Windows Analysis Report SWIFT.exe

AI detected suspicious sample

Source: Yara match	File source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: SWIFT.exe

Joe Sandbox ML: detected

Source: SWIFT.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SWIFT.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: SWIFT.exe, 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1752574924.000000000178C000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1750598446.00000000015DF000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000002.1785601892.0000000001ADE000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SWIFT.exe, SWIFT.exe, 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1752574924.000000000178C000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1750598446.00000000015DF000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000002.1785601892.0000000001ADE000.00000040.00001000.00020000.00000000.sdmp

E-Banking Fraud

Malicious sample detected (through community Yara rule)

Source: Yara match	File source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

System Summary

Source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F1C483 NtClose,	0_2_00F1C483
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2B60 NtClose,LdrInitializeThunk,	0_2_019B2B60
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2DF0 NtQuerySystemInformation,LdrInitializeThunk,	0_2_019B2DF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2C70 NtFreeVirtualMemory,LdrInitializeThunk,	0_2_019B2C70
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B35C0 NtCreateMutant,LdrInitializeThunk,	0_2_019B35C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B4340 NtSetContextThread,	0_2_019B4340
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B4650 NtSuspendThread,	0_2_019B4650
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2B80 NtQueryInformationFile,	0_2_019B2B80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2BA0 NtEnumerateValueKey,	0_2_019B2BA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2BF0 NtAllocateVirtualMemory,	0_2_019B2BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2BE0 NtQueryValueKey,	0_2_019B2BE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2AB0 NtWaitForSingleObject,	0_2_019B2AB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2AD0 NtReadFile,	0_2_019B2AD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2AF0 NtWriteFile,	0_2_019B2AF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2DB0 NtEnumerateKey,	0_2_019B2DB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2DD0 NtDelayExecution,	0_2_019B2DD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2D10 NtMapViewOfSection,	0_2_019B2D10
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2D00 NtSetInformationFile,	0_2_019B2D00
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2D30 NtUnmapViewOfSection,	0_2_019B2D30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2CA0 NtQueryInformationToken,	0_2_019B2CA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2CC0 NtQueryVirtualMemory,	0_2_019B2CC0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2CF0 NtOpenProcess,	0_2_019B2CF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2C00 NtQueryInformationProcess,	0_2_019B2C00
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2C60 NtCreateKey,	0_2_019B2C60
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2F90 NtProtectVirtualMemory,	0_2_019B2F90
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2FB0 NtResumeThread,	0_2_019B2FB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2FA0 NtQuerySection,	0_2_019B2FA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2FE0 NtCreateFile,	0_2_019B2FE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2F30 NtCreateSection,	0_2_019B2F30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2F60 NtCreateProcessEx,	0_2_019B2F60
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2E80 NtReadVirtualMemory,	0_2_019B2E80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2EA0 NtAdjustPrivilegesToken,	0_2_019B2EA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2EE0 NtQueueApcThread,	0_2_019B2EE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2E30 NtWriteVirtualMemory,	0_2_019B2E30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B3090 NtSetValueKey,	0_2_019B3090
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B3010 NtOpenDirectoryObject,	0_2_019B3010
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B39B0 NtGetContextThread,	0_2_019B39B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B3D10 NtOpenProcessToken,	0_2_019B3D10
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B3D70 NtOpenThread,	0_2_019B3D70

