Windows Analysis Report
Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe

Overview

General Information

Sample name: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
renamed because original name is a hash value
Original sample name: Rendelsi szm 11-2024-pdf.bat.exe
Analysis ID: 1562190
MD5: f669eaf2b985a35f3b1bf21d73b7caf2
SHA1: e789d818889992fae7365386a24539a4b3bf2765
SHA256: 356358084caa4c8fbc4db1da7c5a15c9566182f8193dd17a979c22d0012c5016
Tags: exeHUNuser-smica83
Infos:

Detection

FormBook, GuLoader
Score: 84
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Yara detected FormBook
Yara detected GuLoader
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: http://enechado.ru.com/tk.bin Avira URL Cloud: Label: malware
Yara detected FormBook
Source: Yara match File source: 00000007.00000002.2971931474.0000000004A30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.2968077635.0000000033220000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.2971855670.00000000049E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2972278364.0000000002B40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.2968622258.0000000033880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Uses 32bit PE files
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: sdchange.pdbGCTL source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899524866.0000000003414000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899577369.000000000341D000.00000004.00000020.00020000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000002.2971778579.0000000000F08000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mshtml.pdb source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.0000000000649000.00000020.00000001.01000000.00000009.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: SkCSKJeVGx.exe, 00000006.00000002.2970784574.00000000007DE000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: wntdll.pdbUGP source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2836177680.0000000033386000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2833858757.00000000331DB000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000003.2949048299.0000000004993000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000003.2946820394.00000000047E6000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2836177680.0000000033386000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2833858757.00000000331DB000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, sdchange.exe, 00000007.00000003.2949048299.0000000004993000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000003.2946820394.00000000047E6000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: mshtml.pdbUGP source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.0000000000649000.00000020.00000001.01000000.00000009.sdmp
Source: Binary string: sdchange.pdb source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899524866.0000000003414000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899577369.000000000341D000.00000004.00000020.00020000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000002.2971778579.0000000000F08000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_004065C7 FindFirstFileW,FindClose, 0_2_004065C7
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_00405996
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_00402868 FindFirstFileW, 0_2_00402868
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 4x nop then xor eax, eax 7_2_02C59EF0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 4x nop then pop edi 7_2_02C5E52E
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 103.83.194.50 103.83.194.50
Source: Joe Sandbox View IP Address: 103.83.194.50 103.83.194.50
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49813 -> 103.83.194.50:80
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /tk.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: enechado.ru.comCache-Control: no-cache
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /tk.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: enechado.ru.comCache-Control: no-cache
Source: global traffic DNS traffic detected: DNS query: enechado.ru.com
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945021346.00000000033E5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://enechado.ru.com/tk.bin
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945021346.00000000033E5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://enechado.ru.com/tk.binH
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945021346.00000000033A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://enechado.ru.com/tk.binK
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945021346.00000000033A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://enechado.ru.com/tk.binR
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.0000000000649000.00000020.00000001.01000000.00000009.sdmp String found in binary or memory: http://www.ftp.ftp://ftp.gopher.
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.00000000005F2000.00000020.00000001.01000000.00000009.sdmp String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.00000000005F2000.00000020.00000001.01000000.00000009.sdmp String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.0000000000649000.00000020.00000001.01000000.00000009.sdmp String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_0040542B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_0040542B

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 00000007.00000002.2971931474.0000000004A30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.2968077635.0000000033220000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.2971855670.00000000049E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2972278364.0000000002B40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.2968622258.0000000033880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Process Stats: CPU usage > 49%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A35C0 NtCreateMutant,LdrInitializeThunk, 5_2_335A35C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2B60 NtClose,LdrInitializeThunk, 5_2_335A2B60
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2DF0 NtQuerySystemInformation,LdrInitializeThunk, 5_2_335A2DF0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2C70 NtFreeVirtualMemory,LdrInitializeThunk, 5_2_335A2C70
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A3010 NtOpenDirectoryObject, 5_2_335A3010
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A3090 NtSetValueKey, 5_2_335A3090
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A39B0 NtGetContextThread, 5_2_335A39B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A3D70 NtOpenThread, 5_2_335A3D70
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A3D10 NtOpenProcessToken, 5_2_335A3D10
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A4340 NtSetContextThread, 5_2_335A4340
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A4650 NtSuspendThread, 5_2_335A4650
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2BF0 NtAllocateVirtualMemory, 5_2_335A2BF0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2BE0 NtQueryValueKey, 5_2_335A2BE0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2B80 NtQueryInformationFile, 5_2_335A2B80
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2BA0 NtEnumerateValueKey, 5_2_335A2BA0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2AD0 NtReadFile, 5_2_335A2AD0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2AF0 NtWriteFile, 5_2_335A2AF0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2AB0 NtWaitForSingleObject, 5_2_335A2AB0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2F60 NtCreateProcessEx, 5_2_335A2F60
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2F30 NtCreateSection, 5_2_335A2F30
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2FE0 NtCreateFile, 5_2_335A2FE0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2F90 NtProtectVirtualMemory, 5_2_335A2F90
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2FB0 NtResumeThread, 5_2_335A2FB0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2FA0 NtQuerySection, 5_2_335A2FA0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2E30 NtWriteVirtualMemory, 5_2_335A2E30
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2EE0 NtQueueApcThread, 5_2_335A2EE0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2E80 NtReadVirtualMemory, 5_2_335A2E80
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2EA0 NtAdjustPrivilegesToken, 5_2_335A2EA0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2D10 NtMapViewOfSection, 5_2_335A2D10
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2D00 NtSetInformationFile, 5_2_335A2D00
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2D30 NtUnmapViewOfSection, 5_2_335A2D30
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2DD0 NtDelayExecution, 5_2_335A2DD0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2DB0 NtEnumerateKey, 5_2_335A2DB0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2C60 NtCreateKey, 5_2_335A2C60
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2C00 NtQueryInformationProcess, 5_2_335A2C00
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2CC0 NtQueryVirtualMemory, 5_2_335A2CC0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2CF0 NtOpenProcess, 5_2_335A2CF0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A2CA0 NtQueryInformationToken, 5_2_335A2CA0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2CA0 NtQueryInformationToken,LdrInitializeThunk, 7_2_04BB2CA0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2C70 NtFreeVirtualMemory,LdrInitializeThunk, 7_2_04BB2C70
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2DF0 NtQuerySystemInformation,LdrInitializeThunk, 7_2_04BB2DF0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2D10 NtMapViewOfSection,LdrInitializeThunk, 7_2_04BB2D10
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2FE0 NtCreateFile,LdrInitializeThunk, 7_2_04BB2FE0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2F30 NtCreateSection,LdrInitializeThunk, 7_2_04BB2F30
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2AD0 NtReadFile,LdrInitializeThunk, 7_2_04BB2AD0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2BF0 NtAllocateVirtualMemory,LdrInitializeThunk, 7_2_04BB2BF0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2B60 NtClose,LdrInitializeThunk, 7_2_04BB2B60
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB35C0 NtCreateMutant,LdrInitializeThunk, 7_2_04BB35C0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB4650 NtSuspendThread, 7_2_04BB4650
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB4340 NtSetContextThread, 7_2_04BB4340
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2CF0 NtOpenProcess, 7_2_04BB2CF0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2CC0 NtQueryVirtualMemory, 7_2_04BB2CC0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2C00 NtQueryInformationProcess, 7_2_04BB2C00
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2C60 NtCreateKey, 7_2_04BB2C60
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2DB0 NtEnumerateKey, 7_2_04BB2DB0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2DD0 NtDelayExecution, 7_2_04BB2DD0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2D30 NtUnmapViewOfSection, 7_2_04BB2D30
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2D00 NtSetInformationFile, 7_2_04BB2D00
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2EA0 NtAdjustPrivilegesToken, 7_2_04BB2EA0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2E80 NtReadVirtualMemory, 7_2_04BB2E80
