File name:

SWIFT0037261762.exe

Full analysis: https://app.any.run/tasks/45ec1be5-18e2-4980-bdc9-50712ae3f4bd
Verdict: Malicious activity
Threats:

FormBook is a data stealer that is being distributed as a MaaS. FormBook differs from a lot of competing malware by its extreme ease of use that allows even the unexperienced threat actors to use FormBook virus.

Malware Trends Tracker     >>>
Analysis date: March 24, 2025, 12:57:15
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
formbook
xloader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

33597EEA937DE9FC85C91FC86D4081DA

SHA1:

221C42C79CB047ADE2346E1DA635A1AC359F06EF

SHA256:

EA4FE51E13F6AB1785535B32345F69EF110E21981BF7DBB09CE02C0BDEC1E43C

SSDEEP:

24576:1Vt0k/nEsKCYsn6jVqK+QARJF6FIwFcUic3PpBp7xZfVq:1Vt1nEsKCYsn6jVqK+QAfF6FIYcUic/a

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the login/logoff helper path in the registry

      • reg.exe (PID: 7384)
      • reg.exe (PID: 7420)

    • Actions looks like stealing of personal data

      • cmd.exe (PID: 7252)
      • csrss.exe (PID: 5824)
      • skype.exe (PID: 5124)
      • skype.exe (PID: 7804)
      • skype.exe (PID: 7988)

    • Create files in the Startup directory

      • cmd.exe (PID: 7252)

    • FORMBOOK has been detected (YARA)

      • skype.exe (PID: 7804)

    • Connects to the CnC server

      • explorer.exe (PID: 5492)

    • FORMBOOK has been detected

      • cmstp.exe (PID: 2236)
      • raserver.exe (PID: 6972)
      • explorer.exe (PID: 5492)

    • FORMBOOK has been detected (SURICATA)

      • explorer.exe (PID: 5492)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • SWIFT0037261762.exe (PID: 1452)
      • skype.exe (PID: 5124)
      • cmstp.exe (PID: 2236)

    • Hides command output

      • cmd.exe (PID: 4608)
      • cmd.exe (PID: 660)
      • cmd.exe (PID: 7252)

    • Runs PING.EXE to delay simulation

      • cmd.exe (PID: 4608)
      • cmd.exe (PID: 660)
      • cmd.exe (PID: 7252)

    • Reads security settings of Internet Explorer

      • SWIFT0037261762.exe (PID: 1452)

    • Executable content was dropped or overwritten

      • SWIFT0037261762.exe (PID: 1452)
      • cmd.exe (PID: 7252)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 4608)
      • cmd.exe (PID: 660)

    • Starts itself from another location

      • SWIFT0037261762.exe (PID: 1452)

    • The executable file from the user directory is run by the CMD process

      • skype.exe (PID: 7988)

    • Contacting a server suspected of hosting an CnC

      • explorer.exe (PID: 5492)

    • Deletes system .NET executable

      • cmd.exe (PID: 7180)

  • INFO

    • Reads the machine GUID from the registry

      • SWIFT0037261762.exe (PID: 1452)
      • skype.exe (PID: 5124)
      • skype.exe (PID: 7988)

    • Reads the computer name

      • SWIFT0037261762.exe (PID: 1452)
      • skype.exe (PID: 5124)
      • AddInProcess32.exe (PID: 7884)
      • skype.exe (PID: 7804)
      • AddInProcess32.exe (PID: 8068)

    • Checks supported languages

      • SWIFT0037261762.exe (PID: 1452)
      • skype.exe (PID: 5124)
      • AddInProcess32.exe (PID: 7884)
      • skype.exe (PID: 7804)
      • skype.exe (PID: 7988)
      • AddInProcess32.exe (PID: 8068)

    • Process checks computer location settings

      • SWIFT0037261762.exe (PID: 1452)

    • Autorun file from Startup directory

      • cmd.exe (PID: 7252)

    • Manual execution by a user

      • skype.exe (PID: 7804)
      • cmstp.exe (PID: 2236)
      • raserver.exe (PID: 6972)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 5492)

