ptr fs:[00000030h]2_2_01478350
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145035C mov eax, dword ptr fs:[00000030h]2_2_0145035C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145035C mov eax, dword ptr fs:[00000030h]2_2_0145035C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145035C mov eax, dword ptr fs:[00000030h]2_2_0145035C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145035C mov ecx, dword ptr fs:[00000030h]2_2_0145035C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145035C mov eax, dword ptr fs:[00000030h]2_2_0145035C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145035C mov eax, dword ptr fs:[00000030h]2_2_0145035C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149A352 mov eax, dword ptr fs:[00000030h]2_2_0149A352
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CC310 mov ecx, dword ptr fs:[00000030h]2_2_013CC310
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F0310 mov ecx, dword ptr fs:[00000030h]2_2_013F0310
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147437C mov eax, dword ptr fs:[00000030h]2_2_0147437C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140A30B mov eax, dword ptr fs:[00000030h]2_2_0140A30B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140A30B mov eax, dword ptr fs:[00000030h]2_2_0140A30B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140A30B mov eax, dword ptr fs:[00000030h]2_2_0140A30B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0148C3CD mov eax, dword ptr fs:[00000030h]2_2_0148C3CD
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014563C0 mov eax, dword ptr fs:[00000030h]2_2_014563C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014743D4 mov eax, dword ptr fs:[00000030h]2_2_014743D4
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014743D4 mov eax, dword ptr fs:[00000030h]2_2_014743D4
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147E3DB mov eax, dword ptr fs:[00000030h]2_2_0147E3DB
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147E3DB mov eax, dword ptr fs:[00000030h]2_2_0147E3DB
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147E3DB mov ecx, dword ptr fs:[00000030h]2_2_0147E3DB
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147E3DB mov eax, dword ptr fs:[00000030h]2_2_0147E3DB
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013C8397 mov eax, dword ptr fs:[00000030h]2_2_013C8397
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013C8397 mov eax, dword ptr fs:[00000030h]2_2_013C8397
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013C8397 mov eax, dword ptr fs:[00000030h]2_2_013C8397
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F438F mov eax, dword ptr fs:[00000030h]2_2_013F438F
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F438F mov eax, dword ptr fs:[00000030h]2_2_013F438F
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CE388 mov eax, dword ptr fs:[00000030h]2_2_013CE388
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CE388 mov eax, dword ptr fs:[00000030h]2_2_013CE388
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CE388 mov eax, dword ptr fs:[00000030h]2_2_013CE388
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014063FF mov eax, dword ptr fs:[00000030h]2_2_014063FF
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EE3F0 mov eax, dword ptr fs:[00000030h]2_2_013EE3F0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EE3F0 mov eax, dword ptr fs:[00000030h]2_2_013EE3F0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EE3F0 mov eax, dword ptr fs:[00000030h]2_2_013EE3F0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E03E9 mov eax, dword ptr fs:[00000030h]2_2_013E03E9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E03E9 mov eax, dword ptr fs:[00000030h]2_2_013E03E9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E03E9 mov eax, dword ptr fs:[00000030h]2_2_013E03E9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E03E9 mov eax, dword ptr fs:[00000030h]2_2_013E03E9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E03E9 mov eax, dword ptr fs:[00000030h]2_2_013E03E9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E03E9 mov eax, dword ptr fs:[00000030h]2_2_013E03E9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E03E9 mov eax, dword ptr fs:[00000030h]2_2_013E03E9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E03E9 mov eax, dword ptr fs:[00000030h]2_2_013E03E9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA3C0 mov eax, dword ptr fs:[00000030h]2_2_013DA3C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA3C0 mov eax, dword ptr fs:[00000030h]2_2_013DA3C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA3C0 mov eax, dword ptr fs:[00000030h]2_2_013DA3C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA3C0 mov eax, dword ptr fs:[00000030h]2_2_013DA3C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA3C0 mov eax, dword ptr fs:[00000030h]2_2_013DA3C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA3C0 mov eax, dword ptr fs:[00000030h]2_2_013DA3C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D83C0 mov eax, dword ptr fs:[00000030h]2_2_013D83C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D83C0 mov eax, dword ptr fs:[00000030h]2_2_013D83C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D83C0 mov eax, dword ptr fs:[00000030h]2_2_013D83C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D83C0 mov eax, dword ptr fs:[00000030h]2_2_013D83C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01458243 mov eax, dword ptr fs:[00000030h]2_2_01458243
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01458243 mov ecx, dword ptr fs:[00000030h]2_2_01458243
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013C823B mov eax, dword ptr fs:[00000030h]2_2_013C823B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0148A250 mov eax, dword ptr fs:[00000030h]2_2_0148A250
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0148A250 mov eax, dword ptr fs:[00000030h]2_2_0148A250
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01480274 mov eax, dword ptr fs:[00000030h]2_2_01480274
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01480274 mov eax, dword ptr fs:[00000030h]2_2_01480274
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01480274 mov eax, dword ptr fs:[00000030h]2_2_01480274
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01480274 mov eax, dword ptr fs:[00000030h]2_2_01480274
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01480274 mov eax, dword ptr fs:[00000030h]2_2_01480274