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2EE0 NtQueueApcThread, 7_2_04BB2EE0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2E30 NtWriteVirtualMemory, 7_2_04BB2E30
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2FB0 NtResumeThread, 7_2_04BB2FB0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2FA0 NtQuerySection, 7_2_04BB2FA0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2F90 NtProtectVirtualMemory, 7_2_04BB2F90
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2F60 NtCreateProcessEx, 7_2_04BB2F60
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2AB0 NtWaitForSingleObject, 7_2_04BB2AB0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2AF0 NtWriteFile, 7_2_04BB2AF0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2BA0 NtEnumerateValueKey, 7_2_04BB2BA0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2B80 NtQueryInformationFile, 7_2_04BB2B80
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB2BE0 NtQueryValueKey, 7_2_04BB2BE0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB3090 NtSetValueKey, 7_2_04BB3090
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB3010 NtOpenDirectoryObject, 7_2_04BB3010
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB3D10 NtOpenProcessToken, 7_2_04BB3D10
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB3D70 NtOpenThread, 7_2_04BB3D70
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB39B0 NtGetContextThread, 7_2_04BB39B0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C79700 NtReadFile, 7_2_02C79700
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C79590 NtCreateFile, 7_2_02C79590
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C79A10 NtAllocateVirtualMemory, 7_2_02C79A10
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C798A0 NtClose, 7_2_02C798A0
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_00403359
Creates files inside the system directory
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe File created: C:\Windows\resources\0809 Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe File created: C:\Windows\resources\0809\mysterist.ini Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_00404C68 0_2_00404C68
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_0040698E 0_2_0040698E
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_6FBC1B63 0_2_6FBC1B63
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355D34C 5_2_3355D34C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362132D 5_2_3362132D
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335B739A 5_2_335B739A
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358B2C0 5_2_3358B2C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358D2F0 5_2_3358D2F0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335752A0 5_2_335752A0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3363B16B 5_2_3363B16B
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A516C 5_2_335A516C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357B1B0 5_2_3357B1B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362F0E0 5_2_3362F0E0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336270E9 5_2_336270E9
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361F0CC 5_2_3361F0CC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362F7B0 5_2_3362F7B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336216CC 5_2_336216CC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33627571 5_2_33627571
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360D5B0 5_2_3360D5B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33561460 5_2_33561460
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362F43F 5_2_3362F43F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362FB76 5_2_3362FB76
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335ADBF9 5_2_335ADBF9
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E5BF0 5_2_335E5BF0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358FB80 5_2_3358FB80
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33627A46 5_2_33627A46
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362FA49 5_2_3362FA49
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E3A6C 5_2_335E3A6C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361DAC6 5_2_3361DAC6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33611AA3 5_2_33611AA3
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360DAAC 5_2_3360DAAC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335B5AA0 5_2_335B5AA0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33579950 5_2_33579950
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358B950 5_2_3358B950
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33605910 5_2_33605910
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335DD800 5_2_335DD800
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335738E0 5_2_335738E0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362FF09 5_2_3362FF09
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33571F92 5_2_33571F92
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362FFB1 5_2_3362FFB1
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33579EB0 5_2_33579EB0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33627D73 5_2_33627D73
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33573D40 5_2_33573D40
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33621D5A 5_2_33621D5A
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358FDC0 5_2_3358FDC0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E9C32 5_2_335E9C32
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362FCF2 5_2_3362FCF2
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362A352 5_2_3362A352
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336303E6 5_2_336303E6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357E3F0 5_2_3357E3F0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33610274 5_2_33610274
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F02C0 5_2_335F02C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F8158 5_2_335F8158
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33560100 5_2_33560100
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360A118 5_2_3360A118
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336281CC 5_2_336281CC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336241A2 5_2_336241A2
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336301AA 5_2_336301AA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33602000 5_2_33602000
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33594750 5_2_33594750
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33570770 5_2_33570770
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356C7C0 5_2_3356C7C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358C6E0 5_2_3358C6E0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33570535 5_2_33570535
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33630591 5_2_33630591
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33622446 5_2_33622446
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33614420 5_2_33614420
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361E4F6 5_2_3361E4F6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362AB40 5_2_3362AB40
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33626BD7 5_2_33626BD7
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356EA80 5_2_3356EA80
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33586962 5_2_33586962
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3363A9A6 5_2_3363A9A6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335729A0 5_2_335729A0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33572840 5_2_33572840
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357A840 5_2_3357A840
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3359E8F0 5_2_3359E8F0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335568B8 5_2_335568B8
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E4F40 5_2_335E4F40
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33612F30 5_2_33612F30
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33590F30 5_2_33590F30
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335B2F28 5_2_335B2F28
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33562FC8 5_2_33562FC8
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357CFE0 5_2_3357CFE0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335EEFA0 5_2_335EEFA0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33570E59 5_2_33570E59
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362EE26 5_2_3362EE26
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362EEDB 5_2_3362EEDB
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33582E90 5_2_33582E90
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362CE93 5_2_3362CE93
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357AD00 5_2_3357AD00
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360CD1F 5_2_3360CD1F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356ADE0 5_2_3356ADE0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33588DBF 5_2_33588DBF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33570C00 5_2_33570C00
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33560CF2 5_2_33560CF2
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33610CB5 5_2_33610CB5
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C2E4F6 7_2_04C2E4F6
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C32446 7_2_04C32446
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C24420 7_2_04C24420
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C40591 7_2_04C40591
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B80535 7_2_04B80535
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B9C6E0 7_2_04B9C6E0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B7C7C0 7_2_04B7C7C0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B80770 7_2_04B80770
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BA4750 7_2_04BA4750
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C12000 7_2_04C12000
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C381CC 7_2_04C381CC
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C341A2 7_2_04C341A2
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C401AA 7_2_04C401AA
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C08158 7_2_04C08158
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B70100 7_2_04B70100
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C1A118 7_2_04C1A118
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C002C0 7_2_04C002C0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C20274 7_2_04C20274
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C403E6 7_2_04C403E6
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B8E3F0 7_2_04B8E3F0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C3A352 7_2_04C3A352
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B70CF2 7_2_04B70CF2
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C20CB5 7_2_04C20CB5
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B80C00 7_2_04B80C00
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B98DBF 7_2_04B98DBF
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B7ADE0 7_2_04B7ADE0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B8AD00 7_2_04B8AD00
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C1CD1F 7_2_04C1CD1F
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C3EEDB 7_2_04C3EEDB
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B92E90 7_2_04B92E90
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C3CE93 7_2_04C3CE93
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B80E59 7_2_04B80E59
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C3EE26 7_2_04C3EE26