Detected potential crypto function

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF3060	0_2_00EF3060
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF1000	0_2_00EF1000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF118B	0_2_00EF118B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF1190	0_2_00EF1190
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F1EAA3	0_2_00F1EAA3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF1300	0_2_00EF1300
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF24E0	0_2_00EF24E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFFCAC	0_2_00EFFCAC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFFCB3	0_2_00EFFCB3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFDEF7	0_2_00EFDEF7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFFED3	0_2_00EFFED3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F06643	0_2_00F06643
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFDF49	0_2_00EFDF49
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFDF53	0_2_00EFDF53
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A341A2	0_2_01A341A2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A401AA	0_2_01A401AA
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A381CC	0_2_01A381CC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970100	0_2_01970100
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A08158	0_2_01A08158
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A403E6	0_2_01A403E6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E3F0	0_2_0198E3F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3A352	0_2_01A3A352
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A002C0	0_2_01A002C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A40591	0_2_01A40591
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2E4F6	0_2_01A2E4F6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24420	0_2_01A24420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A32446	0_2_01A32446
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197C7C0	0_2_0197C7C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A4750	0_2_019A4750
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199C6E0	0_2_0199C6E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A4A9A6	0_2_01A4A9A6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01996962	0_2_01996962
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019668B8	0_2_019668B8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE8F0	0_2_019AE8F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198A840	0_2_0198A840
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01982840	0_2_01982840
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A36BD7	0_2_01A36BD7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3AB40	0_2_01A3AB40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01998DBF	0_2_01998DBF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197ADE0	0_2_0197ADE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198AD00	0_2_0198AD00
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1CD1F	0_2_01A1CD1F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20CB5	0_2_01A20CB5
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970CF2	0_2_01970CF2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980C00	0_2_01980C00
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FEFA0	0_2_019FEFA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01972FC8	0_2_01972FC8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198CFE0	0_2_0198CFE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A22F30	0_2_01A22F30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A0F30	0_2_019A0F30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C2F28	0_2_019C2F28
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F4F40	0_2_019F4F40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992E90	0_2_01992E90
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3CE93	0_2_01A3CE93
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3EEDB	0_2_01A3EEDB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3EE26	0_2_01A3EE26
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980E59	0_2_01980E59
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198B1B0	0_2_0198B1B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A4B16B	0_2_01A4B16B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196F172	0_2_0196F172
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B516C	0_2_019B516C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3F0E0	0_2_01A3F0E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A370E9	0_2_01A370E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019870C0	0_2_019870C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2F0CC	0_2_01A2F0CC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C739A	0_2_019C739A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3132D	0_2_01A3132D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196D34C	0_2_0196D34C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019852A0	0_2_019852A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A212ED	0_2_01A212ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199B2C0	0_2_0199B2C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1D5B0	0_2_01A1D5B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A37571	0_2_01A37571
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3F43F	0_2_01A3F43F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01971460	0_2_01971460
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3F7B0	0_2_01A3F7B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A316CC	0_2_01A316CC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A15910	0_2_01A15910
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01989950	0_2_01989950
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199B950	0_2_0199B950
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019838E0	0_2_019838E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ED800	0_2_019ED800
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199FB80	0_2_0199FB80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019BDBF9	0_2_019BDBF9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F5BF0	0_2_019F5BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FB76	0_2_01A3FB76
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A21AA3	0_2_01A21AA3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1DAAC	0_2_01A1DAAC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C5AA0	0_2_019C5AA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2DAC6	0_2_01A2DAC6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A37A46	0_2_01A37A46
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FA49	0_2_01A3FA49
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F3A6C	0_2_019F3A6C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199FDC0	0_2_0199FDC0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A37D73	0_2_01A37D73
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01983D40	0_2_01983D40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A31D5A	0_2_01A31D5A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FCF2	0_2_01A3FCF2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F9C32	0_2_019F9C32
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01981F92	0_2_01981F92
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FFB1	0_2_01A3FFB1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FF09	0_2_01A3FF09
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01989EB0	0_2_01989EB0

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 0196B970 appears 280 times
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 019C7E54 appears 102 times
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 019B5130 appears 58 times
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 019FF290 appears 105 times
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 019EEA12 appears 86 times

PE file does not import any functions

Source: SWIFT.exe

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: SWIFT.exe, 00000000.00000002.1785601892.0000000001A6D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SWIFT.exe
Source: SWIFT.exe, 00000000.00000003.1752574924.00000000018B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SWIFT.exe
Source: SWIFT.exe, 00000000.00000003.1750598446.0000000001702000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SWIFT.exe

Source: SWIFT.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: SWIFT.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SWIFT.exe

Static PE information: Section .text

Source: classification engine

Classification label: mal80.troj.winEXE@1/0@0/0

Source: SWIFT.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SWIFT.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: SWIFT.exe

ReversingLabs: Detection: 87%

Source: C:\Users\user\Desktop\SWIFT.exe

Section loaded: apphelp.dll

Uses code obfuscation techniques (call, push, ret)

Source: SWIFT.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: SWIFT.exe, 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1752574924.000000000178C000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1750598446.00000000015DF000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000002.1785601892.0000000001ADE000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SWIFT.exe, SWIFT.exe, 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1752574924.000000000178C000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1750598446.00000000015DF000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000002.1785601892.0000000001ADE000.00000040.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F14054 push esi; ret	0_2_00F14055
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF2145 pushad ; retf	0_2_00EF2170
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF32E0 push eax; ret	0_2_00EF32E2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F13BEB push esp; retf	0_2_00F13BF3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F13C2A push cs; retf	0_2_00F13C9D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F13C05 push esp; retf	0_2_00F13BF3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F13C05 push cs; retf	0_2_00F13C9D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F12592 push es; retn 0000h	0_2_00F1259A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F0163E push cs; retf	0_2_00F0164B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019709AD push ecx; mov dword ptr [esp], ecx	0_2_019709B6

Source: SWIFT.exe

Static PE information: section name: .text entropy: 7.99490496710245

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\SWIFT.exe

Code function: 0_2_019B096E rdtsc

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SWIFT.exe

API coverage: 0.7 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\SWIFT.exe TID: 6872