    • Reads the software policy settings

      • slui.exe (PID: 7144)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (72.2)
.scr | Windows screen saver (12.9)
.dll | Win32 Dynamic Link Library (generic) (6.4)
.exe | Win32 Executable (generic) (4.4)
.exe | Generic Win/DOS Executable (1.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1994:08:20 12:35:20+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32
LinkerVersion: 80
CodeSize: 618496
InitializedDataSize: 11776
UninitializedDataSize: -
EntryPoint: 0x98e5e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 9.14.19.24
ProductVersionNumber: 9.14.19.24
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: FE??C>G<G7G84:;
CompanyName: 9EJJDD=74A3@G=C:FG?CJH23
FileDescription: A<9?>CDD2?=BGIBF:=549
FileVersion: 9.14.19.24
InternalName: order pdf.exe
LegalCopyright: Copyright © 2024 9EJJDD=74A3@G=C:FG?CJH23
OriginalFileName: order pdf.exe
ProductName: A<9?>CDD2?=BGIBF:=549
ProductVersion: 9.14.19.24
AssemblyVersion: 1.0.0.0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
154
Monitored processes
26
Malicious processes
9
Suspicious processes
4

Behavior graph

Click at the process to see the details
start swift0037261762.exe cmd.exe no specs conhost.exe no specs ping.exe no specs skype.exe cmd.exe no specs conhost.exe no specs ping.exe no specs cmd.exe conhost.exe no specs ping.exe no specs reg.exe reg.exe ping.exe no specs #FORMBOOK skype.exe addinprocess32.exe no specs skype.exe addinprocess32.exe no specs slui.exe #FORMBOOK cmstp.exe no specs cmd.exe no specs conhost.exe no specs #FORMBOOK raserver.exe no specs #FORMBOOK explorer.exe svchost.exe csrss.exe

Process information

PID
CMD
Path
Indicators
Parent process
660"cmd" /c ping 127.0.0.1 -n 8 > nul && REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\skype\skype.exe,"C:\Windows\SysWOW64\cmd.exeskype.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1452"C:\Users\admin\Desktop\SWIFT0037261762.exe" C:\Users\admin\Desktop\SWIFT0037261762.exe
explorer.exe
User:
admin
Company:
9EJJDD=74A3@G=C:FG?CJH23
Integrity Level:
MEDIUM
Description:
A<9?>CDD2?=BGIBF:=549
Exit code:
0
Version:
9.14.19.24
Modules
Images
c:\users\admin\desktop\swift0037261762.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2236"C:\Windows\SysWOW64\cmstp.exe"C:\Windows\SysWOW64\cmstp.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Connection Manager Profile Installer
Version:
7.2.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
3096ping 127.0.0.1 -n 8 C:\Windows\SysWOW64\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
4608"cmd" /c ping 127.0.0.1 -n 9 > nul && REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\skype\skype.exe,"C:\Windows\SysWOW64\cmd.exeSWIFT0037261762.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5124"C:\Users\admin\AppData\Local\Temp\skype.exe" C:\Users\admin\AppData\Local\Temp\skype.exe
SWIFT0037261762.exe
User:
admin
Company:
9EJJDD=74A3@G=C:FG?CJH23
Integrity Level:
MEDIUM
Description:
A<9?>CDD2?=BGIBF:=549
Exit code:
0
Version:
9.14.19.24
Modules
Images
c:\users\admin\appdata\local\temp\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
5164\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5492C:\WINDOWS\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shcore.dll
5824%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\System32\csrss.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Client Server Runtime Process
Version:
10.0.19041.1 (WinBuild.160101.0800)
Total events
7 055
Read events
7 049
Write events
6
Delete events
0