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BFEFA0 7_2_04BFEFA0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B72FC8 7_2_04B72FC8
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BA0F30 7_2_04BA0F30
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BC2F28 7_2_04BC2F28
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C22F30 7_2_04C22F30
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BF4F40 7_2_04BF4F40
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B668B8 7_2_04B668B8
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BAE8F0 7_2_04BAE8F0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B82840 7_2_04B82840
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B8A840 7_2_04B8A840
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B829A0 7_2_04B829A0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C4A9A6 7_2_04C4A9A6
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B96962 7_2_04B96962
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B7EA80 7_2_04B7EA80
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C36BD7 7_2_04C36BD7
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C3AB40 7_2_04C3AB40
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B71460 7_2_04B71460
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C3F43F 7_2_04C3F43F
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C495C3 7_2_04C495C3
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C1D5B0 7_2_04C1D5B0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C37571 7_2_04C37571
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C316CC 7_2_04C316CC
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BC5630 7_2_04BC5630
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C3F7B0 7_2_04C3F7B0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C2F0CC 7_2_04C2F0CC
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C3F0E0 7_2_04C3F0E0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C370E9 7_2_04C370E9
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B870C0 7_2_04B870C0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B8B1B0 7_2_04B8B1B0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C4B16B 7_2_04C4B16B
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B6F172 7_2_04B6F172
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BB516C 7_2_04BB516C
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B852A0 7_2_04B852A0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C212ED 7_2_04C212ED
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B9D2F0 7_2_04B9D2F0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B9B2C0 7_2_04B9B2C0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BC739A 7_2_04BC739A
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C3132D 7_2_04C3132D
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B6D34C 7_2_04B6D34C
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C3FCF2 7_2_04C3FCF2
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BF9C32 7_2_04BF9C32
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B9FDC0 7_2_04B9FDC0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C31D5A 7_2_04C31D5A
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C37D73 7_2_04C37D73
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B83D40 7_2_04B83D40
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B89EB0 7_2_04B89EB0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B81F92 7_2_04B81F92
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B43FD5 7_2_04B43FD5
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B43FD2 7_2_04B43FD2
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C3FFB1 7_2_04C3FFB1
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C3FF09 7_2_04C3FF09
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B838E0 7_2_04B838E0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BED800 7_2_04BED800
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C15910 7_2_04C15910
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B89950 7_2_04B89950
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B9B950 7_2_04B9B950
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C2DAC6 7_2_04C2DAC6
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BC5AA0 7_2_04BC5AA0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C21AA3 7_2_04C21AA3
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C1DAAC 7_2_04C1DAAC
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C37A46 7_2_04C37A46
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C3FA49 7_2_04C3FA49
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BF3A6C 7_2_04BF3A6C
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B9FB80 7_2_04B9FB80
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BBDBF9 7_2_04BBDBF9
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04BF5BF0 7_2_04BF5BF0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04C3FB76 7_2_04C3FB76
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C62080 7_2_02C62080
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C5CF40 7_2_02C5CF40
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C5CF3A 7_2_02C5CF3A
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C5B29F 7_2_02C5B29F
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C5B2A0 7_2_02C5B2A0
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C513A1 7_2_02C513A1
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C5B150 7_2_02C5B150
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C5D160 7_2_02C5D160
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C65740 7_2_02C65740
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C638F9 7_2_02C638F9
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C63942 7_2_02C63942
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C63940 7_2_02C63940
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C7BEB0 7_2_02C7BEB0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: String function: 335DEA12 appears 82 times
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: String function: 3355B970 appears 262 times
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: String function: 335B7E54 appears 100 times
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: String function: 335EF290 appears 103 times
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: String function: 335A5130 appears 58 times
Source: C:\Windows\SysWOW64\sdchange.exe Code function: String function: 04BEEA12 appears 86 times
Source: C:\Windows\SysWOW64\sdchange.exe Code function: String function: 04BFF290 appears 103 times
Source: C:\Windows\SysWOW64\sdchange.exe Code function: String function: 04BC7E54 appears 107 times
Source: C:\Windows\SysWOW64\sdchange.exe Code function: String function: 04B6B970 appears 262 times
Source: C:\Windows\SysWOW64\sdchange.exe Code function: String function: 04BB5130 appears 58 times
Sample file is different than original file name gathered from version info
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2836177680.00000000334B3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899524866.0000000003414000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesdchange.exej% vs Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.0000000033801000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899577369.000000000341D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesdchange.exej% vs Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2833858757.00000000332FE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
Uses 32bit PE files
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: mal84.troj.evad.winEXE@5/9@2/1
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_00403359
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_004046EC GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_004046EC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_00402104 CoCreateInstance, 0_2_00402104
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe File created: C:\Users\user\AppData\Local\Temp\nss4058.tmp Jump to behavior
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe File read: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe"
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Process created: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe"
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe Process created: C:\Windows\SysWOW64\sdchange.exe "C:\Windows\SysWOW64\sdchange.exe"
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Process created: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe" Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe Process created: C:\Windows\SysWOW64\sdchange.exe "C:\Windows\SysWOW64\sdchange.exe" Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe File written: C:\Windows\Resources\0809\mysterist.ini Jump to behavior
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: sdchange.pdbGCTL source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899524866.0000000003414000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899577369.000000000341D000.00000004.00000020.00020000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000002.2971778579.0000000000F08000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mshtml.pdb source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.0000000000649000.00000020.00000001.01000000.00000009.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: SkCSKJeVGx.exe, 00000006.00000002.2970784574.00000000007DE000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: wntdll.pdbUGP source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2836177680.0000000033386000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2833858757.00000000331DB000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000003.2949048299.0000000004993000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000003.2946820394.00000000047E6000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2836177680.0000000033386000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2833858757.00000000331DB000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, sdchange.exe, 00000007.00000003.2949048299.0000000004993000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000003.2946820394.00000000047E6000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: mshtml.pdbUGP source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.0000000000649000.00000020.00000001.01000000.00000009.sdmp
Source: Binary string: sdchange.pdb source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899524866.0000000003414000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899577369.000000000341D000.00000004.00000020.00020000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000002.2971778579.0000000000F08000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation
barindex
Yara detected GuLoader
Source: Yara match File source: 00000000.00000002.2572461469.0000000004B5D000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_6FBC1B63 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, 0_2_6FBC1B63
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_6FBC2FD0 push eax; ret 0_2_6FBC2FFE
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335609AD push ecx; mov dword ptr [esp], ecx 5_2_335609B6
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B427FA pushad ; ret 7_2_04B427F9
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B4225F pushad ; ret 7_2_04B427F9
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B4283D push eax; iretd 7_2_04B42858
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B709AD push ecx; mov dword ptr [esp], ecx 7_2_04B709B6
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_04B418F3 push edx; ret 7_2_04B41906
