Loading ...

Play interactive tourEdit tour

Analysis Report 20201109031215 - SMC.exe

Overview

General Information

Sample Name:20201109031215 - SMC.exe
Analysis ID:312397
MD5:3f25f5a838d3a1f5047a3d9ba3ea14d8
SHA1:5b807fe7229b8e1b74bc2a9842d62f8f74d96f0e
SHA256:c27d35d758e2cd23f196e9765ac88af5424132f204c2b676d08cad8ce14f39b0
Tags:exeGuLoader

Most interesting Screenshot:

Detection

AgentTesla GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Contains functionality to hide a thread from the debugger
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Maps a DLL or memory area into another process
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Yara detected VB6 Downloader Generic
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • 20201109031215 - SMC.exe (PID: 5760 cmdline: 'C:\Users\user\Desktop\20201109031215 - SMC.exe' MD5: 3F25F5A838D3A1F5047A3D9BA3EA14D8)
    • 20201109031215 - SMC.exe (PID: 6644 cmdline: 'C:\Users\user\Desktop\20201109031215 - SMC.exe' MD5: 3F25F5A838D3A1F5047A3D9BA3EA14D8)
      • 20201109031215 - SMC.exe (PID: 1808 cmdline: 'C:\Users\user\Desktop\20201109031215 - SMC.exe' MD5: 3F25F5A838D3A1F5047A3D9BA3EA14D8)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "8fLpHbL7", "URL: ": "http://1AYjOJayF1C.com", "To: ": "gabby.anthony@yandex.com", "ByHost: ": "smtp.yandex.com:587", "Password: ": "Pb0ZcdHob0pZE", "From: ": "gabby.anthony@yandex.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000010.00000002.600902571.000000000299E000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000010.00000002.601299705.00000000029EA000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000005.00000002.572496251.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoaderYara detected GuLoaderJoe Security
        00000010.00000002.597562766.0000000000762000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000010.00000001.572334775.0000000000466000.00000040.00020000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 15 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            16.2.20201109031215 - SMC.exe.720000.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              16.1.20201109031215 - SMC.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                16.2.20201109031215 - SMC.exe.7a0000.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  16.2.20201109031215 - SMC.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    16.2.20201109031215 - SMC.exe.720000.1.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 2 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 20201109031215 - SMC.exe.1808.16.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "8fLpHbL7", "URL: ": "http://1AYjOJayF1C.com", "To: ": "gabby.anthony@yandex.com", "ByHost: ": "smtp.yandex.com:587", "Password: ": "Pb0ZcdHob0pZE", "From: ": "gabby.anthony@yandex.com"}
                      Source: 20201109031215 - SMC.exe.1808.16.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "8fLpHbL7", "URL: ": "http://1AYjOJayF1C.com", "To: ": "gabby.anthony@yandex.com", "ByHost: ": "smtp.yandex.com:587", "Password: ": "Pb0ZcdHob0pZE", "From: ": "gabby.anthony@yandex.com"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: 20201109031215 - SMC.exeVirustotal: Detection: 15%Perma Link
                      Source: 20201109031215 - SMC.exeVirustotal: Detection: 15%Perma Link
                      Source: Joe Sandbox ViewIP Address: 216.58.208.129 216.58.208.129
                      Source: Joe Sandbox ViewIP Address: 216.58.208.129 216.58.208.129
                      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                      Source: unknownDNS traffic detected: queries for: doc-00-54-docs.googleusercontent.com
                      Source: unknownDNS traffic detected: queries for: doc-00-54-docs.googleusercontent.com
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.600341698.0000000002901000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.601299705.00000000029EA000.00000004.00000001.sdmp, 20201109031215 - SMC.exe, 00000010.00000002.601746945.0000000002AA9000.00000004.00000001.sdmp, 20201109031215 - SMC.exe, 00000010.00000003.592880391.0000000000614000.00000004.00000001.sdmpString found in binary or memory: http://1AYjOJayF1C.com
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.600341698.0000000002901000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.600341698.0000000002901000.00000004.00000001.sdmpString found in binary or memory: http://OwAqIz.com
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://crl.certum.pl/ca.crl0h
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572744621.0000000000735000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572725379.0000000000717000.00000004.00000020.sdmpString found in binary or memory: http://crl.pki.goog/GTS1O1core.crl0
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572800320.000000000075C000.00000004.00000020.sdmpString found in binary or memory: http://crl.pki.goog/gsr2/gsr2
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572800320.000000000075C000.00000004.00000020.sdmpString found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://crls.yandex.net/certum/ycasha2.crl0-
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572800320.000000000075C000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.pki.goog/gsr202
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572800320.000000000075C000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.pki.goog/gts1o1core0
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572800320.000000000075C000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.pki.goog/gts1o1core08
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572800320.000000000075C000.00000004.00000020.sdmpString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ca.cer09
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ctnca.cer09
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ycasha2.cer0
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://subca.ocsp-certum.com0.