Modification events

(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
Operation:writeName:IconLayouts
Value:
00000000000000000000000000000000030001000100010011000000000000002C000000000000003A003A007B00360034003500460046003000340030002D0035003000380031002D0031003000310042002D0039004600300038002D003000300041004100300030003200460039003500340045007D003E002000200000001000000000000000430043006C00650061006E00650072002E006C006E006B003E0020007C0000001500000000000000410064006F006200650020004100630072006F006200610074002E006C006E006B003E0020007C0000000F00000000000000460069007200650066006F0078002E006C006E006B003E0020007C000000150000000000000047006F006F0067006C00650020004300680072006F006D0065002E006C006E006B003E0020007C000000180000000000000056004C00430020006D006500640069006100200070006C0061007900650072002E006C006E006B003E0020007C00000016000000000000004D006900630072006F0073006F0066007400200045006400670065002E006C006E006B003E0020007C0000000D0000000000000053006B007900700065002E006C006E006B003E0020007C00000012000000000000006300610074006D006500740068006F00640073002E007200740066003E002000200000001400000000000000630065006E00740075007200790066006F007200630065002E0070006E0067003E0020002000000011000000000000006400690065006900730073007500650073002E007200740066003E0020002000000017000000000000006400690076006900730069006F006E007000610063006B006100670065002E0070006E0067003E002000200000001400000000000000670072006500610074006F007500740064006F006F0072002E007200740066003E0020002000000014000000000000006D006100670061007A0069006E0065007300630061006E002E007200740066003E002000200000000F0000000000000070006800700074006500630068002E0070006E0067003E002000200000000F0000000000000074006100780077006F006F0064002E0070006E0067003E002000200000000F0000000000000077006100730074006F006F006B002E0070006E0067003E00200020000000010000000000000002000100000000000000000001000000000000000200010000000000000000001100000006000000010000001100000000000000000000000000000000000000803F0000004008000000803F0000404009000000803F000080400A000000803F0000A0400B0000000040000000000C00000000400000803F0D0000000040000000400E0000000040000040400F0000000040000080401000000000000000803F0100000000000000004002000000000000004040030000000000000080400400000000000000A04005000000803F0000000006000000803F0000803F0700
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
Operation:writeName:IconNameVersion
Value:
1
(PID) Process:(7420) reg.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Operation:writeName:Shell
Value:
explorer.exe,C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\skype\skype.exe,
(PID) Process:(7384) reg.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Operation:writeName:Shell
Value:
explorer.exe,C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\skype\skype.exe,
Executable files
2
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
1452SWIFT0037261762.exeC:\Users\admin\AppData\Local\Temp\skype.exeexecutable
MD5:33597EEA937DE9FC85C91FC86D4081DA
SHA256:EA4FE51E13F6AB1785535B32345F69EF110E21981BF7DBB09CE02C0BDEC1E43C
7252cmd.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\skype\skype.exeexecutable
MD5:33597EEA937DE9FC85C91FC86D4081DA
SHA256:EA4FE51E13F6AB1785535B32345F69EF110E21981BF7DBB09CE02C0BDEC1E43C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
45
DNS requests
16
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
304
20.12.23.50:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
7644
SIHClient.exe
GET
200
2.16.164.122:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7644
SIHClient.exe
GET
200
2.16.164.122:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
7644
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7644
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
7644
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
7644
SIHClient.exe
GET
200
2.16.164.122:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
7644
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
GET
200
40.69.42.241:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
7644
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
20.197.71.89:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
SG
whitelisted
6544
svchost.exe
20.190.160.3:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1020
backgroundTaskHost.exe
20.31.169.57:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7644
SIHClient.exe
20.109.210.53:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7644
SIHClient.exe
2.16.164.122:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
7644
SIHClient.exe
23.219.150.101:80
www.microsoft.com
AKAMAI-AS
CL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
google.com
  • 142.250.185.142
whitelisted
client.wns.windows.com
  • 20.197.71.89
whitelisted
login.live.com
  • 20.190.160.3
  • 20.190.160.130
  • 20.190.160.4
  • 20.190.160.17
  • 20.190.160.64
  • 20.190.160.67
  • 20.190.160.65
  • 40.126.32.68
whitelisted
arc.msn.com
  • 20.31.169.57
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
crl.microsoft.com
  • 2.16.164.122
  • 2.16.164.40
  • 2.16.164.9
  • 2.16.164.99
  • 2.16.164.89
  • 2.16.164.120
  • 2.16.164.107
  • 2.16.164.24
  • 2.16.164.98
whitelisted
www.microsoft.com
  • 23.219.150.101
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

PID
Process
Class
Message
5492
explorer.exe
Malware Command and Control Activity Detected
ET MALWARE FormBook CnC Checkin (GET)
2196
svchost.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SWIFT0037261762.exe