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C6C715 pushad ; retf 7_2_02C6C718
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C5E8DC push ds; retf 7_2_02C5E8E3
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C7091D pushad ; iretd 7_2_02C7091E
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C60CA1 push CD2A7FC7h; retf 7_2_02C60CA6
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C5149A pushfd ; ret 7_2_02C5149D
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C51AD6 push ss; retf 7_2_02C51B12
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C67A01 pushad ; ret 7_2_02C67A05
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C61B79 push es; ret 7_2_02C61B78
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C61B12 push es; ret 7_2_02C61B78
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C578D4 push eax; retf 7_2_02C578D5
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C6F84F push esi; ret 7_2_02C6F857
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C6B9DF push ebx; ret 7_2_02C6B9EB
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C67C19 push esi; ret 7_2_02C67C27
Source: C:\Windows\SysWOW64\sdchange.exe Code function: 7_2_02C67C20 push esi; ret 7_2_02C67C27
Drops PE files
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe File created: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe File created: C:\Users\user\AppData\Local\Temp\nso4347.tmp\LangDLL.dll Jump to dropped file
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\sdchange.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Switches to a custom stack to bypass stack traces
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe API/Special instruction interceptor: Address: 54464CE
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe API/Special instruction interceptor: Address: 20464CE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe RDTSC instruction interceptor: First address: 540467D second address: 540467D instructions: 0x00000000 rdtsc 0x00000002 test ecx, edx 0x00000004 cmp ebx, ecx 0x00000006 jc 00007FDA20535368h 0x00000008 inc ebp 0x00000009 inc ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe RDTSC instruction interceptor: First address: 200467D second address: 200467D instructions: 0x00000000 rdtsc 0x00000002 test ecx, edx 0x00000004 cmp ebx, ecx 0x00000006 jc 00007FDA20DE4298h 0x00000008 inc ebp 0x00000009 inc ebx 0x0000000a rdtsc
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335DD1C0 rdtsc 5_2_335DD1C0
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nso4347.tmp\LangDLL.dll Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe API coverage: 0.2 %
Source: C:\Windows\SysWOW64\sdchange.exe API coverage: 1.2 %
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_004065C7 FindFirstFileW,FindClose, 0_2_004065C7
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_00405996
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_00402868 FindFirstFileW, 0_2_00402868
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945021346.00000000033A8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWx
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2834132563.000000000340A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945141009.00000000033FE000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2834132563.00000000033FE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW|`
Source: sdchange.exe, 00000007.00000002.2971107059.0000000002EC6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe API call chain: ExitProcess graph end node
Source: C:\Windows\SysWOW64\sdchange.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Windows\SysWOW64\sdchange.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335DD1C0 rdtsc 5_2_335DD1C0
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A35C0 NtCreateMutant,LdrInitializeThunk, 5_2_335A35C0
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_6FBC1B63 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, 0_2_6FBC1B63
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33559353 mov eax, dword ptr fs:[00000030h] 5_2_33559353
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33559353 mov eax, dword ptr fs:[00000030h] 5_2_33559353
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361F367 mov eax, dword ptr fs:[00000030h] 5_2_3361F367
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33603370 mov eax, dword ptr fs:[00000030h] 5_2_33603370
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355D34C mov eax, dword ptr fs:[00000030h] 5_2_3355D34C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355D34C mov eax, dword ptr fs:[00000030h] 5_2_3355D34C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33635341 mov eax, dword ptr fs:[00000030h] 5_2_33635341
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33567370 mov eax, dword ptr fs:[00000030h] 5_2_33567370
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33567370 mov eax, dword ptr fs:[00000030h] 5_2_33567370
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33567370 mov eax, dword ptr fs:[00000030h] 5_2_33567370
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362132D mov eax, dword ptr fs:[00000030h] 5_2_3362132D
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362132D mov eax, dword ptr fs:[00000030h] 5_2_3362132D
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E930B mov eax, dword ptr fs:[00000030h] 5_2_335E930B
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E930B mov eax, dword ptr fs:[00000030h] 5_2_335E930B
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E930B mov eax, dword ptr fs:[00000030h] 5_2_335E930B
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33557330 mov eax, dword ptr fs:[00000030h] 5_2_33557330
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358F32A mov eax, dword ptr fs:[00000030h] 5_2_3358F32A
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361F3E6 mov eax, dword ptr fs:[00000030h] 5_2_3361F3E6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336353FC mov eax, dword ptr fs:[00000030h] 5_2_336353FC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361B3D0 mov ecx, dword ptr fs:[00000030h] 5_2_3361B3D0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335B739A mov eax, dword ptr fs:[00000030h] 5_2_335B739A
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335B739A mov eax, dword ptr fs:[00000030h] 5_2_335B739A
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336013B9 mov eax, dword ptr fs:[00000030h] 5_2_336013B9
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336013B9 mov eax, dword ptr fs:[00000030h] 5_2_336013B9
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336013B9 mov eax, dword ptr fs:[00000030h] 5_2_336013B9
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335933A0 mov eax, dword ptr fs:[00000030h] 5_2_335933A0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335933A0 mov eax, dword ptr fs:[00000030h] 5_2_335933A0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335833A5 mov eax, dword ptr fs:[00000030h] 5_2_335833A5
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3363539D mov eax, dword ptr fs:[00000030h] 5_2_3363539D
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362D26B mov eax, dword ptr fs:[00000030h] 5_2_3362D26B
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362D26B mov eax, dword ptr fs:[00000030h] 5_2_3362D26B
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3359724D mov eax, dword ptr fs:[00000030h] 5_2_3359724D
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33559240 mov eax, dword ptr fs:[00000030h] 5_2_33559240
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33559240 mov eax, dword ptr fs:[00000030h] 5_2_33559240
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A1270 mov eax, dword ptr fs:[00000030h] 5_2_335A1270
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A1270 mov eax, dword ptr fs:[00000030h] 5_2_335A1270
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33589274 mov eax, dword ptr fs:[00000030h] 5_2_33589274
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361B256 mov eax, dword ptr fs:[00000030h] 5_2_3361B256
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361B256 mov eax, dword ptr fs:[00000030h] 5_2_3361B256
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33635227 mov eax, dword ptr fs:[00000030h] 5_2_33635227
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33597208 mov eax, dword ptr fs:[00000030h] 5_2_33597208
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33597208 mov eax, dword ptr fs:[00000030h] 5_2_33597208
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336352E2 mov eax, dword ptr fs:[00000030h] 5_2_336352E2
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355B2D3 mov eax, dword ptr fs:[00000030h] 5_2_3355B2D3
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355B2D3 mov eax, dword ptr fs:[00000030h] 5_2_3355B2D3
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355B2D3 mov eax, dword ptr fs:[00000030h] 5_2_3355B2D3
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358F2D0 mov eax, dword ptr fs:[00000030h] 5_2_3358F2D0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358F2D0 mov eax, dword ptr fs:[00000030h] 5_2_3358F2D0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED mov eax, dword ptr fs:[00000030h] 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED mov eax, dword ptr fs:[00000030h] 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED mov eax, dword ptr fs:[00000030h] 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED mov eax, dword ptr fs:[00000030h] 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED mov eax, dword ptr fs:[00000030h] 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED mov eax, dword ptr fs:[00000030h] 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED mov eax, dword ptr fs:[00000030h] 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED mov eax, dword ptr fs:[00000030h] 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED mov eax, dword ptr fs:[00000030h] 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED mov eax, dword ptr fs:[00000030h] 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED mov eax, dword ptr fs:[00000030h] 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED mov eax, dword ptr fs:[00000030h] 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED mov eax, dword ptr fs:[00000030h] 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336112ED mov eax, dword ptr fs:[00000030h] 5_2_336112ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360B2F0 mov eax, dword ptr fs:[00000030h] 5_2_3360B2F0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360B2F0 mov eax, dword ptr fs:[00000030h] 5_2_3360B2F0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335692C5 mov eax, dword ptr fs:[00000030h] 5_2_335692C5
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335692C5 mov eax, dword ptr fs:[00000030h] 5_2_335692C5
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358B2C0 mov eax, dword ptr fs:[00000030h] 5_2_3358B2C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358B2C0 mov eax, dword ptr fs:[00000030h] 5_2_3358B2C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358B2C0 mov eax, dword ptr fs:[00000030h] 5_2_3358B2C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358B2C0 mov eax, dword ptr fs:[00000030h] 5_2_3358B2C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358B2C0 mov eax, dword ptr fs:[00000030h] 5_2_3358B2C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358B2C0 mov eax, dword ptr fs:[00000030h] 5_2_3358B2C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358B2C0 mov eax, dword ptr fs:[00000030h] 5_2_3358B2C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361F2F8 mov eax, dword ptr fs:[00000030h] 5_2_3361F2F8