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://subca.ocsp-certum.com01
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://www.certum.pl/CPS0
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://yandex.crl.certum.pl/ycasha2.crl0q
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://yandex.ocsp-responder.com03
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.600341698.0000000002901000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.orgGETMozilla/5.0
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.577248406.000000001E4FB000.00000040.00000001.sdmp, 20201109031215 - SMC.exe, 00000010.00000001.572334775.0000000000466000.00000040.00020000.sdmpString found in binary or memory: https://api.telegram.org/bot%telegramapi%/
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.600341698.0000000002901000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572725379.0000000000717000.00000004.00000020.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572725379.0000000000717000.00000004.00000020.sdmpString found in binary or memory: https://doc-00-54-docs.googleusercontent.com/
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572725379.0000000000717000.00000004.00000020.sdmp, 20201109031215 - SMC.exe, 00000005.00000002.572744621.0000000000735000.00000004.00000020.sdmpString found in binary or memory: https://doc-00-54-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/60tau9l6
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572496251.0000000000560000.00000040.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1Ker1eSPd8exF9Eb8wwF3cL34hJxI05e_
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572800320.000000000075C000.00000004.00000020.sdmpString found in binary or memory: https://pki.goog/repository/0
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: https://www.certum.pl/CPS0
                      Source: 20201109031215 - SMC.exeString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.600341698.0000000002901000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.600341698.0000000002901000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.601299705.00000000029EA000.00000004.00000001.sdmp, 20201109031215 - SMC.exe, 00000010.00000002.601746945.0000000002AA9000.00000004.00000001.sdmp, 20201109031215 - SMC.exe, 00000010.00000003.592880391.0000000000614000.00000004.00000001.sdmpString found in binary or memory: http://1AYjOJayF1C.com
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.600341698.0000000002901000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.600341698.0000000002901000.00000004.00000001.sdmpString found in binary or memory: http://OwAqIz.com
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://crl.certum.pl/ca.crl0h
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572744621.0000000000735000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572725379.0000000000717000.00000004.00000020.sdmpString found in binary or memory: http://crl.pki.goog/GTS1O1core.crl0
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572800320.000000000075C000.00000004.00000020.sdmpString found in binary or memory: http://crl.pki.goog/gsr2/gsr2
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572800320.000000000075C000.00000004.00000020.sdmpString found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://crls.yandex.net/certum/ycasha2.crl0-
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572800320.000000000075C000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.pki.goog/gsr202
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572800320.000000000075C000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.pki.goog/gts1o1core0
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572800320.000000000075C000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.pki.goog/gts1o1core08
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572800320.000000000075C000.00000004.00000020.sdmpString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ca.cer09
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ctnca.cer09
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ycasha2.cer0
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://subca.ocsp-certum.com0.