Thread sleep time: -30000s >= -30000s

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SWIFT.exe

Process information queried: ProcessInformation

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\SWIFT.exe

Process queried: DebugPort

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\SWIFT.exe

Code function: 0_2_019B096E rdtsc

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\SWIFT.exe

Code function: 0_2_00F075F3 LdrLoadDll,

0_2_00F075F3

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F019F mov eax, dword ptr fs:[00000030h]	0_2_019F019F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F019F mov eax, dword ptr fs:[00000030h]	0_2_019F019F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F019F mov eax, dword ptr fs:[00000030h]	0_2_019F019F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F019F mov eax, dword ptr fs:[00000030h]	0_2_019F019F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A197 mov eax, dword ptr fs:[00000030h]	0_2_0196A197
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A197 mov eax, dword ptr fs:[00000030h]	0_2_0196A197
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A197 mov eax, dword ptr fs:[00000030h]	0_2_0196A197
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B0185 mov eax, dword ptr fs:[00000030h]	0_2_019B0185
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A14180 mov eax, dword ptr fs:[00000030h]	0_2_01A14180
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A14180 mov eax, dword ptr fs:[00000030h]	0_2_01A14180
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2C188 mov eax, dword ptr fs:[00000030h]	0_2_01A2C188
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2C188 mov eax, dword ptr fs:[00000030h]	0_2_01A2C188
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A461E5 mov eax, dword ptr fs:[00000030h]	0_2_01A461E5
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov eax, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov eax, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov ecx, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov eax, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov eax, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A361C3 mov eax, dword ptr fs:[00000030h]	0_2_01A361C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A361C3 mov eax, dword ptr fs:[00000030h]	0_2_01A361C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A01F8 mov eax, dword ptr fs:[00000030h]	0_2_019A01F8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov ecx, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov ecx, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov ecx, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov ecx, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A30115 mov eax, dword ptr fs:[00000030h]	0_2_01A30115
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118 mov ecx, dword ptr fs:[00000030h]	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118 mov eax, dword ptr fs:[00000030h]	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118 mov eax, dword ptr fs:[00000030h]	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118 mov eax, dword ptr fs:[00000030h]	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A0124 mov eax, dword ptr fs:[00000030h]	0_2_019A0124
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C156 mov eax, dword ptr fs:[00000030h]	0_2_0196C156
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976154 mov eax, dword ptr fs:[00000030h]	0_2_01976154
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976154 mov eax, dword ptr fs:[00000030h]	0_2_01976154
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov eax, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov eax, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov ecx, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov eax, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov eax, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A08158 mov eax, dword ptr fs:[00000030h]	0_2_01A08158
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A080A8 mov eax, dword ptr fs:[00000030h]	0_2_01A080A8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A360B8 mov eax, dword ptr fs:[00000030h]	0_2_01A360B8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A360B8 mov ecx, dword ptr fs:[00000030h]	0_2_01A360B8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197208A mov eax, dword ptr fs:[00000030h]	0_2_0197208A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F20DE mov eax, dword ptr fs:[00000030h]	0_2_019F20DE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C0F0 mov eax, dword ptr fs:[00000030h]	0_2_0196C0F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B20F0 mov ecx, dword ptr fs:[00000030h]	0_2_019B20F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A0E3 mov ecx, dword ptr fs:[00000030h]	0_2_0196A0E3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019780E9 mov eax, dword ptr fs:[00000030h]	0_2_019780E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F60E0 mov eax, dword ptr fs:[00000030h]	0_2_019F60E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E016 mov eax, dword ptr fs:[00000030h]	0_2_0198E016
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E016 mov eax, dword ptr fs:[00000030h]	0_2_0198E016
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E016 mov eax, dword ptr fs:[00000030h]	0_2_0198E016
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E016 mov eax, dword ptr fs:[00000030h]	0_2_0198E016
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06030 mov eax, dword ptr fs:[00000030h]	0_2_01A06030
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F4000 mov ecx, dword ptr fs:[00000030h]	0_2_019F4000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A020 mov eax, dword ptr fs:[00000030h]	0_2_0196A020
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C020 mov eax, dword ptr fs:[00000030h]	0_2_0196C020
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01972050 mov eax, dword ptr fs:[00000030h]	0_2_01972050
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6050 mov eax, dword ptr fs:[00000030h]	0_2_019F6050
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199C073 mov eax, dword ptr fs:[00000030h]	0_2_0199C073
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968397 mov eax, dword ptr fs:[00000030h]	0_2_01968397
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968397 mov eax, dword ptr fs:[00000030h]	0_2_01968397
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968397 mov eax, dword ptr fs:[00000030h]	0_2_01968397
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199438F mov eax, dword ptr fs:[00000030h]	0_2_0199438F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199438F mov eax, dword ptr fs:[00000030h]	0_2_0199438F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E388 mov eax, dword ptr fs:[00000030h]	0_2_0196E388