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01480274 mov eax, dword ptr fs:[00000030h]2_2_01480274
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01480274 mov eax, dword ptr fs:[00000030h]2_2_01480274
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01480274 mov eax, dword ptr fs:[00000030h]2_2_01480274
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01480274 mov eax, dword ptr fs:[00000030h]2_2_01480274
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01480274 mov eax, dword ptr fs:[00000030h]2_2_01480274
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01480274 mov eax, dword ptr fs:[00000030h]2_2_01480274
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01480274 mov eax, dword ptr fs:[00000030h]2_2_01480274
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013C826B mov eax, dword ptr fs:[00000030h]2_2_013C826B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D4260 mov eax, dword ptr fs:[00000030h]2_2_013D4260
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D4260 mov eax, dword ptr fs:[00000030h]2_2_013D4260
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D4260 mov eax, dword ptr fs:[00000030h]2_2_013D4260
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D6259 mov eax, dword ptr fs:[00000030h]2_2_013D6259
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CA250 mov eax, dword ptr fs:[00000030h]2_2_013CA250
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E02A0 mov eax, dword ptr fs:[00000030h]2_2_013E02A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E02A0 mov eax, dword ptr fs:[00000030h]2_2_013E02A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140E284 mov eax, dword ptr fs:[00000030h]2_2_0140E284
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140E284 mov eax, dword ptr fs:[00000030h]2_2_0140E284
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01450283 mov eax, dword ptr fs:[00000030h]2_2_01450283
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01450283 mov eax, dword ptr fs:[00000030h]2_2_01450283
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01450283 mov eax, dword ptr fs:[00000030h]2_2_01450283
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E02E1 mov eax, dword ptr fs:[00000030h]2_2_013E02E1
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E02E1 mov eax, dword ptr fs:[00000030h]2_2_013E02E1
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E02E1 mov eax, dword ptr fs:[00000030h]2_2_013E02E1
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014662A0 mov eax, dword ptr fs:[00000030h]2_2_014662A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014662A0 mov ecx, dword ptr fs:[00000030h]2_2_014662A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014662A0 mov eax, dword ptr fs:[00000030h]2_2_014662A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014662A0 mov eax, dword ptr fs:[00000030h]2_2_014662A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014662A0 mov eax, dword ptr fs:[00000030h]2_2_014662A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014662A0 mov eax, dword ptr fs:[00000030h]2_2_014662A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA2C3 mov eax, dword ptr fs:[00000030h]2_2_013DA2C3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA2C3 mov eax, dword ptr fs:[00000030h]2_2_013DA2C3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA2C3 mov eax, dword ptr fs:[00000030h]2_2_013DA2C3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA2C3 mov eax, dword ptr fs:[00000030h]2_2_013DA2C3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA2C3 mov eax, dword ptr fs:[00000030h]2_2_013DA2C3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FE53E mov eax, dword ptr fs:[00000030h]2_2_013FE53E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FE53E mov eax, dword ptr fs:[00000030h]2_2_013FE53E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FE53E mov eax, dword ptr fs:[00000030h]2_2_013FE53E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FE53E mov eax, dword ptr fs:[00000030h]2_2_013FE53E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FE53E mov eax, dword ptr fs:[00000030h]2_2_013FE53E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0535 mov eax, dword ptr fs:[00000030h]2_2_013E0535
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0535 mov eax, dword ptr fs:[00000030h]2_2_013E0535
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0535 mov eax, dword ptr fs:[00000030h]2_2_013E0535
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0535 mov eax, dword ptr fs:[00000030h]2_2_013E0535
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0535 mov eax, dword ptr fs:[00000030h]2_2_013E0535
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0535 mov eax, dword ptr fs:[00000030h]2_2_013E0535
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140656A mov eax, dword ptr fs:[00000030h]2_2_0140656A
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140656A mov eax, dword ptr fs:[00000030h]2_2_0140656A
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140656A mov eax, dword ptr fs:[00000030h]2_2_0140656A
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01466500 mov eax, dword ptr fs:[00000030h]2_2_01466500
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014A4500 mov eax, dword ptr fs:[00000030h]2_2_014A4500
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014A4500 mov eax, dword ptr fs:[00000030h]2_2_014A4500
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014A4500 mov eax, dword ptr fs:[00000030h]2_2_014A4500
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014A4500 mov eax, dword ptr fs:[00000030h]2_2_014A4500
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014A4500 mov eax, dword ptr fs:[00000030h]2_2_014A4500
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014A4500 mov eax, dword ptr fs:[00000030h]2_2_014A4500
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014A4500 mov eax, dword ptr fs:[00000030h]2_2_014A4500
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D8550 mov eax, dword ptr fs:[00000030h]2_2_013D8550
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D8550 mov eax, dword ptr fs:[00000030h]2_2_013D8550
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F45B1 mov eax, dword ptr fs:[00000030h]2_2_013F45B1
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F45B1 mov eax, dword ptr fs:[00000030h]2_2_013F45B1
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140E5CF mov eax, dword ptr fs:[00000030h]2_2_0140E5CF
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140E5CF mov eax, dword ptr fs:[00000030h]2_2_0140E5CF