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://subca.ocsp-certum.com01
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://www.certum.pl/CPS0
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://yandex.crl.certum.pl/ycasha2.crl0q
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://yandex.ocsp-responder.com03
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.600341698.0000000002901000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.orgGETMozilla/5.0
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.577248406.000000001E4FB000.00000040.00000001.sdmp, 20201109031215 - SMC.exe, 00000010.00000001.572334775.0000000000466000.00000040.00020000.sdmpString found in binary or memory: https://api.telegram.org/bot%telegramapi%/
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.600341698.0000000002901000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572725379.0000000000717000.00000004.00000020.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572725379.0000000000717000.00000004.00000020.sdmpString found in binary or memory: https://doc-00-54-docs.googleusercontent.com/
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572725379.0000000000717000.00000004.00000020.sdmp, 20201109031215 - SMC.exe, 00000005.00000002.572744621.0000000000735000.00000004.00000020.sdmpString found in binary or memory: https://doc-00-54-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/60tau9l6
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572496251.0000000000560000.00000040.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1Ker1eSPd8exF9Eb8wwF3cL34hJxI05e_
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.572800320.000000000075C000.00000004.00000020.sdmpString found in binary or memory: https://pki.goog/repository/0
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603666831.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: https://www.certum.pl/CPS0
                      Source: 20201109031215 - SMC.exeString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.600341698.0000000002901000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess Stats: CPU usage > 98%
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess Stats: CPU usage > 98%
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E3EB4 NtWriteVirtualMemory,0_2_021E3EB4
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0AA6 EnumWindows,NtSetInformationThread,LoadLibraryA,0_2_021E0AA6
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA4EC NtProtectVirtualMemory,0_2_021EA4EC
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA967 NtUnmapViewOfSection,0_2_021EA967
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E401A NtWriteVirtualMemory,0_2_021E401A
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E400E NtWriteVirtualMemory,0_2_021E400E
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4632 NtWriteVirtualMemory,0_2_021E4632
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0C2E NtSetInformationThread,0_2_021E0C2E
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E442A NtWriteVirtualMemory,0_2_021E442A
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4228 NtWriteVirtualMemory,0_2_021E4228
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E405A NtWriteVirtualMemory,0_2_021E405A
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4258 NtWriteVirtualMemory,0_2_021E4258
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4053 NtWriteVirtualMemory,0_2_021E4053
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4240 NtWriteVirtualMemory,0_2_021E4240
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0C7C NtSetInformationThread,0_2_021E0C7C
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0A70 NtSetInformationThread,0_2_021E0A70
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4270 NtWriteVirtualMemory,0_2_021E4270
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EAC9E NtUnmapViewOfSection,0_2_021EAC9E
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0C94 NtSetInformationThread,0_2_021E0C94
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4692 NtWriteVirtualMemory,0_2_021E4692
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E448A NtWriteVirtualMemory,0_2_021E448A
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4288 NtWriteVirtualMemory,0_2_021E4288
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EAA88 NtUnmapViewOfSection,0_2_021EAA88
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EACAA NtUnmapViewOfSection,0_2_021EACAA
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E44DE NtWriteVirtualMemory,0_2_021E44DE
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E44D0 NtWriteVirtualMemory,0_2_021E44D0
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA8CA NtProtectVirtualMemory,0_2_021EA8CA
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E40C6 NtWriteVirtualMemory,0_2_021E40C6
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E3EC2 NtWriteVirtualMemory,0_2_021E3EC2
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0AFC NtSetInformationThread,0_2_021E0AFC
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EAAEE NtUnmapViewOfSection,0_2_021EAAEE
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0AE4 NtSetInformationThread,0_2_021E0AE4
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4116 NtWriteVirtualMemory,0_2_021E4116
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4316 NtWriteVirtualMemory,0_2_021E4316
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0B14 NtSetInformationThread,0_2_021E0B14
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E410F NtWriteVirtualMemory,0_2_021E410F
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EAB3E NtUnmapViewOfSection,0_2_021EAB3E
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4532 NtWriteVirtualMemory,0_2_021E4532