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E388 mov eax, dword ptr fs:[00000030h]	0_2_0196E388
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E388 mov eax, dword ptr fs:[00000030h]	0_2_0196E388
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019783C0 mov eax, dword ptr fs:[00000030h]	0_2_019783C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019783C0 mov eax, dword ptr fs:[00000030h]	0_2_019783C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019783C0 mov eax, dword ptr fs:[00000030h]	0_2_019783C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019783C0 mov eax, dword ptr fs:[00000030h]	0_2_019783C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F63C0 mov eax, dword ptr fs:[00000030h]	0_2_019F63C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A63FF mov eax, dword ptr fs:[00000030h]	0_2_019A63FF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E3F0 mov eax, dword ptr fs:[00000030h]	0_2_0198E3F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E3F0 mov eax, dword ptr fs:[00000030h]	0_2_0198E3F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E3F0 mov eax, dword ptr fs:[00000030h]	0_2_0198E3F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2C3CD mov eax, dword ptr fs:[00000030h]	0_2_01A2C3CD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A143D4 mov eax, dword ptr fs:[00000030h]	0_2_01A143D4
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A143D4 mov eax, dword ptr fs:[00000030h]	0_2_01A143D4
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E3DB mov eax, dword ptr fs:[00000030h]	0_2_01A1E3DB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E3DB mov eax, dword ptr fs:[00000030h]	0_2_01A1E3DB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E3DB mov ecx, dword ptr fs:[00000030h]	0_2_01A1E3DB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E3DB mov eax, dword ptr fs:[00000030h]	0_2_01A1E3DB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C310 mov ecx, dword ptr fs:[00000030h]	0_2_0196C310
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01990310 mov ecx, dword ptr fs:[00000030h]	0_2_01990310
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA30B mov eax, dword ptr fs:[00000030h]	0_2_019AA30B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA30B mov eax, dword ptr fs:[00000030h]	0_2_019AA30B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA30B mov eax, dword ptr fs:[00000030h]	0_2_019AA30B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov ecx, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1437C mov eax, dword ptr fs:[00000030h]	0_2_01A1437C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3A352 mov eax, dword ptr fs:[00000030h]	0_2_01A3A352
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A18350 mov ecx, dword ptr fs:[00000030h]	0_2_01A18350
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov ecx, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F0283 mov eax, dword ptr fs:[00000030h]	0_2_019F0283
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F0283 mov eax, dword ptr fs:[00000030h]	0_2_019F0283
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F0283 mov eax, dword ptr fs:[00000030h]	0_2_019F0283
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE284 mov eax, dword ptr fs:[00000030h]	0_2_019AE284
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE284 mov eax, dword ptr fs:[00000030h]	0_2_019AE284
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802A0 mov eax, dword ptr fs:[00000030h]	0_2_019802A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802A0 mov eax, dword ptr fs:[00000030h]	0_2_019802A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802E1 mov eax, dword ptr fs:[00000030h]	0_2_019802E1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802E1 mov eax, dword ptr fs:[00000030h]	0_2_019802E1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802E1 mov eax, dword ptr fs:[00000030h]	0_2_019802E1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196823B mov eax, dword ptr fs:[00000030h]	0_2_0196823B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A250 mov eax, dword ptr fs:[00000030h]	0_2_0196A250
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976259 mov eax, dword ptr fs:[00000030h]	0_2_01976259
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F8243 mov eax, dword ptr fs:[00000030h]	0_2_019F8243
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F8243 mov ecx, dword ptr fs:[00000030h]	0_2_019F8243
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2A250 mov eax, dword ptr fs:[00000030h]	0_2_01A2A250
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2A250 mov eax, dword ptr fs:[00000030h]	0_2_01A2A250
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974260 mov eax, dword ptr fs:[00000030h]	0_2_01974260
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974260 mov eax, dword ptr fs:[00000030h]	0_2_01974260
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974260 mov eax, dword ptr fs:[00000030h]	0_2_01974260
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196826B mov eax, dword ptr fs:[00000030h]	0_2_0196826B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE59C mov eax, dword ptr fs:[00000030h]	0_2_019AE59C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A4588 mov eax, dword ptr fs:[00000030h]	0_2_019A4588
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01972582 mov eax, dword ptr fs:[00000030h]	0_2_01972582
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01972582 mov ecx, dword ptr fs:[00000030h]	0_2_01972582
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019945B1 mov eax, dword ptr fs:[00000030h]	0_2_019945B1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019945B1 mov eax, dword ptr fs:[00000030h]	0_2_019945B1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F05A7 mov eax, dword ptr fs:[00000030h]	0_2_019F05A7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F05A7 mov eax, dword ptr fs:[00000030h]	0_2_019F05A7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F05A7 mov eax, dword ptr fs:[00000030h]	0_2_019F05A7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019765D0 mov eax, dword ptr fs:[00000030h]	0_2_019765D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA5D0 mov eax, dword ptr fs:[00000030h]	0_2_019AA5D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA5D0 mov eax, dword ptr fs:[00000030h]	0_2_019AA5D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE5CF mov eax, dword ptr fs:[00000030h]	0_2_019AE5CF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE5CF mov eax, dword ptr fs:[00000030h]	0_2_019AE5CF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019725E0 mov eax, dword ptr fs:[00000030h]	0_2_019725E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC5ED mov eax, dword ptr fs:[00000030h]	0_2_019AC5ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC5ED mov eax, dword ptr fs:[00000030h]	0_2_019AC5ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06500 mov eax, dword ptr fs:[00000030h]	0_2_01A06500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978550 mov eax, dword ptr fs:[00000030h]	0_2_01978550