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140A5D0 mov eax, dword ptr fs:[00000030h]2_2_0140A5D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140A5D0 mov eax, dword ptr fs:[00000030h]2_2_0140A5D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140C5ED mov eax, dword ptr fs:[00000030h]2_2_0140C5ED
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140C5ED mov eax, dword ptr fs:[00000030h]2_2_0140C5ED
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D2582 mov eax, dword ptr fs:[00000030h]2_2_013D2582
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D2582 mov ecx, dword ptr fs:[00000030h]2_2_013D2582
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01404588 mov eax, dword ptr fs:[00000030h]2_2_01404588
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FE5E7 mov eax, dword ptr fs:[00000030h]2_2_013FE5E7
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FE5E7 mov eax, dword ptr fs:[00000030h]2_2_013FE5E7
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FE5E7 mov eax, dword ptr fs:[00000030h]2_2_013FE5E7
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FE5E7 mov eax, dword ptr fs:[00000030h]2_2_013FE5E7
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FE5E7 mov eax, dword ptr fs:[00000030h]2_2_013FE5E7
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FE5E7 mov eax, dword ptr fs:[00000030h]2_2_013FE5E7
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FE5E7 mov eax, dword ptr fs:[00000030h]2_2_013FE5E7
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FE5E7 mov eax, dword ptr fs:[00000030h]2_2_013FE5E7
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140E59C mov eax, dword ptr fs:[00000030h]2_2_0140E59C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D25E0 mov eax, dword ptr fs:[00000030h]2_2_013D25E0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014505A7 mov eax, dword ptr fs:[00000030h]2_2_014505A7
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014505A7 mov eax, dword ptr fs:[00000030h]2_2_014505A7
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014505A7 mov eax, dword ptr fs:[00000030h]2_2_014505A7
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D65D0 mov eax, dword ptr fs:[00000030h]2_2_013D65D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140E443 mov eax, dword ptr fs:[00000030h]2_2_0140E443
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140E443 mov eax, dword ptr fs:[00000030h]2_2_0140E443
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140E443 mov eax, dword ptr fs:[00000030h]2_2_0140E443
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140E443 mov eax, dword ptr fs:[00000030h]2_2_0140E443
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140E443 mov eax, dword ptr fs:[00000030h]2_2_0140E443
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140E443 mov eax, dword ptr fs:[00000030h]2_2_0140E443
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140E443 mov eax, dword ptr fs:[00000030h]2_2_0140E443
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140E443 mov eax, dword ptr fs:[00000030h]2_2_0140E443
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CC427 mov eax, dword ptr fs:[00000030h]2_2_013CC427
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CE420 mov eax, dword ptr fs:[00000030h]2_2_013CE420
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CE420 mov eax, dword ptr fs:[00000030h]2_2_013CE420
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CE420 mov eax, dword ptr fs:[00000030h]2_2_013CE420
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0148A456 mov eax, dword ptr fs:[00000030h]2_2_0148A456
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145C460 mov ecx, dword ptr fs:[00000030h]2_2_0145C460
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01408402 mov eax, dword ptr fs:[00000030h]2_2_01408402
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01408402 mov eax, dword ptr fs:[00000030h]2_2_01408402
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01408402 mov eax, dword ptr fs:[00000030h]2_2_01408402
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FA470 mov eax, dword ptr fs:[00000030h]2_2_013FA470
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FA470 mov eax, dword ptr fs:[00000030h]2_2_013FA470
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FA470 mov eax, dword ptr fs:[00000030h]2_2_013FA470
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013C645D mov eax, dword ptr fs:[00000030h]2_2_013C645D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F245A mov eax, dword ptr fs:[00000030h]2_2_013F245A
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01456420 mov eax, dword ptr fs:[00000030h]2_2_01456420
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01456420 mov eax, dword ptr fs:[00000030h]2_2_01456420
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01456420 mov eax, dword ptr fs:[00000030h]2_2_01456420
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01456420 mov eax, dword ptr fs:[00000030h]2_2_01456420
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01456420 mov eax, dword ptr fs:[00000030h]2_2_01456420
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01456420 mov eax, dword ptr fs:[00000030h]2_2_01456420
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01456420 mov eax, dword ptr fs:[00000030h]2_2_01456420
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140A430 mov eax, dword ptr fs:[00000030h]2_2_0140A430
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D64AB mov eax, dword ptr fs:[00000030h]2_2_013D64AB
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0148A49A mov eax, dword ptr fs:[00000030h]2_2_0148A49A
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D04E5 mov ecx, dword ptr fs:[00000030h]2_2_013D04E5
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014044B0 mov ecx, dword ptr fs:[00000030h]2_2_014044B0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145A4B0 mov eax, dword ptr fs:[00000030h]2_2_0145A4B0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140674D mov esi, dword ptr fs:[00000030h]2_2_0140674D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140674D mov eax, dword ptr fs:[00000030h]2_2_0140674D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140674D mov eax, dword ptr fs:[00000030h]2_2_0140674D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01454755 mov eax, dword ptr fs:[00000030h]2_2_01454755
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412750 mov eax, dword ptr fs:[00000030h]2_2_01412750