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EAB32 NtUnmapViewOfSection,0_2_021EAB32
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E3F22 NtWriteVirtualMemory,0_2_021E3F22
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0B42 NtSetInformationThread,0_2_021E0B42
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA541 NtProtectVirtualMemory,0_2_021EA541
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4378 NtWriteVirtualMemory,0_2_021E4378
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA978 NtUnmapViewOfSection,0_2_021EA978
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E416A NtWriteVirtualMemory,0_2_021E416A
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E3F9A NtWriteVirtualMemory,0_2_021E3F9A
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4194 NtWriteVirtualMemory,0_2_021E4194
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4594 NtWriteVirtualMemory,0_2_021E4594
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA988 NtUnmapViewOfSection,0_2_021EA988
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EAB86 NtUnmapViewOfSection,0_2_021EAB86
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4585 NtWriteVirtualMemory,0_2_021E4585
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA9B8 NtUnmapViewOfSection,0_2_021EA9B8
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E41AC NtWriteVirtualMemory,0_2_021E41AC
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E45AC NtWriteVirtualMemory,0_2_021E45AC
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0BA5 NtSetInformationThread,0_2_021E0BA5
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E3FA2 NtWriteVirtualMemory,0_2_021E3FA2
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA9A0 NtUnmapViewOfSection,0_2_021EA9A0
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E45DE NtWriteVirtualMemory,0_2_021E45DE
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E3DDC NtWriteVirtualMemory,0_2_021E3DDC
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0BC9 NtSetInformationThread,0_2_021E0BC9
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E45C4 NtWriteVirtualMemory,0_2_021E45C4
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E41F6 NtWriteVirtualMemory,0_2_021E41F6
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E31F4 NtWriteVirtualMemory,0_2_021E31F4
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA9EA NtUnmapViewOfSection,0_2_021EA9EA
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E43E2 NtWriteVirtualMemory,0_2_021E43E2
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E3EB4 NtWriteVirtualMemory,0_2_021E3EB4
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0AA6 EnumWindows,NtSetInformationThread,LoadLibraryA,0_2_021E0AA6
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA4EC NtProtectVirtualMemory,0_2_021EA4EC
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA967 NtUnmapViewOfSection,0_2_021EA967
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E401A NtWriteVirtualMemory,0_2_021E401A
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E400E NtWriteVirtualMemory,0_2_021E400E
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4632 NtWriteVirtualMemory,0_2_021E4632
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0C2E NtSetInformationThread,0_2_021E0C2E
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E442A NtWriteVirtualMemory,0_2_021E442A
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4228 NtWriteVirtualMemory,0_2_021E4228
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E405A NtWriteVirtualMemory,0_2_021E405A
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4258 NtWriteVirtualMemory,0_2_021E4258
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4053 NtWriteVirtualMemory,0_2_021E4053
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4240 NtWriteVirtualMemory,0_2_021E4240
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0C7C NtSetInformationThread,0_2_021E0C7C
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0A70 NtSetInformationThread,0_2_021E0A70
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4270 NtWriteVirtualMemory,0_2_021E4270
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EAC9E NtUnmapViewOfSection,0_2_021EAC9E
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0C94 NtSetInformationThread,0_2_021E0C94
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4692 NtWriteVirtualMemory,0_2_021E4692
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E448A NtWriteVirtualMemory,0_2_021E448A
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4288 NtWriteVirtualMemory,0_2_021E4288
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EAA88 NtUnmapViewOfSection,0_2_021EAA88
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EACAA NtUnmapViewOfSection,0_2_021EACAA
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E44DE NtWriteVirtualMemory,0_2_021E44DE
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E44D0 NtWriteVirtualMemory,0_2_021E44D0
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA8CA NtProtectVirtualMemory,0_2_021EA8CA
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E40C6 NtWriteVirtualMemory,0_2_021E40C6
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E3EC2 NtWriteVirtualMemory,0_2_021E3EC2
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0AFC NtSetInformationThread,0_2_021E0AFC
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EAAEE NtUnmapViewOfSection,0_2_021EAAEE
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0AE4 NtSetInformationThread,0_2_021E0AE4
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4116 NtWriteVirtualMemory,0_2_021E4116
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4316 NtWriteVirtualMemory,0_2_021E4316
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0B14 NtSetInformationThread,0_2_021E0B14
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E410F NtWriteVirtualMemory,0_2_021E410F