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978550 mov eax, dword ptr fs:[00000030h]	0_2_01978550
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A656A mov eax, dword ptr fs:[00000030h]	0_2_019A656A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A656A mov eax, dword ptr fs:[00000030h]	0_2_019A656A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A656A mov eax, dword ptr fs:[00000030h]	0_2_019A656A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A44B0 mov ecx, dword ptr fs:[00000030h]	0_2_019A44B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FA4B0 mov eax, dword ptr fs:[00000030h]	0_2_019FA4B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2A49A mov eax, dword ptr fs:[00000030h]	0_2_01A2A49A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019764AB mov eax, dword ptr fs:[00000030h]	0_2_019764AB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019704E5 mov ecx, dword ptr fs:[00000030h]	0_2_019704E5
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8402 mov eax, dword ptr fs:[00000030h]	0_2_019A8402
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8402 mov eax, dword ptr fs:[00000030h]	0_2_019A8402
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8402 mov eax, dword ptr fs:[00000030h]	0_2_019A8402
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA430 mov eax, dword ptr fs:[00000030h]	0_2_019AA430
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C427 mov eax, dword ptr fs:[00000030h]	0_2_0196C427
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E420 mov eax, dword ptr fs:[00000030h]	0_2_0196E420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E420 mov eax, dword ptr fs:[00000030h]	0_2_0196E420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E420 mov eax, dword ptr fs:[00000030h]	0_2_0196E420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199245A mov eax, dword ptr fs:[00000030h]	0_2_0199245A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196645D mov eax, dword ptr fs:[00000030h]	0_2_0196645D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199A470 mov eax, dword ptr fs:[00000030h]	0_2_0199A470
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199A470 mov eax, dword ptr fs:[00000030h]	0_2_0199A470
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199A470 mov eax, dword ptr fs:[00000030h]	0_2_0199A470
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2A456 mov eax, dword ptr fs:[00000030h]	0_2_01A2A456
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC460 mov ecx, dword ptr fs:[00000030h]	0_2_019FC460
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A247A0 mov eax, dword ptr fs:[00000030h]	0_2_01A247A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1678E mov eax, dword ptr fs:[00000030h]	0_2_01A1678E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019707AF mov eax, dword ptr fs:[00000030h]	0_2_019707AF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197C7C0 mov eax, dword ptr fs:[00000030h]	0_2_0197C7C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F07C3 mov eax, dword ptr fs:[00000030h]	0_2_019F07C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019747FB mov eax, dword ptr fs:[00000030h]	0_2_019747FB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019747FB mov eax, dword ptr fs:[00000030h]	0_2_019747FB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019927ED mov eax, dword ptr fs:[00000030h]	0_2_019927ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019927ED mov eax, dword ptr fs:[00000030h]	0_2_019927ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019927ED mov eax, dword ptr fs:[00000030h]	0_2_019927ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE7E1 mov eax, dword ptr fs:[00000030h]	0_2_019FE7E1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970710 mov eax, dword ptr fs:[00000030h]	0_2_01970710
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A0710 mov eax, dword ptr fs:[00000030h]	0_2_019A0710
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC700 mov eax, dword ptr fs:[00000030h]	0_2_019AC700
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A273C mov eax, dword ptr fs:[00000030h]	0_2_019A273C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A273C mov ecx, dword ptr fs:[00000030h]	0_2_019A273C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A273C mov eax, dword ptr fs:[00000030h]	0_2_019A273C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EC730 mov eax, dword ptr fs:[00000030h]	0_2_019EC730
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC720 mov eax, dword ptr fs:[00000030h]	0_2_019AC720
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC720 mov eax, dword ptr fs:[00000030h]	0_2_019AC720
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE75D mov eax, dword ptr fs:[00000030h]	0_2_019FE75D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970750 mov eax, dword ptr fs:[00000030h]	0_2_01970750
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F4755 mov eax, dword ptr fs:[00000030h]	0_2_019F4755
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2750 mov eax, dword ptr fs:[00000030h]	0_2_019B2750
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2750 mov eax, dword ptr fs:[00000030h]	0_2_019B2750
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A674D mov esi, dword ptr fs:[00000030h]	0_2_019A674D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A674D mov eax, dword ptr fs:[00000030h]	0_2_019A674D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A674D mov eax, dword ptr fs:[00000030h]	0_2_019A674D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978770 mov eax, dword ptr fs:[00000030h]	0_2_01978770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974690 mov eax, dword ptr fs:[00000030h]	0_2_01974690
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974690 mov eax, dword ptr fs:[00000030h]	0_2_01974690