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412750 mov eax, dword ptr fs:[00000030h]2_2_01412750
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145E75D mov eax, dword ptr fs:[00000030h]2_2_0145E75D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D0710 mov eax, dword ptr fs:[00000030h]2_2_013D0710
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140C700 mov eax, dword ptr fs:[00000030h]2_2_0140C700
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D8770 mov eax, dword ptr fs:[00000030h]2_2_013D8770
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0770 mov eax, dword ptr fs:[00000030h]2_2_013E0770
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0770 mov eax, dword ptr fs:[00000030h]2_2_013E0770
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0770 mov eax, dword ptr fs:[00000030h]2_2_013E0770
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0770 mov eax, dword ptr fs:[00000030h]2_2_013E0770
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0770 mov eax, dword ptr fs:[00000030h]2_2_013E0770
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0770 mov eax, dword ptr fs:[00000030h]2_2_013E0770
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0770 mov eax, dword ptr fs:[00000030h]2_2_013E0770
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0770 mov eax, dword ptr fs:[00000030h]2_2_013E0770
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0770 mov eax, dword ptr fs:[00000030h]2_2_013E0770
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0770 mov eax, dword ptr fs:[00000030h]2_2_013E0770
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0770 mov eax, dword ptr fs:[00000030h]2_2_013E0770
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0770 mov eax, dword ptr fs:[00000030h]2_2_013E0770
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01400710 mov eax, dword ptr fs:[00000030h]2_2_01400710
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140C720 mov eax, dword ptr fs:[00000030h]2_2_0140C720
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140C720 mov eax, dword ptr fs:[00000030h]2_2_0140C720
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D0750 mov eax, dword ptr fs:[00000030h]2_2_013D0750
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144C730 mov eax, dword ptr fs:[00000030h]2_2_0144C730
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140273C mov eax, dword ptr fs:[00000030h]2_2_0140273C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140273C mov ecx, dword ptr fs:[00000030h]2_2_0140273C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140273C mov eax, dword ptr fs:[00000030h]2_2_0140273C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014507C3 mov eax, dword ptr fs:[00000030h]2_2_014507C3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D07AF mov eax, dword ptr fs:[00000030h]2_2_013D07AF
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145E7E1 mov eax, dword ptr fs:[00000030h]2_2_0145E7E1
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D47FB mov eax, dword ptr fs:[00000030h]2_2_013D47FB
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D47FB mov eax, dword ptr fs:[00000030h]2_2_013D47FB
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147678E mov eax, dword ptr fs:[00000030h]2_2_0147678E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F27ED mov eax, dword ptr fs:[00000030h]2_2_013F27ED
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F27ED mov eax, dword ptr fs:[00000030h]2_2_013F27ED
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F27ED mov eax, dword ptr fs:[00000030h]2_2_013F27ED
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014847A0 mov eax, dword ptr fs:[00000030h]2_2_014847A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DC7C0 mov eax, dword ptr fs:[00000030h]2_2_013DC7C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D262C mov eax, dword ptr fs:[00000030h]2_2_013D262C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EE627 mov eax, dword ptr fs:[00000030h]2_2_013EE627
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140A660 mov eax, dword ptr fs:[00000030h]2_2_0140A660
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140A660 mov eax, dword ptr fs:[00000030h]2_2_0140A660
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149866E mov eax, dword ptr fs:[00000030h]2_2_0149866E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149866E mov eax, dword ptr fs:[00000030h]2_2_0149866E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01402674 mov eax, dword ptr fs:[00000030h]2_2_01402674
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E260B mov eax, dword ptr fs:[00000030h]2_2_013E260B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E260B mov eax, dword ptr fs:[00000030h]2_2_013E260B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E260B mov eax, dword ptr fs:[00000030h]2_2_013E260B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E260B mov eax, dword ptr fs:[00000030h]2_2_013E260B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E260B mov eax, dword ptr fs:[00000030h]2_2_013E260B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E260B mov eax, dword ptr fs:[00000030h]2_2_013E260B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E260B mov eax, dword ptr fs:[00000030h]2_2_013E260B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144E609 mov eax, dword ptr fs:[00000030h]2_2_0144E609
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01412619 mov eax, dword ptr fs:[00000030h]2_2_01412619
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01406620 mov eax, dword ptr fs:[00000030h]2_2_01406620
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01408620 mov eax, dword ptr fs:[00000030h]2_2_01408620
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EC640 mov eax, dword ptr fs:[00000030h]2_2_013EC640
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0140A6C7
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140A6C7 mov eax, dword ptr fs:[00000030h]2_2_0140A6C7
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D4690 mov eax, dword ptr fs:[00000030h]2_2_013D4690
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D4690 mov eax, dword ptr fs:[00000030h]2_2_013D4690
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014506F1 mov eax, dword ptr fs:[00000030h]2_2_014506F1
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014506F1 mov eax, dword ptr fs:[00000030h]2_2_014506F1
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144E6F2 mov eax, dword ptr fs:[00000030h]2_2_0144E6F2