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EAB3E NtUnmapViewOfSection,0_2_021EAB3E
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4532 NtWriteVirtualMemory,0_2_021E4532
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EAB32 NtUnmapViewOfSection,0_2_021EAB32
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E3F22 NtWriteVirtualMemory,0_2_021E3F22
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0B42 NtSetInformationThread,0_2_021E0B42
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA541 NtProtectVirtualMemory,0_2_021EA541
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4378 NtWriteVirtualMemory,0_2_021E4378
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA978 NtUnmapViewOfSection,0_2_021EA978
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E416A NtWriteVirtualMemory,0_2_021E416A
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E3F9A NtWriteVirtualMemory,0_2_021E3F9A
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4194 NtWriteVirtualMemory,0_2_021E4194
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4594 NtWriteVirtualMemory,0_2_021E4594
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA988 NtUnmapViewOfSection,0_2_021EA988
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EAB86 NtUnmapViewOfSection,0_2_021EAB86
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E4585 NtWriteVirtualMemory,0_2_021E4585
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA9B8 NtUnmapViewOfSection,0_2_021EA9B8
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E41AC NtWriteVirtualMemory,0_2_021E41AC
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E45AC NtWriteVirtualMemory,0_2_021E45AC
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0BA5 NtSetInformationThread,0_2_021E0BA5
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E3FA2 NtWriteVirtualMemory,0_2_021E3FA2
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA9A0 NtUnmapViewOfSection,0_2_021EA9A0
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E45DE NtWriteVirtualMemory,0_2_021E45DE
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E3DDC NtWriteVirtualMemory,0_2_021E3DDC
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E0BC9 NtSetInformationThread,0_2_021E0BC9
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E45C4 NtWriteVirtualMemory,0_2_021E45C4
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E41F6 NtWriteVirtualMemory,0_2_021E41F6
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E31F4 NtWriteVirtualMemory,0_2_021E31F4
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021EA9EA NtUnmapViewOfSection,0_2_021EA9EA
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E43E2 NtWriteVirtualMemory,0_2_021E43E2
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00564E7E NtProtectVirtualMemory,5_2_00564E7E
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00560AA6 EnumWindows,NtSetInformationThread,LoadLibraryA,5_2_00560AA6
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_0056A541 NtProtectVirtualMemory,5_2_0056A541
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_0056A967 NtQueryInformationProcess,5_2_0056A967
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_005639FF RtlAddVectoredExceptionHandler,NtProtectVirtualMemory,NtProtectVirtualMemory,5_2_005639FF
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00560A70 NtSetInformationThread,5_2_00560A70
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00560C7C NtSetInformationThread,5_2_00560C7C
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00563A7A NtProtectVirtualMemory,5_2_00563A7A
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00564E6E NtProtectVirtualMemory,5_2_00564E6E
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00563A18 NtProtectVirtualMemory,5_2_00563A18
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00564E07 NtProtectVirtualMemory,5_2_00564E07
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00564E09 NtProtectVirtualMemory,5_2_00564E09
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00560C2E NtSetInformationThread,5_2_00560C2E
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00563AC6 NtProtectVirtualMemory,5_2_00563AC6
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00563ACE NtProtectVirtualMemory,5_2_00563ACE
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00560AFC NtSetInformationThread,5_2_00560AFC
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00564EF8 NtProtectVirtualMemory,5_2_00564EF8
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00560AE4 NtSetInformationThread,5_2_00560AE4
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00564EE0 NtProtectVirtualMemory,5_2_00564EE0
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00560C94 NtSetInformationThread,5_2_00560C94
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00564EB0 NtProtectVirtualMemory,5_2_00564EB0
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_005618A6 NtProtectVirtualMemory,5_2_005618A6
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00560B42 NtSetInformationThread,5_2_00560B42
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00560B14 NtSetInformationThread,5_2_00560B14
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00564F12 NtProtectVirtualMemory,5_2_00564F12
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00563902 NtProtectVirtualMemory,5_2_00563902
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_005639D4 NtProtectVirtualMemory,5_2_005639D4
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00564FC2 NtProtectVirtualMemory,5_2_00564FC2
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_005617C8 NtProtectVirtualMemory,5_2_005617C8
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00560BC9 NtSetInformationThread,5_2_00560BC9
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_005617E0 NtProtectVirtualMemory,5_2_005617E0