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335592FF mov eax, dword ptr fs:[00000030h] 5_2_335592FF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336292A6 mov eax, dword ptr fs:[00000030h] 5_2_336292A6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336292A6 mov eax, dword ptr fs:[00000030h] 5_2_336292A6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336292A6 mov eax, dword ptr fs:[00000030h] 5_2_336292A6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336292A6 mov eax, dword ptr fs:[00000030h] 5_2_336292A6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3359329E mov eax, dword ptr fs:[00000030h] 5_2_3359329E
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3359329E mov eax, dword ptr fs:[00000030h] 5_2_3359329E
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33635283 mov eax, dword ptr fs:[00000030h] 5_2_33635283
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E92BC mov eax, dword ptr fs:[00000030h] 5_2_335E92BC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E92BC mov eax, dword ptr fs:[00000030h] 5_2_335E92BC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E92BC mov ecx, dword ptr fs:[00000030h] 5_2_335E92BC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E92BC mov ecx, dword ptr fs:[00000030h] 5_2_335E92BC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335752A0 mov eax, dword ptr fs:[00000030h] 5_2_335752A0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335752A0 mov eax, dword ptr fs:[00000030h] 5_2_335752A0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335752A0 mov eax, dword ptr fs:[00000030h] 5_2_335752A0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335752A0 mov eax, dword ptr fs:[00000030h] 5_2_335752A0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F72A0 mov eax, dword ptr fs:[00000030h] 5_2_335F72A0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F72A0 mov eax, dword ptr fs:[00000030h] 5_2_335F72A0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33567152 mov eax, dword ptr fs:[00000030h] 5_2_33567152
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33559148 mov eax, dword ptr fs:[00000030h] 5_2_33559148
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33559148 mov eax, dword ptr fs:[00000030h] 5_2_33559148
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33559148 mov eax, dword ptr fs:[00000030h] 5_2_33559148
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33559148 mov eax, dword ptr fs:[00000030h] 5_2_33559148
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F3140 mov eax, dword ptr fs:[00000030h] 5_2_335F3140
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F3140 mov eax, dword ptr fs:[00000030h] 5_2_335F3140
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F3140 mov eax, dword ptr fs:[00000030h] 5_2_335F3140
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F9179 mov eax, dword ptr fs:[00000030h] 5_2_335F9179
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h] 5_2_3355F172
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33635152 mov eax, dword ptr fs:[00000030h] 5_2_33635152
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355B136 mov eax, dword ptr fs:[00000030h] 5_2_3355B136
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355B136 mov eax, dword ptr fs:[00000030h] 5_2_3355B136
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355B136 mov eax, dword ptr fs:[00000030h] 5_2_3355B136
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355B136 mov eax, dword ptr fs:[00000030h] 5_2_3355B136
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33561131 mov eax, dword ptr fs:[00000030h] 5_2_33561131
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33561131 mov eax, dword ptr fs:[00000030h] 5_2_33561131
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3359D1D0 mov eax, dword ptr fs:[00000030h] 5_2_3359D1D0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3359D1D0 mov ecx, dword ptr fs:[00000030h] 5_2_3359D1D0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336071F9 mov esi, dword ptr fs:[00000030h] 5_2_336071F9
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336351CB mov eax, dword ptr fs:[00000030h] 5_2_336351CB
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335851EF mov eax, dword ptr fs:[00000030h] 5_2_335851EF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335851EF mov eax, dword ptr fs:[00000030h] 5_2_335851EF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335851EF mov eax, dword ptr fs:[00000030h] 5_2_335851EF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335851EF mov eax, dword ptr fs:[00000030h] 5_2_335851EF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335851EF mov eax, dword ptr fs:[00000030h] 5_2_335851EF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335851EF mov eax, dword ptr fs:[00000030h] 5_2_335851EF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335851EF mov eax, dword ptr fs:[00000030h] 5_2_335851EF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335851EF mov eax, dword ptr fs:[00000030h] 5_2_335851EF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335851EF mov eax, dword ptr fs:[00000030h] 5_2_335851EF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335851EF mov eax, dword ptr fs:[00000030h] 5_2_335851EF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335851EF mov eax, dword ptr fs:[00000030h] 5_2_335851EF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335851EF mov eax, dword ptr fs:[00000030h] 5_2_335851EF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335851EF mov eax, dword ptr fs:[00000030h] 5_2_335851EF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335651ED mov eax, dword ptr fs:[00000030h] 5_2_335651ED
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336111A4 mov eax, dword ptr fs:[00000030h] 5_2_336111A4
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336111A4 mov eax, dword ptr fs:[00000030h] 5_2_336111A4
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336111A4 mov eax, dword ptr fs:[00000030h] 5_2_336111A4
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336111A4 mov eax, dword ptr fs:[00000030h] 5_2_336111A4
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335B7190 mov eax, dword ptr fs:[00000030h] 5_2_335B7190
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33615180 mov eax, dword ptr fs:[00000030h] 5_2_33615180
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33615180 mov eax, dword ptr fs:[00000030h] 5_2_33615180
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357B1B0 mov eax, dword ptr fs:[00000030h] 5_2_3357B1B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33635060 mov eax, dword ptr fs:[00000030h] 5_2_33635060
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358B052 mov eax, dword ptr fs:[00000030h] 5_2_3358B052
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33571070 mov eax, dword ptr fs:[00000030h] 5_2_33571070
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33571070 mov ecx, dword ptr fs:[00000030h] 5_2_33571070
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33571070 mov eax, dword ptr fs:[00000030h] 5_2_33571070
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33571070 mov eax, dword ptr fs:[00000030h] 5_2_33571070
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33571070 mov eax, dword ptr fs:[00000030h] 5_2_33571070
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33571070 mov eax, dword ptr fs:[00000030h] 5_2_33571070
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33571070 mov eax, dword ptr fs:[00000030h] 5_2_33571070
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33571070 mov eax, dword ptr fs:[00000030h] 5_2_33571070
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33571070 mov eax, dword ptr fs:[00000030h] 5_2_33571070
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33571070 mov eax, dword ptr fs:[00000030h] 5_2_33571070
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33571070 mov eax, dword ptr fs:[00000030h] 5_2_33571070
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33571070 mov eax, dword ptr fs:[00000030h] 5_2_33571070
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33571070 mov eax, dword ptr fs:[00000030h] 5_2_33571070
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335DD070 mov ecx, dword ptr fs:[00000030h] 5_2_335DD070
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E106E mov eax, dword ptr fs:[00000030h] 5_2_335E106E
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360705E mov ebx, dword ptr fs:[00000030h] 5_2_3360705E
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360705E mov eax, dword ptr fs:[00000030h] 5_2_3360705E
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362903E mov eax, dword ptr fs:[00000030h] 5_2_3362903E
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362903E mov eax, dword ptr fs:[00000030h] 5_2_3362903E
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362903E mov eax, dword ptr fs:[00000030h] 5_2_3362903E
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362903E mov eax, dword ptr fs:[00000030h] 5_2_3362903E
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335890DB mov eax, dword ptr fs:[00000030h] 5_2_335890DB
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov ecx, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov ecx, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov ecx, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov ecx, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h] 5_2_335770C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335DD0C0 mov eax, dword ptr fs:[00000030h] 5_2_335DD0C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335DD0C0 mov eax, dword ptr fs:[00000030h] 5_2_335DD0C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336350D9 mov eax, dword ptr fs:[00000030h] 5_2_336350D9
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335850E4 mov eax, dword ptr fs:[00000030h] 5_2_335850E4
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335850E4 mov ecx, dword ptr fs:[00000030h] 5_2_335850E4
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33565096 mov eax, dword ptr fs:[00000030h] 5_2_33565096
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3359909C mov eax, dword ptr fs:[00000030h] 5_2_3359909C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358D090 mov eax, dword ptr fs:[00000030h] 5_2_3358D090
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358D090 mov eax, dword ptr fs:[00000030h] 5_2_3358D090
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355D08D mov eax, dword ptr fs:[00000030h] 5_2_3355D08D
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335ED080 mov eax, dword ptr fs:[00000030h] 5_2_335ED080
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335ED080 mov eax, dword ptr fs:[00000030h] 5_2_335ED080
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33573740 mov eax, dword ptr fs:[00000030h] 5_2_33573740
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33573740 mov eax, dword ptr fs:[00000030h] 5_2_33573740
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33573740 mov eax, dword ptr fs:[00000030h] 5_2_33573740
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33633749 mov eax, dword ptr fs:[00000030h] 5_2_33633749
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355B765 mov eax, dword ptr fs:[00000030h] 5_2_3355B765
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355B765 mov eax, dword ptr fs:[00000030h] 5_2_3355B765
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355B765 mov eax, dword ptr fs:[00000030h] 5_2_3355B765