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144E6F2 mov eax, dword ptr fs:[00000030h]2_2_0144E6F2
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144E6F2 mov eax, dword ptr fs:[00000030h]2_2_0144E6F2
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144E6F2 mov eax, dword ptr fs:[00000030h]2_2_0144E6F2
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140C6A6 mov eax, dword ptr fs:[00000030h]2_2_0140C6A6
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014066B0 mov eax, dword ptr fs:[00000030h]2_2_014066B0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01450946 mov eax, dword ptr fs:[00000030h]2_2_01450946
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013C8918 mov eax, dword ptr fs:[00000030h]2_2_013C8918
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013C8918 mov eax, dword ptr fs:[00000030h]2_2_013C8918
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0141096E mov eax, dword ptr fs:[00000030h]2_2_0141096E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0141096E mov edx, dword ptr fs:[00000030h]2_2_0141096E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0141096E mov eax, dword ptr fs:[00000030h]2_2_0141096E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145C97C mov eax, dword ptr fs:[00000030h]2_2_0145C97C
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01474978 mov eax, dword ptr fs:[00000030h]2_2_01474978
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01474978 mov eax, dword ptr fs:[00000030h]2_2_01474978
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144E908 mov eax, dword ptr fs:[00000030h]2_2_0144E908
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144E908 mov eax, dword ptr fs:[00000030h]2_2_0144E908
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145C912 mov eax, dword ptr fs:[00000030h]2_2_0145C912
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F6962 mov eax, dword ptr fs:[00000030h]2_2_013F6962
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F6962 mov eax, dword ptr fs:[00000030h]2_2_013F6962
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F6962 mov eax, dword ptr fs:[00000030h]2_2_013F6962
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0146892B mov eax, dword ptr fs:[00000030h]2_2_0146892B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145892A mov eax, dword ptr fs:[00000030h]2_2_0145892A
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014669C0 mov eax, dword ptr fs:[00000030h]2_2_014669C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D09AD mov eax, dword ptr fs:[00000030h]2_2_013D09AD
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D09AD mov eax, dword ptr fs:[00000030h]2_2_013D09AD
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014049D0 mov eax, dword ptr fs:[00000030h]2_2_014049D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149A9D3 mov eax, dword ptr fs:[00000030h]2_2_0149A9D3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E29A0 mov eax, dword ptr fs:[00000030h]2_2_013E29A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E29A0 mov eax, dword ptr fs:[00000030h]2_2_013E29A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E29A0 mov eax, dword ptr fs:[00000030h]2_2_013E29A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E29A0 mov eax, dword ptr fs:[00000030h]2_2_013E29A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E29A0 mov eax, dword ptr fs:[00000030h]2_2_013E29A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E29A0 mov eax, dword ptr fs:[00000030h]2_2_013E29A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E29A0 mov eax, dword ptr fs:[00000030h]2_2_013E29A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E29A0 mov eax, dword ptr fs:[00000030h]2_2_013E29A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E29A0 mov eax, dword ptr fs:[00000030h]2_2_013E29A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E29A0 mov eax, dword ptr fs:[00000030h]2_2_013E29A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E29A0 mov eax, dword ptr fs:[00000030h]2_2_013E29A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E29A0 mov eax, dword ptr fs:[00000030h]2_2_013E29A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E29A0 mov eax, dword ptr fs:[00000030h]2_2_013E29A0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145E9E0 mov eax, dword ptr fs:[00000030h]2_2_0145E9E0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014029F9 mov eax, dword ptr fs:[00000030h]2_2_014029F9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014029F9 mov eax, dword ptr fs:[00000030h]2_2_014029F9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA9D0 mov eax, dword ptr fs:[00000030h]2_2_013DA9D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA9D0 mov eax, dword ptr fs:[00000030h]2_2_013DA9D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA9D0 mov eax, dword ptr fs:[00000030h]2_2_013DA9D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA9D0 mov eax, dword ptr fs:[00000030h]2_2_013DA9D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA9D0 mov eax, dword ptr fs:[00000030h]2_2_013DA9D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DA9D0 mov eax, dword ptr fs:[00000030h]2_2_013DA9D0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014589B3 mov esi, dword ptr fs:[00000030h]2_2_014589B3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014589B3 mov eax, dword ptr fs:[00000030h]2_2_014589B3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014589B3 mov eax, dword ptr fs:[00000030h]2_2_014589B3
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F2835 mov eax, dword ptr fs:[00000030h]2_2_013F2835
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F2835 mov eax, dword ptr fs:[00000030h]2_2_013F2835
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F2835 mov eax, dword ptr fs:[00000030h]2_2_013F2835
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F2835 mov ecx, dword ptr fs:[00000030h]2_2_013F2835
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F2835 mov eax, dword ptr fs:[00000030h]2_2_013F2835
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F2835 mov eax, dword ptr fs:[00000030h]2_2_013F2835
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01400854 mov eax, dword ptr fs:[00000030h]2_2_01400854
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01466870 mov eax, dword ptr fs:[00000030h]2_2_01466870
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01466870 mov eax, dword ptr fs:[00000030h]2_2_01466870
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145E872 mov eax, dword ptr fs:[00000030h]2_2_0145E872