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A66B0 mov eax, dword ptr fs:[00000030h]	0_2_019A66B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC6A6 mov eax, dword ptr fs:[00000030h]	0_2_019AC6A6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA6C7 mov ebx, dword ptr fs:[00000030h]	0_2_019AA6C7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA6C7 mov eax, dword ptr fs:[00000030h]	0_2_019AA6C7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE6F2 mov eax, dword ptr fs:[00000030h]	0_2_019EE6F2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE6F2 mov eax, dword ptr fs:[00000030h]	0_2_019EE6F2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE6F2 mov eax, dword ptr fs:[00000030h]	0_2_019EE6F2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE6F2 mov eax, dword ptr fs:[00000030h]	0_2_019EE6F2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F06F1 mov eax, dword ptr fs:[00000030h]	0_2_019F06F1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F06F1 mov eax, dword ptr fs:[00000030h]	0_2_019F06F1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2619 mov eax, dword ptr fs:[00000030h]	0_2_019B2619
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE609 mov eax, dword ptr fs:[00000030h]	0_2_019EE609
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A6620 mov eax, dword ptr fs:[00000030h]	0_2_019A6620
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8620 mov eax, dword ptr fs:[00000030h]	0_2_019A8620
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197262C mov eax, dword ptr fs:[00000030h]	0_2_0197262C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E627 mov eax, dword ptr fs:[00000030h]	0_2_0198E627
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3866E mov eax, dword ptr fs:[00000030h]	0_2_01A3866E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3866E mov eax, dword ptr fs:[00000030h]	0_2_01A3866E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198C640 mov eax, dword ptr fs:[00000030h]	0_2_0198C640
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A2674 mov eax, dword ptr fs:[00000030h]	0_2_019A2674
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA660 mov eax, dword ptr fs:[00000030h]	0_2_019AA660
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA660 mov eax, dword ptr fs:[00000030h]	0_2_019AA660
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F89B3 mov esi, dword ptr fs:[00000030h]	0_2_019F89B3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F89B3 mov eax, dword ptr fs:[00000030h]	0_2_019F89B3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F89B3 mov eax, dword ptr fs:[00000030h]	0_2_019F89B3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019709AD mov eax, dword ptr fs:[00000030h]	0_2_019709AD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019709AD mov eax, dword ptr fs:[00000030h]	0_2_019709AD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A49D0 mov eax, dword ptr fs:[00000030h]	0_2_019A49D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A069C0 mov eax, dword ptr fs:[00000030h]	0_2_01A069C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A29F9 mov eax, dword ptr fs:[00000030h]	0_2_019A29F9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A29F9 mov eax, dword ptr fs:[00000030h]	0_2_019A29F9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3A9D3 mov eax, dword ptr fs:[00000030h]	0_2_01A3A9D3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE9E0 mov eax, dword ptr fs:[00000030h]	0_2_019FE9E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A0892B mov eax, dword ptr fs:[00000030h]	0_2_01A0892B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC912 mov eax, dword ptr fs:[00000030h]	0_2_019FC912
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968918 mov eax, dword ptr fs:[00000030h]	0_2_01968918
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968918 mov eax, dword ptr fs:[00000030h]	0_2_01968918
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE908 mov eax, dword ptr fs:[00000030h]	0_2_019EE908
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE908 mov eax, dword ptr fs:[00000030h]	0_2_019EE908
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F892A mov eax, dword ptr fs:[00000030h]	0_2_019F892A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F0946 mov eax, dword ptr fs:[00000030h]	0_2_019F0946
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A14978 mov eax, dword ptr fs:[00000030h]	0_2_01A14978
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A14978 mov eax, dword ptr fs:[00000030h]	0_2_01A14978
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC97C mov eax, dword ptr fs:[00000030h]	0_2_019FC97C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B096E mov eax, dword ptr fs:[00000030h]	0_2_019B096E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B096E mov edx, dword ptr fs:[00000030h]	0_2_019B096E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B096E mov eax, dword ptr fs:[00000030h]	0_2_019B096E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01996962 mov eax, dword ptr fs:[00000030h]	0_2_01996962
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01996962 mov eax, dword ptr fs:[00000030h]	0_2_01996962
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01996962 mov eax, dword ptr fs:[00000030h]	0_2_01996962
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC89D mov eax, dword ptr fs:[00000030h]	0_2_019FC89D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970887 mov eax, dword ptr fs:[00000030h]	0_2_01970887
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3A8E4 mov eax, dword ptr fs:[00000030h]	0_2_01A3A8E4
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E8C0 mov eax, dword ptr fs:[00000030h]	0_2_0199E8C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC8F9 mov eax, dword ptr fs:[00000030h]	0_2_019AC8F9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC8F9 mov eax, dword ptr fs:[00000030h]	0_2_019AC8F9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC810 mov eax, dword ptr fs:[00000030h]	0_2_019FC810
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1483A mov eax, dword ptr fs:[00000030h]	0_2_01A1483A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1483A mov eax, dword ptr fs:[00000030h]	0_2_01A1483A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA830 mov eax, dword ptr fs:[00000030h]	0_2_019AA830
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov ecx, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974859 mov eax, dword ptr fs:[00000030h]	0_2_01974859
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974859 mov eax, dword ptr fs:[00000030h]	0_2_01974859
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A0854 mov eax, dword ptr fs:[00000030h]	0_2_019A0854
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06870 mov eax, dword ptr fs:[00000030h]	0_2_01A06870
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06870 mov eax, dword ptr fs:[00000030h]	0_2_01A06870
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01982840 mov ecx, dword ptr fs:[00000030h]	0_2_01982840
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE872 mov eax, dword ptr fs:[00000030h]	0_2_019FE872