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355B765 mov eax, dword ptr fs:[00000030h] 5_2_3355B765
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360375F mov eax, dword ptr fs:[00000030h] 5_2_3360375F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360375F mov eax, dword ptr fs:[00000030h] 5_2_3360375F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360375F mov eax, dword ptr fs:[00000030h] 5_2_3360375F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360375F mov eax, dword ptr fs:[00000030h] 5_2_3360375F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360375F mov eax, dword ptr fs:[00000030h] 5_2_3360375F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3359F71F mov eax, dword ptr fs:[00000030h] 5_2_3359F71F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3359F71F mov eax, dword ptr fs:[00000030h] 5_2_3359F71F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3362972B mov eax, dword ptr fs:[00000030h] 5_2_3362972B
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361F72E mov eax, dword ptr fs:[00000030h] 5_2_3361F72E
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33565702 mov eax, dword ptr fs:[00000030h] 5_2_33565702
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33565702 mov eax, dword ptr fs:[00000030h] 5_2_33565702
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33567703 mov eax, dword ptr fs:[00000030h] 5_2_33567703
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3363B73C mov eax, dword ptr fs:[00000030h] 5_2_3363B73C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3363B73C mov eax, dword ptr fs:[00000030h] 5_2_3363B73C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3363B73C mov eax, dword ptr fs:[00000030h] 5_2_3363B73C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3363B73C mov eax, dword ptr fs:[00000030h] 5_2_3363B73C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33559730 mov eax, dword ptr fs:[00000030h] 5_2_33559730
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33559730 mov eax, dword ptr fs:[00000030h] 5_2_33559730
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356973A mov eax, dword ptr fs:[00000030h] 5_2_3356973A
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356973A mov eax, dword ptr fs:[00000030h] 5_2_3356973A
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33595734 mov eax, dword ptr fs:[00000030h] 5_2_33595734
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33563720 mov eax, dword ptr fs:[00000030h] 5_2_33563720
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357F720 mov eax, dword ptr fs:[00000030h] 5_2_3357F720
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357F720 mov eax, dword ptr fs:[00000030h] 5_2_3357F720
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357F720 mov eax, dword ptr fs:[00000030h] 5_2_3357F720
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335657C0 mov eax, dword ptr fs:[00000030h] 5_2_335657C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335657C0 mov eax, dword ptr fs:[00000030h] 5_2_335657C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335657C0 mov eax, dword ptr fs:[00000030h] 5_2_335657C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356D7E0 mov ecx, dword ptr fs:[00000030h] 5_2_3356D7E0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361D7B0 mov eax, dword ptr fs:[00000030h] 5_2_3361D7B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361D7B0 mov eax, dword ptr fs:[00000030h] 5_2_3361D7B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336337B6 mov eax, dword ptr fs:[00000030h] 5_2_336337B6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358D7B0 mov eax, dword ptr fs:[00000030h] 5_2_3358D7B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361F78A mov eax, dword ptr fs:[00000030h] 5_2_3361F78A
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h] 5_2_3355F7BA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h] 5_2_3355F7BA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h] 5_2_3355F7BA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h] 5_2_3355F7BA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h] 5_2_3355F7BA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h] 5_2_3355F7BA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h] 5_2_3355F7BA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h] 5_2_3355F7BA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h] 5_2_3355F7BA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335EF7AF mov eax, dword ptr fs:[00000030h] 5_2_335EF7AF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335EF7AF mov eax, dword ptr fs:[00000030h] 5_2_335EF7AF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335EF7AF mov eax, dword ptr fs:[00000030h] 5_2_335EF7AF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335EF7AF mov eax, dword ptr fs:[00000030h] 5_2_335EF7AF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335EF7AF mov eax, dword ptr fs:[00000030h] 5_2_335EF7AF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E97A9 mov eax, dword ptr fs:[00000030h] 5_2_335E97A9
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33599660 mov eax, dword ptr fs:[00000030h] 5_2_33599660
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33599660 mov eax, dword ptr fs:[00000030h] 5_2_33599660
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335FD660 mov eax, dword ptr fs:[00000030h] 5_2_335FD660
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33563616 mov eax, dword ptr fs:[00000030h] 5_2_33563616
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33563616 mov eax, dword ptr fs:[00000030h] 5_2_33563616
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33635636 mov eax, dword ptr fs:[00000030h] 5_2_33635636
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3359F603 mov eax, dword ptr fs:[00000030h] 5_2_3359F603
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33591607 mov eax, dword ptr fs:[00000030h] 5_2_33591607
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h] 5_2_3355F626
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h] 5_2_3355F626
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h] 5_2_3355F626
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h] 5_2_3355F626
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h] 5_2_3355F626
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h] 5_2_3355F626
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h] 5_2_3355F626
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h] 5_2_3355F626
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h] 5_2_3355F626
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361D6F0 mov eax, dword ptr fs:[00000030h] 5_2_3361D6F0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335916CF mov eax, dword ptr fs:[00000030h] 5_2_335916CF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356B6C0 mov eax, dword ptr fs:[00000030h] 5_2_3356B6C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356B6C0 mov eax, dword ptr fs:[00000030h] 5_2_3356B6C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356B6C0 mov eax, dword ptr fs:[00000030h] 5_2_3356B6C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356B6C0 mov eax, dword ptr fs:[00000030h] 5_2_3356B6C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356B6C0 mov eax, dword ptr fs:[00000030h] 5_2_3356B6C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356B6C0 mov eax, dword ptr fs:[00000030h] 5_2_3356B6C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361F6C7 mov eax, dword ptr fs:[00000030h] 5_2_3361F6C7
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336216CC mov eax, dword ptr fs:[00000030h] 5_2_336216CC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336216CC mov eax, dword ptr fs:[00000030h] 5_2_336216CC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336216CC mov eax, dword ptr fs:[00000030h] 5_2_336216CC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336216CC mov eax, dword ptr fs:[00000030h] 5_2_336216CC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F36EE mov eax, dword ptr fs:[00000030h] 5_2_335F36EE
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F36EE mov eax, dword ptr fs:[00000030h] 5_2_335F36EE
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F36EE mov eax, dword ptr fs:[00000030h] 5_2_335F36EE
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F36EE mov eax, dword ptr fs:[00000030h] 5_2_335F36EE
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F36EE mov eax, dword ptr fs:[00000030h] 5_2_335F36EE
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F36EE mov eax, dword ptr fs:[00000030h] 5_2_335F36EE
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358D6E0 mov eax, dword ptr fs:[00000030h] 5_2_3358D6E0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358D6E0 mov eax, dword ptr fs:[00000030h] 5_2_3358D6E0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E368C mov eax, dword ptr fs:[00000030h] 5_2_335E368C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E368C mov eax, dword ptr fs:[00000030h] 5_2_335E368C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E368C mov eax, dword ptr fs:[00000030h] 5_2_335E368C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E368C mov eax, dword ptr fs:[00000030h] 5_2_335E368C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335576B2 mov eax, dword ptr fs:[00000030h] 5_2_335576B2
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335576B2 mov eax, dword ptr fs:[00000030h] 5_2_335576B2
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335576B2 mov eax, dword ptr fs:[00000030h] 5_2_335576B2
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355D6AA mov eax, dword ptr fs:[00000030h] 5_2_3355D6AA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355D6AA mov eax, dword ptr fs:[00000030h] 5_2_3355D6AA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3359B570 mov eax, dword ptr fs:[00000030h] 5_2_3359B570
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3359B570 mov eax, dword ptr fs:[00000030h] 5_2_3359B570
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360B550 mov eax, dword ptr fs:[00000030h] 5_2_3360B550
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360B550 mov eax, dword ptr fs:[00000030h] 5_2_3360B550
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360B550 mov eax, dword ptr fs:[00000030h] 5_2_3360B550
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355B562 mov eax, dword ptr fs:[00000030h] 5_2_3355B562
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360F525 mov eax, dword ptr fs:[00000030h] 5_2_3360F525
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360F525 mov eax, dword ptr fs:[00000030h] 5_2_3360F525
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360F525 mov eax, dword ptr fs:[00000030h] 5_2_3360F525
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360F525 mov eax, dword ptr fs:[00000030h] 5_2_3360F525
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360F525 mov eax, dword ptr fs:[00000030h] 5_2_3360F525
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360F525 mov eax, dword ptr fs:[00000030h] 5_2_3360F525
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360F525 mov eax, dword ptr fs:[00000030h] 5_2_3360F525
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361B52F mov eax, dword ptr fs:[00000030h] 5_2_3361B52F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33635537 mov eax, dword ptr fs:[00000030h] 5_2_33635537
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33597505 mov eax, dword ptr fs:[00000030h] 5_2_33597505
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33597505 mov ecx, dword ptr fs:[00000030h] 5_2_33597505