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145E872 mov eax, dword ptr fs:[00000030h]2_2_0145E872
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145C810 mov eax, dword ptr fs:[00000030h]2_2_0145C810
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D4859 mov eax, dword ptr fs:[00000030h]2_2_013D4859
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D4859 mov eax, dword ptr fs:[00000030h]2_2_013D4859
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140A830 mov eax, dword ptr fs:[00000030h]2_2_0140A830
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147483A mov eax, dword ptr fs:[00000030h]2_2_0147483A
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147483A mov eax, dword ptr fs:[00000030h]2_2_0147483A
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E2840 mov ecx, dword ptr fs:[00000030h]2_2_013E2840
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149A8E4 mov eax, dword ptr fs:[00000030h]2_2_0149A8E4
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140C8F9 mov eax, dword ptr fs:[00000030h]2_2_0140C8F9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140C8F9 mov eax, dword ptr fs:[00000030h]2_2_0140C8F9
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D0887 mov eax, dword ptr fs:[00000030h]2_2_013D0887
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145C89D mov eax, dword ptr fs:[00000030h]2_2_0145C89D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FE8C0 mov eax, dword ptr fs:[00000030h]2_2_013FE8C0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01484B4B mov eax, dword ptr fs:[00000030h]2_2_01484B4B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01484B4B mov eax, dword ptr fs:[00000030h]2_2_01484B4B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01478B42 mov eax, dword ptr fs:[00000030h]2_2_01478B42
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01466B40 mov eax, dword ptr fs:[00000030h]2_2_01466B40
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01466B40 mov eax, dword ptr fs:[00000030h]2_2_01466B40
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0149AB40 mov eax, dword ptr fs:[00000030h]2_2_0149AB40
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147EB50 mov eax, dword ptr fs:[00000030h]2_2_0147EB50
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FEB20 mov eax, dword ptr fs:[00000030h]2_2_013FEB20
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FEB20 mov eax, dword ptr fs:[00000030h]2_2_013FEB20
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013CCB7E mov eax, dword ptr fs:[00000030h]2_2_013CCB7E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144EB1D mov eax, dword ptr fs:[00000030h]2_2_0144EB1D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144EB1D mov eax, dword ptr fs:[00000030h]2_2_0144EB1D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144EB1D mov eax, dword ptr fs:[00000030h]2_2_0144EB1D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144EB1D mov eax, dword ptr fs:[00000030h]2_2_0144EB1D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144EB1D mov eax, dword ptr fs:[00000030h]2_2_0144EB1D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144EB1D mov eax, dword ptr fs:[00000030h]2_2_0144EB1D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144EB1D mov eax, dword ptr fs:[00000030h]2_2_0144EB1D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144EB1D mov eax, dword ptr fs:[00000030h]2_2_0144EB1D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144EB1D mov eax, dword ptr fs:[00000030h]2_2_0144EB1D
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01498B28 mov eax, dword ptr fs:[00000030h]2_2_01498B28
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01498B28 mov eax, dword ptr fs:[00000030h]2_2_01498B28
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0BBE mov eax, dword ptr fs:[00000030h]2_2_013E0BBE
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0BBE mov eax, dword ptr fs:[00000030h]2_2_013E0BBE
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147EBD0 mov eax, dword ptr fs:[00000030h]2_2_0147EBD0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145CBF0 mov eax, dword ptr fs:[00000030h]2_2_0145CBF0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FEBFC mov eax, dword ptr fs:[00000030h]2_2_013FEBFC
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D8BF0 mov eax, dword ptr fs:[00000030h]2_2_013D8BF0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D8BF0 mov eax, dword ptr fs:[00000030h]2_2_013D8BF0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D8BF0 mov eax, dword ptr fs:[00000030h]2_2_013D8BF0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D0BCD mov eax, dword ptr fs:[00000030h]2_2_013D0BCD
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D0BCD mov eax, dword ptr fs:[00000030h]2_2_013D0BCD
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D0BCD mov eax, dword ptr fs:[00000030h]2_2_013D0BCD
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F0BCB mov eax, dword ptr fs:[00000030h]2_2_013F0BCB
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F0BCB mov eax, dword ptr fs:[00000030h]2_2_013F0BCB
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F0BCB mov eax, dword ptr fs:[00000030h]2_2_013F0BCB
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01484BB0 mov eax, dword ptr fs:[00000030h]2_2_01484BB0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01484BB0 mov eax, dword ptr fs:[00000030h]2_2_01484BB0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F4A35 mov eax, dword ptr fs:[00000030h]2_2_013F4A35
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013F4A35 mov eax, dword ptr fs:[00000030h]2_2_013F4A35
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013FEA2E mov eax, dword ptr fs:[00000030h]2_2_013FEA2E
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0147EA60 mov eax, dword ptr fs:[00000030h]2_2_0147EA60
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140CA6F mov eax, dword ptr fs:[00000030h]2_2_0140CA6F
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140CA6F mov eax, dword ptr fs:[00000030h]2_2_0140CA6F
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140CA6F mov eax, dword ptr fs:[00000030h]2_2_0140CA6F
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144CA72 mov eax, dword ptr fs:[00000030h]2_2_0144CA72
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0144CA72 mov eax, dword ptr fs:[00000030h]2_2_0144CA72
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0145CA11 mov eax, dword ptr fs:[00000030h]2_2_0145CA11