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE872 mov eax, dword ptr fs:[00000030h]	0_2_019FE872
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24BB0 mov eax, dword ptr fs:[00000030h]	0_2_01A24BB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24BB0 mov eax, dword ptr fs:[00000030h]	0_2_01A24BB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980BBE mov eax, dword ptr fs:[00000030h]	0_2_01980BBE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980BBE mov eax, dword ptr fs:[00000030h]	0_2_01980BBE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01990BCB mov eax, dword ptr fs:[00000030h]	0_2_01990BCB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01990BCB mov eax, dword ptr fs:[00000030h]	0_2_01990BCB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01990BCB mov eax, dword ptr fs:[00000030h]	0_2_01990BCB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970BCD mov eax, dword ptr fs:[00000030h]	0_2_01970BCD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970BCD mov eax, dword ptr fs:[00000030h]	0_2_01970BCD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970BCD mov eax, dword ptr fs:[00000030h]	0_2_01970BCD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199EBFC mov eax, dword ptr fs:[00000030h]	0_2_0199EBFC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978BF0 mov eax, dword ptr fs:[00000030h]	0_2_01978BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978BF0 mov eax, dword ptr fs:[00000030h]	0_2_01978BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978BF0 mov eax, dword ptr fs:[00000030h]	0_2_01978BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FCBF0 mov eax, dword ptr fs:[00000030h]	0_2_019FCBF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1EBD0 mov eax, dword ptr fs:[00000030h]	0_2_01A1EBD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A38B28 mov eax, dword ptr fs:[00000030h]	0_2_01A38B28
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A38B28 mov eax, dword ptr fs:[00000030h]	0_2_01A38B28
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199EB20 mov eax, dword ptr fs:[00000030h]	0_2_0199EB20
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199EB20 mov eax, dword ptr fs:[00000030h]	0_2_0199EB20
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06B40 mov eax, dword ptr fs:[00000030h]	0_2_01A06B40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06B40 mov eax, dword ptr fs:[00000030h]	0_2_01A06B40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3AB40 mov eax, dword ptr fs:[00000030h]	0_2_01A3AB40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A18B42 mov eax, dword ptr fs:[00000030h]	0_2_01A18B42
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196CB7E mov eax, dword ptr fs:[00000030h]	0_2_0196CB7E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24B4B mov eax, dword ptr fs:[00000030h]	0_2_01A24B4B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24B4B mov eax, dword ptr fs:[00000030h]	0_2_01A24B4B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1EB50 mov eax, dword ptr fs:[00000030h]	0_2_01A1EB50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8A90 mov edx, dword ptr fs:[00000030h]	0_2_019A8A90
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44A80 mov eax, dword ptr fs:[00000030h]	0_2_01A44A80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978AA0 mov eax, dword ptr fs:[00000030h]	0_2_01978AA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978AA0 mov eax, dword ptr fs:[00000030h]	0_2_01978AA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C6AA4 mov eax, dword ptr fs:[00000030h]	0_2_019C6AA4
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970AD0 mov eax, dword ptr fs:[00000030h]	0_2_01970AD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A4AD0 mov eax, dword ptr fs:[00000030h]	0_2_019A4AD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A4AD0 mov eax, dword ptr fs:[00000030h]	0_2_019A4AD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C6ACC mov eax, dword ptr fs:[00000030h]	0_2_019C6ACC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C6ACC mov eax, dword ptr fs:[00000030h]	0_2_019C6ACC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C6ACC mov eax, dword ptr fs:[00000030h]	0_2_019C6ACC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AAAEE mov eax, dword ptr fs:[00000030h]	0_2_019AAAEE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AAAEE mov eax, dword ptr fs:[00000030h]	0_2_019AAAEE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FCA11 mov eax, dword ptr fs:[00000030h]	0_2_019FCA11
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA38 mov eax, dword ptr fs:[00000030h]	0_2_019ACA38
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01994A35 mov eax, dword ptr fs:[00000030h]	0_2_01994A35
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01994A35 mov eax, dword ptr fs:[00000030h]	0_2_01994A35
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199EA2E mov eax, dword ptr fs:[00000030h]	0_2_0199EA2E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA24 mov eax, dword ptr fs:[00000030h]	0_2_019ACA24
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1EA60 mov eax, dword ptr fs:[00000030h]	0_2_01A1EA60
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980A5B mov eax, dword ptr fs:[00000030h]	0_2_01980A5B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980A5B mov eax, dword ptr fs:[00000030h]	0_2_01980A5B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ECA72 mov eax, dword ptr fs:[00000030h]	0_2_019ECA72
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ECA72 mov eax, dword ptr fs:[00000030h]	0_2_019ECA72
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA6F mov eax, dword ptr fs:[00000030h]	0_2_019ACA6F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA6F mov eax, dword ptr fs:[00000030h]	0_2_019ACA6F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA6F mov eax, dword ptr fs:[00000030h]	0_2_019ACA6F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44DAD mov eax, dword ptr fs:[00000030h]	0_2_01A44DAD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A38DAE mov eax, dword ptr fs:[00000030h]	0_2_01A38DAE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A38DAE mov eax, dword ptr fs:[00000030h]	0_2_01A38DAE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01998DBF mov eax, dword ptr fs:[00000030h]	0_2_01998DBF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01998DBF mov eax, dword ptr fs:[00000030h]	0_2_01998DBF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACDB1 mov ecx, dword ptr fs:[00000030h]	0_2_019ACDB1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACDB1 mov eax, dword ptr fs:[00000030h]	0_2_019ACDB1