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_0056398C RtlAddVectoredExceptionHandler,NtProtectVirtualMemory,5_2_0056398C
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_005639BC NtProtectVirtualMemory,5_2_005639BC
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_005639A4 NtProtectVirtualMemory,5_2_005639A4
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00560BA5 NtSetInformationThread,5_2_00560BA5
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 5_2_00564DAC NtProtectVirtualMemory,5_2_00564DAC
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00444159 NtCreateSection,16_2_00444159
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00ABB0BA NtQuerySystemInformation,16_2_00ABB0BA
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00ABB089 NtQuerySystemInformation,16_2_00ABB089
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_004015440_2_00401544
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_004013550_2_00401355
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_004015910_2_00401591
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E52510_2_021E5251
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_004015440_2_00401544
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_004013550_2_00401355
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_004015910_2_00401591
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 0_2_021E52510_2_021E5251
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_0043D97616_2_0043D976
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_0044313D16_2_0044313D
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_025AF65A16_2_025AF65A
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_025A9C9016_2_025A9C90
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_025AA53B16_2_025AA53B
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_025A75C816_2_025A75C8
                      Source: 20201109031215 - SMC.exe, 00000000.00000000.329664052.0000000000410000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamecolin.exe vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.576626450.000000001DC40000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.576794204.000000001DF80000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.577248406.000000001E4FB000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameGHqKbbEUUfFsFNUaYyEZkKkXzJl.exe4 vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.576665412.000000001DD90000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000005.00000000.411233211.0000000000410000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamecolin.exe vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exeBinary or memory string: OriginalFilename vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000010.00000000.571749855.0000000000410000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamecolin.exe vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.602585002.0000000004CE0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000010.00000001.572334775.0000000000466000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameGHqKbbEUUfFsFNUaYyEZkKkXzJl.exe4 vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603036309.00000000051E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbemdisp.tlbj% vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603466870.00000000057A0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603440870.0000000005790000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603381012.0000000005770000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exeBinary or memory string: OriginalFilenamecolin.exe vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000000.00000000.329664052.0000000000410000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamecolin.exe vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.576626450.000000001DC40000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.576794204.000000001DF80000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.577248406.000000001E4FB000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameGHqKbbEUUfFsFNUaYyEZkKkXzJl.exe4 vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000005.00000002.576665412.000000001DD90000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000005.00000000.411233211.0000000000410000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamecolin.exe vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exeBinary or memory string: OriginalFilename vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000010.00000000.571749855.0000000000410000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamecolin.exe vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.602585002.0000000004CE0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000010.00000001.572334775.0000000000466000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameGHqKbbEUUfFsFNUaYyEZkKkXzJl.exe4 vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603036309.00000000051E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbemdisp.tlbj% vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603466870.00000000057A0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603440870.0000000005790000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exe, 00000010.00000002.603381012.0000000005770000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs 20201109031215 - SMC.exe
                      Source: 20201109031215 - SMC.exeBinary or memory string: OriginalFilenamecolin.exe vs 20201109031215 - SMC.exe
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/0@2/1
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00ABAF3E AdjustTokenPrivileges,16_2_00ABAF3E
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00ABAF07 AdjustTokenPrivileges,16_2_00ABAF07