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140CA24 mov eax, dword ptr fs:[00000030h]2_2_0140CA24
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0A5B mov eax, dword ptr fs:[00000030h]2_2_013E0A5B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013E0A5B mov eax, dword ptr fs:[00000030h]2_2_013E0A5B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D6A50 mov eax, dword ptr fs:[00000030h]2_2_013D6A50
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D6A50 mov eax, dword ptr fs:[00000030h]2_2_013D6A50
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D6A50 mov eax, dword ptr fs:[00000030h]2_2_013D6A50
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D6A50 mov eax, dword ptr fs:[00000030h]2_2_013D6A50
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D6A50 mov eax, dword ptr fs:[00000030h]2_2_013D6A50
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D6A50 mov eax, dword ptr fs:[00000030h]2_2_013D6A50
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D6A50 mov eax, dword ptr fs:[00000030h]2_2_013D6A50
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140CA38 mov eax, dword ptr fs:[00000030h]2_2_0140CA38
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01426ACC mov eax, dword ptr fs:[00000030h]2_2_01426ACC
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01426ACC mov eax, dword ptr fs:[00000030h]2_2_01426ACC
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01426ACC mov eax, dword ptr fs:[00000030h]2_2_01426ACC
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01404AD0 mov eax, dword ptr fs:[00000030h]2_2_01404AD0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01404AD0 mov eax, dword ptr fs:[00000030h]2_2_01404AD0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D8AA0 mov eax, dword ptr fs:[00000030h]2_2_013D8AA0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D8AA0 mov eax, dword ptr fs:[00000030h]2_2_013D8AA0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140AAEE mov eax, dword ptr fs:[00000030h]2_2_0140AAEE
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_0140AAEE mov eax, dword ptr fs:[00000030h]2_2_0140AAEE
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DEA80 mov eax, dword ptr fs:[00000030h]2_2_013DEA80
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DEA80 mov eax, dword ptr fs:[00000030h]2_2_013DEA80
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DEA80 mov eax, dword ptr fs:[00000030h]2_2_013DEA80
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DEA80 mov eax, dword ptr fs:[00000030h]2_2_013DEA80
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DEA80 mov eax, dword ptr fs:[00000030h]2_2_013DEA80
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DEA80 mov eax, dword ptr fs:[00000030h]2_2_013DEA80
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DEA80 mov eax, dword ptr fs:[00000030h]2_2_013DEA80
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DEA80 mov eax, dword ptr fs:[00000030h]2_2_013DEA80
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013DEA80 mov eax, dword ptr fs:[00000030h]2_2_013DEA80
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_014A4A80 mov eax, dword ptr fs:[00000030h]2_2_014A4A80
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01408A90 mov edx, dword ptr fs:[00000030h]2_2_01408A90
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01426AA4 mov eax, dword ptr fs:[00000030h]2_2_01426AA4
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013D0AD0 mov eax, dword ptr fs:[00000030h]2_2_013D0AD0
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013C6D10 mov eax, dword ptr fs:[00000030h]2_2_013C6D10
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013C6D10 mov eax, dword ptr fs:[00000030h]2_2_013C6D10
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013C6D10 mov eax, dword ptr fs:[00000030h]2_2_013C6D10
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_01468D6B mov eax, dword ptr fs:[00000030h]2_2_01468D6B
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EAD00 mov eax, dword ptr fs:[00000030h]2_2_013EAD00
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EAD00 mov eax, dword ptr fs:[00000030h]2_2_013EAD00
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeCode function: 2_2_013EAD00 mov eax, dword ptr fs:[00000030h]2_2_013EAD00
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtCreateFile: Direct from: 0x77752FECJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtOpenFile: Direct from: 0x77752DCCJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtSetInformationThread: Direct from: 0x777463F9Jump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtQueryInformationToken: Direct from: 0x77752CACJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtTerminateThread: Direct from: 0x77752FCCJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtProtectVirtualMemory: Direct from: 0x77752F9CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtSetInformationProcess: Direct from: 0x77752C5CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtNotifyChangeKey: Direct from: 0x77753C2CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtOpenKeyEx: Direct from: 0x77752B9CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtOpenSection: Direct from: 0x77752E0CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtProtectVirtualMemory: Direct from: 0x77747B2EJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtAllocateVirtualMemory: Direct from: 0x777548ECJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtQueryVolumeInformationFile: Direct from: 0x77752F2CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtQuerySystemInformation: Direct from: 0x777548CCJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtAllocateVirtualMemory: Direct from: 0x77752BECJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtDeviceIoControlFile: Direct from: 0x77752AECJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtCreateUserProcess: Direct from: 0x7775371CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtWriteVirtualMemory: Direct from: 0x7775490CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtQueryInformationProcess: Direct from: 0x77752C26Jump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtResumeThread: Direct from: 0x77752FBCJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtReadVirtualMemory: Direct from: 0x77752E8CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtCreateKey: Direct from: 0x77752C6CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtSetInformationThread: Direct from: 0x77752B4CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtQueryAttributesFile: Direct from: 0x77752E6CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtAllocateVirtualMemory: Direct from: 0x77753C9CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtClose: Direct from: 0x77752B6C