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356D534 mov eax, dword ptr fs:[00000030h] 5_2_3356D534
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356D534 mov eax, dword ptr fs:[00000030h] 5_2_3356D534
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356D534 mov eax, dword ptr fs:[00000030h] 5_2_3356D534
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356D534 mov eax, dword ptr fs:[00000030h] 5_2_3356D534
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356D534 mov eax, dword ptr fs:[00000030h] 5_2_3356D534
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356D534 mov eax, dword ptr fs:[00000030h] 5_2_3356D534
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3359D530 mov eax, dword ptr fs:[00000030h] 5_2_3359D530
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3359D530 mov eax, dword ptr fs:[00000030h] 5_2_3359D530
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335895DA mov eax, dword ptr fs:[00000030h] 5_2_335895DA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335DD5D0 mov eax, dword ptr fs:[00000030h] 5_2_335DD5D0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335DD5D0 mov ecx, dword ptr fs:[00000030h] 5_2_335DD5D0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335955C0 mov eax, dword ptr fs:[00000030h] 5_2_335955C0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336355C9 mov eax, dword ptr fs:[00000030h] 5_2_336355C9
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335815F4 mov eax, dword ptr fs:[00000030h] 5_2_335815F4
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335815F4 mov eax, dword ptr fs:[00000030h] 5_2_335815F4
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335815F4 mov eax, dword ptr fs:[00000030h] 5_2_335815F4
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335815F4 mov eax, dword ptr fs:[00000030h] 5_2_335815F4
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335815F4 mov eax, dword ptr fs:[00000030h] 5_2_335815F4
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335815F4 mov eax, dword ptr fs:[00000030h] 5_2_335815F4
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336335D7 mov eax, dword ptr fs:[00000030h] 5_2_336335D7
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336335D7 mov eax, dword ptr fs:[00000030h] 5_2_336335D7
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336335D7 mov eax, dword ptr fs:[00000030h] 5_2_336335D7
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335EB594 mov eax, dword ptr fs:[00000030h] 5_2_335EB594
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335EB594 mov eax, dword ptr fs:[00000030h] 5_2_335EB594
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355758F mov eax, dword ptr fs:[00000030h] 5_2_3355758F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355758F mov eax, dword ptr fs:[00000030h] 5_2_3355758F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355758F mov eax, dword ptr fs:[00000030h] 5_2_3355758F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361F5BE mov eax, dword ptr fs:[00000030h] 5_2_3361F5BE
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F35BA mov eax, dword ptr fs:[00000030h] 5_2_335F35BA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F35BA mov eax, dword ptr fs:[00000030h] 5_2_335F35BA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F35BA mov eax, dword ptr fs:[00000030h] 5_2_335F35BA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F35BA mov eax, dword ptr fs:[00000030h] 5_2_335F35BA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h] 5_2_3358F5B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h] 5_2_3358F5B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h] 5_2_3358F5B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h] 5_2_3358F5B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h] 5_2_3358F5B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h] 5_2_3358F5B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h] 5_2_3358F5B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h] 5_2_3358F5B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h] 5_2_3358F5B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335FD5B0 mov eax, dword ptr fs:[00000030h] 5_2_335FD5B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335FD5B0 mov eax, dword ptr fs:[00000030h] 5_2_335FD5B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335815A9 mov eax, dword ptr fs:[00000030h] 5_2_335815A9
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335815A9 mov eax, dword ptr fs:[00000030h] 5_2_335815A9
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335815A9 mov eax, dword ptr fs:[00000030h] 5_2_335815A9
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335815A9 mov eax, dword ptr fs:[00000030h] 5_2_335815A9
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335815A9 mov eax, dword ptr fs:[00000030h] 5_2_335815A9
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356B440 mov eax, dword ptr fs:[00000030h] 5_2_3356B440
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356B440 mov eax, dword ptr fs:[00000030h] 5_2_3356B440
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356B440 mov eax, dword ptr fs:[00000030h] 5_2_3356B440
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356B440 mov eax, dword ptr fs:[00000030h] 5_2_3356B440
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356B440 mov eax, dword ptr fs:[00000030h] 5_2_3356B440
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356B440 mov eax, dword ptr fs:[00000030h] 5_2_3356B440
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3363547F mov eax, dword ptr fs:[00000030h] 5_2_3363547F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360B450 mov eax, dword ptr fs:[00000030h] 5_2_3360B450
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360B450 mov eax, dword ptr fs:[00000030h] 5_2_3360B450
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360B450 mov eax, dword ptr fs:[00000030h] 5_2_3360B450
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360B450 mov eax, dword ptr fs:[00000030h] 5_2_3360B450
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361F453 mov eax, dword ptr fs:[00000030h] 5_2_3361F453
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33561460 mov eax, dword ptr fs:[00000030h] 5_2_33561460
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33561460 mov eax, dword ptr fs:[00000030h] 5_2_33561460
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33561460 mov eax, dword ptr fs:[00000030h] 5_2_33561460
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33561460 mov eax, dword ptr fs:[00000030h] 5_2_33561460
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33561460 mov eax, dword ptr fs:[00000030h] 5_2_33561460
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357F460 mov eax, dword ptr fs:[00000030h] 5_2_3357F460
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357F460 mov eax, dword ptr fs:[00000030h] 5_2_3357F460
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357F460 mov eax, dword ptr fs:[00000030h] 5_2_3357F460
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357F460 mov eax, dword ptr fs:[00000030h] 5_2_3357F460
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357F460 mov eax, dword ptr fs:[00000030h] 5_2_3357F460
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3357F460 mov eax, dword ptr fs:[00000030h] 5_2_3357F460
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E7410 mov eax, dword ptr fs:[00000030h] 5_2_335E7410
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358340D mov eax, dword ptr fs:[00000030h] 5_2_3358340D
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336094E0 mov eax, dword ptr fs:[00000030h] 5_2_336094E0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_336354DB mov eax, dword ptr fs:[00000030h] 5_2_336354DB
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33569486 mov eax, dword ptr fs:[00000030h] 5_2_33569486
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33569486 mov eax, dword ptr fs:[00000030h] 5_2_33569486
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355B480 mov eax, dword ptr fs:[00000030h] 5_2_3355B480
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335574B0 mov eax, dword ptr fs:[00000030h] 5_2_335574B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335574B0 mov eax, dword ptr fs:[00000030h] 5_2_335574B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335934B0 mov eax, dword ptr fs:[00000030h] 5_2_335934B0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33603B60 mov eax, dword ptr fs:[00000030h] 5_2_33603B60
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33603B60 mov eax, dword ptr fs:[00000030h] 5_2_33603B60
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33603B60 mov eax, dword ptr fs:[00000030h] 5_2_33603B60
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33603B60 mov eax, dword ptr fs:[00000030h] 5_2_33603B60
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33603B60 mov eax, dword ptr fs:[00000030h] 5_2_33603B60
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F5B50 mov eax, dword ptr fs:[00000030h] 5_2_335F5B50
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F5B50 mov eax, dword ptr fs:[00000030h] 5_2_335F5B50
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355FB4C mov edi, dword ptr fs:[00000030h] 5_2_3355FB4C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33561B04 mov eax, dword ptr fs:[00000030h] 5_2_33561B04
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33561B04 mov eax, dword ptr fs:[00000030h] 5_2_33561B04
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358DB00 mov eax, dword ptr fs:[00000030h] 5_2_3358DB00
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358DB00 mov eax, dword ptr fs:[00000030h] 5_2_3358DB00
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358DB00 mov eax, dword ptr fs:[00000030h] 5_2_3358DB00
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358DB00 mov eax, dword ptr fs:[00000030h] 5_2_3358DB00
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358DB00 mov eax, dword ptr fs:[00000030h] 5_2_3358DB00
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358DB00 mov edx, dword ptr fs:[00000030h] 5_2_3358DB00
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361FB0C mov eax, dword ptr fs:[00000030h] 5_2_3361FB0C
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33599B28 mov eax, dword ptr fs:[00000030h] 5_2_33599B28
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33599B28 mov eax, dword ptr fs:[00000030h] 5_2_33599B28
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33573BD6 mov eax, dword ptr fs:[00000030h] 5_2_33573BD6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33573BD6 mov eax, dword ptr fs:[00000030h] 5_2_33573BD6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33573BD6 mov eax, dword ptr fs:[00000030h] 5_2_33573BD6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33573BD6 mov eax, dword ptr fs:[00000030h] 5_2_33573BD6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33573BD6 mov eax, dword ptr fs:[00000030h] 5_2_33573BD6
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335EFBDC mov eax, dword ptr fs:[00000030h] 5_2_335EFBDC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335EFBDC mov eax, dword ptr fs:[00000030h] 5_2_335EFBDC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335EFBDC mov eax, dword ptr fs:[00000030h] 5_2_335EFBDC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33569BC4 mov eax, dword ptr fs:[00000030h] 5_2_33569BC4
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361FBF3 mov eax, dword ptr fs:[00000030h] 5_2_3361FBF3
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33557BCD mov eax, dword ptr fs:[00000030h] 5_2_33557BCD