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00ABAF3E AdjustTokenPrivileges,16_2_00ABAF3E
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00ABAF07 AdjustTokenPrivileges,16_2_00ABAF07
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00444039 GetModuleHandleW,FindResourceW,SizeofResource,VirtualAlloc,LoadResource,VirtualFree,16_2_00444039
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00444039 GetModuleHandleW,FindResourceW,SizeofResource,VirtualAlloc,LoadResource,VirtualFree,16_2_00444039
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile created: C:\Users\user\AppData\Local\Temp\~DF409FF965A787984C.TMPJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile created: C:\Users\user\AppData\Local\Temp\~DF409FF965A787984C.TMPJump to behavior
                      Source: 20201109031215 - SMC.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: 20201109031215 - SMC.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: 20201109031215 - SMC.exeVirustotal: Detection: 15%
                      Source: 20201109031215 - SMC.exeVirustotal: Detection: 15%
                      Source: unknownProcess created: C:\Users\user\Desktop\20201109031215 - SMC.exe 'C:\Users\user\Desktop\20201109031215 - SMC.exe'
                      Source: unknownProcess created: C:\Users\user\Desktop\20201109031215 - SMC.exe 'C:\Users\user\Desktop\20201109031215 - SMC.exe'
                      Source: unknownProcess created: C:\Users\user\Desktop\20201109031215 - SMC.exe 'C:\Users\user\Desktop\20201109031215 - SMC.exe'
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess created: C:\Users\user\Desktop\20201109031215 - SMC.exe 'C:\Users\user\Desktop\20201109031215 - SMC.exe' Jump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess created: C:\Users\user\Desktop\20201109031215 - SMC.exe 'C:\Users\user\Desktop\20201109031215 - SMC.exe' Jump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\20201109031215 - SMC.exe 'C:\Users\user\Desktop\20201109031215 - SMC.exe'
                      Source: unknownProcess created: C:\Users\user\Desktop\20201109031215 - SMC.exe 'C:\Users\user\Desktop\20201109031215 - SMC.exe'
                      Source: unknownProcess created: C:\Users\user\Desktop\20201109031215 - SMC.exe 'C:\Users\user\Desktop\20201109031215 - SMC.exe'
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess created: C:\Users\user\Desktop\20201109031215 - SMC.exe 'C:\Users\user\Desktop\20201109031215 - SMC.exe' Jump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess created: C:\Users\user\Desktop\20201109031215 - SMC.exe 'C:\Users\user\Desktop\20201109031215 - SMC.exe' Jump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior

                      Data Obfuscation:

                      barindex
                      Detected unpacking (changes PE section rights)Show sources
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeUnpacked PE file: 16.2.20201109031215 - SMC.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rsrc:R;.reloc:R;
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeUnpacked PE file: 16.2.20201109031215 - SMC.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rsrc:R;.reloc:R;
                      Yara detected GuLoaderShow sources
                      Source: Yara matchFile source: 00000005.00000002.572496251.0000000000560000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 20201109031215 - SMC.exe PID: 6644, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 20201109031215 - SMC.exe PID: 5760, type: MEMORY
                      Yara detected VB6 Downloader GenericShow sources
                      Source: Yara matchFile source: Process Memory Space: 20201109031215 - SMC.exe PID: 6644, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 20201109031215 - SMC.exe PID: 5760, type: MEMORY
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00443E5D GetModuleHandleA,LoadLibraryA,GetProcAddress,16_2_00443E5D
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00443E5D GetModuleHandleA,LoadLibraryA,GetProcAddress,16_2_00443E5D
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_0044864E pushad ; retf 16_2_0044864F
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00448652 pushad ; ret 16_2_00448653
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_0044865A pushad ; iretd 16_2_0044865B
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00443438 push edx; ret 16_2_00443468
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_0043DF81 push ecx; ret 16_2_0043DF94
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_025AF658 push esp; retf 16_2_025AF659
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_054E3F59 push cs; retf 16_2_054E3F6F
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_054E3FCF push cs; retf 16_2_054E3FE3
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_054E3EE3 push cs; retf 16_2_054E3EFB
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_0044864E pushad ; retf 16_2_0044864F
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00448652 pushad ; ret 16_2_00448653
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_0044865A pushad ; iretd 16_2_0044865B
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_00443438 push edx; ret 16_2_00443468
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_0043DF81 push ecx; ret 16_2_0043DF94
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_025AF658 push esp; retf 16_2_025AF659
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_054E3F59 push cs; retf 16_2_054E3F6F
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_054E3FCF push cs; retf 16_2_054E3FE3
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeCode function: 16_2_054E3EE3 push cs; retf 16_2_054E3EFB
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\20201109031215 - SMC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users