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtCreateMutant: Direct from: 0x777535CCJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtWriteVirtualMemory: Direct from: 0x77752E3CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtMapViewOfSection: Direct from: 0x77752D1CJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtResumeThread: Direct from: 0x777536ACJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtReadFile: Direct from: 0x77752ADCJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtQuerySystemInformation: Direct from: 0x77752DFCJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtDelayExecution: Direct from: 0x77752DDCJump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeNtAllocateVirtualMemory: Direct from: 0x77752BFCJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeMemory written: C:\Users\user\Desktop\Vessel's inquiry - 22054.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: NULL target: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeSection loaded: NULL target: C:\Windows\SysWOW64\Utilman.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: NULL target: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: NULL target: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\Utilman.exeThread register set: target process: 7776Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\Utilman.exeThread APC queued: target process: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeProcess created: C:\Users\user\Desktop\Vessel's inquiry - 22054.exe "C:\Users\user\Desktop\Vessel's inquiry - 22054.exe"Jump to behavior
                Source: C:\Program Files (x86)\MUQXFMxOZMCrKjUyvmUGBguvjZuOxHTjwfoCVUSYNVuSEvKZLhBoIejbALeylmkCKOi\9gqi61vFxD2dyomn.exeProcess created: C:\Windows\SysWOW64\Utilman.exe "C:\Windows\SysWOW64\Utilman.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: 9gqi61vFxD2dyomn.exe, 0000000A.00000000.1389332823.0000000001100000.00000002.00000001.00040000.00000000.sdmp, 9gqi61vFxD2dyomn.exe, 0000000A.00000002.3657753009.0000000001101000.00000002.00000001.00040000.00000000.sdmp, 9gqi61vFxD2dyomn.exe, 0000000C.00000000.1542746672.0000000001470000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: XProgram Manager
                Source: 9gqi61vFxD2dyomn.exe, 0000000A.00000000.1389332823.0000000001100000.00000002.00000001.00040000.00000000.sdmp, 9gqi61vFxD2dyomn.exe, 0000000A.00000002.3657753009.0000000001101000.00000002.00000001.00040000.00000000.sdmp, 9gqi61vFxD2dyomn.exe, 0000000C.00000000.1542746672.0000000001470000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: 9gqi61vFxD2dyomn.exe, 0000000A.00000000.1389332823.0000000001100000.00000002.00000001.00040000.00000000.sdmp, 9gqi61vFxD2dyomn.exe, 0000000A.00000002.3657753009.0000000001101000.00000002.00000001.00040000.00000000.sdmp, 9gqi61vFxD2dyomn.exe, 0000000C.00000000.1542746672.0000000001470000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: 9gqi61vFxD2dyomn.exe, 0000000A.00000000.1389332823.0000000001100000.00000002.00000001.00040000.00000000.sdmp, 9gqi61vFxD2dyomn.exe, 0000000A.00000002.3657753009.0000000001101000.00000002.00000001.00040000.00000000.sdmp, 9gqi61vFxD2dyomn.exe, 0000000C.00000000.1542746672.0000000001470000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Users\user\Desktop\Vessel's inquiry - 22054.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeQueries volume information: C:\Windows\Fonts\GILSANUB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Vessel's inquiry - 22054.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Vessel's inquiry - 22054.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Vessel's inquiry - 22054.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.3660363847.0000000005360000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1469348449.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3658197272.0000000004A40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3658115106.00000000049F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3655658054.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1468691450.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1470766734.0000000002AF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3658118937.0000000003B60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\Utilman.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Vessel's inquiry - 22054.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Vessel's inquiry - 22054.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.3660363847.0000000005360000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1469348449.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3658197272.0000000004A40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3658115106.00000000049F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3655658054.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1468691450.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1470766734.0000000002AF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3658118937.0000000003B60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                Timestomp                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1665504 Sample: Vessel's inquiry - 22054.exe Startdate: 15/04/2025 Architecture: WINDOWS Score: 100 31 www.xxxvideosbox.xyz 2->31 33 www.vrpin.xyz 2->33 35 13 other IPs or domains 2->35 45 Antivirus detection for URL or domain 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 2 other signatures 2->53 10 Vessel's inquiry - 22054.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 29 C:\Users\...\Vessel's inquiry - 22054.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 Vessel's inquiry - 22054.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 9gqi61vFxD2dyomn.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 Utilman.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 9gqi61vFxD2dyomn.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.ax777.top 160.124.31.74, 49740, 49741, 49742 POWERLINE-AS-APPOWERLINEDATACENTERHK South Africa 23->37 39 www.xxxvideosbox.xyz 91.216.220.20, 49722, 80 OLIMPKZ-NETKZ Kazakhstan 23->39 41 7 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.