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33557BCD mov ecx, dword ptr fs:[00000030h] 5_2_33557BCD
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A1BEF mov eax, dword ptr fs:[00000030h] 5_2_335A1BEF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335A1BEF mov eax, dword ptr fs:[00000030h] 5_2_335A1BEF
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33599B9F mov eax, dword ptr fs:[00000030h] 5_2_33599B9F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33599B9F mov eax, dword ptr fs:[00000030h] 5_2_33599B9F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33599B9F mov eax, dword ptr fs:[00000030h] 5_2_33599B9F
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33629B8B mov eax, dword ptr fs:[00000030h] 5_2_33629B8B
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33629B8B mov eax, dword ptr fs:[00000030h] 5_2_33629B8B
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361FB97 mov eax, dword ptr fs:[00000030h] 5_2_3361FB97
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358DBA0 mov eax, dword ptr fs:[00000030h] 5_2_3358DBA0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358DBA0 mov eax, dword ptr fs:[00000030h] 5_2_3358DBA0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358DBA0 mov eax, dword ptr fs:[00000030h] 5_2_3358DBA0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358DBA0 mov eax, dword ptr fs:[00000030h] 5_2_3358DBA0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358DBA0 mov eax, dword ptr fs:[00000030h] 5_2_3358DBA0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358DBA0 mov eax, dword ptr fs:[00000030h] 5_2_3358DBA0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33559A40 mov ecx, dword ptr fs:[00000030h] 5_2_33559A40
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F3A78 mov eax, dword ptr fs:[00000030h] 5_2_335F3A78
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F3A78 mov eax, dword ptr fs:[00000030h] 5_2_335F3A78
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F3A78 mov eax, dword ptr fs:[00000030h] 5_2_335F3A78
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F3A78 mov eax, dword ptr fs:[00000030h] 5_2_335F3A78
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F3A78 mov eax, dword ptr fs:[00000030h] 5_2_335F3A78
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F3A78 mov eax, dword ptr fs:[00000030h] 5_2_335F3A78
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33589A18 mov ecx, dword ptr fs:[00000030h] 5_2_33589A18
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335DDA1D mov eax, dword ptr fs:[00000030h] 5_2_335DDA1D
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355BA10 mov eax, dword ptr fs:[00000030h] 5_2_3355BA10
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33595A01 mov eax, dword ptr fs:[00000030h] 5_2_33595A01
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33595A01 mov ecx, dword ptr fs:[00000030h] 5_2_33595A01
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33595A01 mov eax, dword ptr fs:[00000030h] 5_2_33595A01
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33595A01 mov eax, dword ptr fs:[00000030h] 5_2_33595A01
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361FA02 mov eax, dword ptr fs:[00000030h] 5_2_3361FA02
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356BA30 mov eax, dword ptr fs:[00000030h] 5_2_3356BA30
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356BA30 mov ecx, dword ptr fs:[00000030h] 5_2_3356BA30
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356BA30 mov eax, dword ptr fs:[00000030h] 5_2_3356BA30
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356BA30 mov eax, dword ptr fs:[00000030h] 5_2_3356BA30
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356BA30 mov eax, dword ptr fs:[00000030h] 5_2_3356BA30
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3356BA30 mov eax, dword ptr fs:[00000030h] 5_2_3356BA30
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360BA0B mov eax, dword ptr fs:[00000030h] 5_2_3360BA0B
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360BA0B mov eax, dword ptr fs:[00000030h] 5_2_3360BA0B
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360BA0B mov eax, dword ptr fs:[00000030h] 5_2_3360BA0B
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360BA0B mov eax, dword ptr fs:[00000030h] 5_2_3360BA0B
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33607A11 mov edi, dword ptr fs:[00000030h] 5_2_33607A11
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358DA20 mov eax, dword ptr fs:[00000030h] 5_2_3358DA20
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358DA20 mov eax, dword ptr fs:[00000030h] 5_2_3358DA20
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3358BADA mov eax, dword ptr fs:[00000030h] 5_2_3358BADA
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335F5AD0 mov eax, dword ptr fs:[00000030h] 5_2_335F5AD0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E1ACB mov eax, dword ptr fs:[00000030h] 5_2_335E1ACB
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_335E1ACB mov ecx, dword ptr fs:[00000030h] 5_2_335E1ACB
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355BAE0 mov eax, dword ptr fs:[00000030h] 5_2_3355BAE0
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33611AA3 mov eax, dword ptr fs:[00000030h] 5_2_33611AA3
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33611AA3 mov eax, dword ptr fs:[00000030h] 5_2_33611AA3
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33611AA3 mov eax, dword ptr fs:[00000030h] 5_2_33611AA3
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360DAAC mov ecx, dword ptr fs:[00000030h] 5_2_3360DAAC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360DAAC mov ecx, dword ptr fs:[00000030h] 5_2_3360DAAC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3360DAAC mov eax, dword ptr fs:[00000030h] 5_2_3360DAAC
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33557A80 mov eax, dword ptr fs:[00000030h] 5_2_33557A80
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33557A80 mov eax, dword ptr fs:[00000030h] 5_2_33557A80
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_33557A80 mov eax, dword ptr fs:[00000030h] 5_2_33557A80
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3361FA87 mov eax, dword ptr fs:[00000030h] 5_2_3361FA87
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 5_2_3355FAA4 mov ecx, dword ptr fs:[00000030h] 5_2_3355FAA4

HIPS / PFW / Operating System Protection Evasion
barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtWriteVirtualMemory: Direct from: 0x76F0490C Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtOpenKeyEx: Direct from: 0x76F02B9C Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtReadVirtualMemory: Direct from: 0x76F02E8C Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtProtectVirtualMemory: Direct from: 0x76F02F9C Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtAllocateVirtualMemory: Direct from: 0x76F048EC Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtWriteVirtualMemory: Direct from: 0x76F02E3C Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtQueryVolumeInformationFile: Direct from: 0x76F02F2C Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtAllocateVirtualMemory: Direct from: 0x76F02BFC Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtReadFile: Direct from: 0x76F02ADC Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtQueryValueKey: Direct from: 0x76F02BEC Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtDelayExecution: Direct from: 0x76F02DDC Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtCreateFile: Direct from: 0x76F02FEC Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtQueryInformationProcess: Direct from: 0x76F02C26 Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtResumeThread: Direct from: 0x76F02FBC Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe NtCreateUserProcess: Direct from: 0x76F0371C Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: NULL target: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Section loaded: NULL target: C:\Windows\SysWOW64\sdchange.exe protection: execute and read and write Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Process created: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe" Jump to behavior
Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe Process created: C:\Windows\SysWOW64\sdchange.exe "C:\Windows\SysWOW64\sdchange.exe" Jump to behavior
Source: SkCSKJeVGx.exe, 00000006.00000002.2971934184.0000000001391000.00000002.00000001.00040000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000000.2855426804.0000000001391000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: SkCSKJeVGx.exe, 00000006.00000002.2971934184.0000000001391000.00000002.00000001.00040000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000000.2855426804.0000000001391000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: SkCSKJeVGx.exe, 00000006.00000002.2971934184.0000000001391000.00000002.00000001.00040000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000000.2855426804.0000000001391000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Source: SkCSKJeVGx.exe, 00000006.00000002.2971934184.0000000001391000.00000002.00000001.00040000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000000.2855426804.0000000001391000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: }Program Manager
Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe Code function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_00403359

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 00000007.00000002.2971931474.0000000004A30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.2968077635.0000000033220000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.2971855670.00000000049E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2972278364.0000000002B40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.2968622258.0000000033880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 00000007.00000002.2971931474.0000000004A30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.2968077635.0000000033220000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.2971855670.00000000049E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2972278364.0000000002B40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.2968622258.0000000033880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562190 Sample: Rendel#U00e9si sz#U00e1m 11... Startdate: 25/11/2024 Architecture: WINDOWS Score: 84 25 enechado.ru.com 2->25 31 Antivirus detection for URL or domain 2->31 33 Yara detected FormBook 2->33 35 Yara detected GuLoader 2->35 37 3 other signatures 2->37 9 Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe 40 2->9         started        signatures3 process4 file5 21 C:\Users\user\AppData\Local\...\System.dll, PE32 9->21 dropped 23 C:\Users\user\AppData\Local\...\LangDLL.dll, PE32 9->23 dropped 12 Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe 6 9->12         started        process6 dnsIp7 27 enechado.ru.com 103.83.194.50, 49813, 80 NETWORK-LEAPSWITCH-INLeapSwitchNetworksPvtLtdIN United States 12->27 39 Maps a DLL or memory area into another process 12->39 16 SkCSKJeVGx.exe 12->16 injected signatures8 process9 signatures10 29 Found direct / indirect Syscall (likely to bypass EDR) 16->29 19 sdchange.exe 16->19         started        process11
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
103.83.194.50
 enechado.ru.com United States
132335 NETWORK-LEAPSWITCH-INLeapSwitchNetworksPvtLtdIN false

Contacted Domains

Name IP Active
enechado.ru.com 103.83.194.50 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://enechado.ru.com/tk.bin false
  • Avira URL Cloud: malware
 unknown