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Stealing of Sensitive Information

Source: Yara match	File source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Remote Access Functionality

Antivirus / Scanner detection for submitted sample

Source: Yara match	File source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Contacted Domains

Name	IP	Active
fp2e7a.wpc.phicdn.net	192.229.221.95	true

AV Detection

Source: SWIFT.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: SWIFT.exe

ReversingLabs: Detection: 87%

AI detected suspicious sample

Source: Yara match	File source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: SWIFT.exe

Joe Sandbox ML: detected

Source: SWIFT.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SWIFT.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: SWIFT.exe, 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1752574924.000000000178C000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1750598446.00000000015DF000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000002.1785601892.0000000001ADE000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SWIFT.exe, SWIFT.exe, 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1752574924.000000000178C000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1750598446.00000000015DF000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000002.1785601892.0000000001ADE000.00000040.00001000.00020000.00000000.sdmp

E-Banking Fraud

Malicious sample detected (through community Yara rule)

Source: Yara match	File source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

System Summary

Source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F1C483 NtClose,	0_2_00F1C483
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2B60 NtClose,LdrInitializeThunk,	0_2_019B2B60
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2DF0 NtQuerySystemInformation,LdrInitializeThunk,	0_2_019B2DF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2C70 NtFreeVirtualMemory,LdrInitializeThunk,	0_2_019B2C70
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B35C0 NtCreateMutant,LdrInitializeThunk,	0_2_019B35C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B4340 NtSetContextThread,	0_2_019B4340
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B4650 NtSuspendThread,	0_2_019B4650
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2B80 NtQueryInformationFile,	0_2_019B2B80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2BA0 NtEnumerateValueKey,	0_2_019B2BA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2BF0 NtAllocateVirtualMemory,	0_2_019B2BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2BE0 NtQueryValueKey,	0_2_019B2BE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2AB0 NtWaitForSingleObject,	0_2_019B2AB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2AD0 NtReadFile,	0_2_019B2AD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2AF0 NtWriteFile,	0_2_019B2AF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2DB0 NtEnumerateKey,	0_2_019B2DB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2DD0 NtDelayExecution,	0_2_019B2DD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2D10 NtMapViewOfSection,	0_2_019B2D10
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2D00 NtSetInformationFile,	0_2_019B2D00
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2D30 NtUnmapViewOfSection,	0_2_019B2D30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2CA0 NtQueryInformationToken,	0_2_019B2CA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2CC0 NtQueryVirtualMemory,	0_2_019B2CC0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2CF0 NtOpenProcess,	0_2_019B2CF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2C00 NtQueryInformationProcess,	0_2_019B2C00
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2C60 NtCreateKey,	0_2_019B2C60
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2F90 NtProtectVirtualMemory,	0_2_019B2F90
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2FB0 NtResumeThread,	0_2_019B2FB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2FA0 NtQuerySection,	0_2_019B2FA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2FE0 NtCreateFile,	0_2_019B2FE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2F30 NtCreateSection,	0_2_019B2F30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2F60 NtCreateProcessEx,	0_2_019B2F60
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2E80 NtReadVirtualMemory,	0_2_019B2E80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2EA0 NtAdjustPrivilegesToken,	0_2_019B2EA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2EE0 NtQueueApcThread,	0_2_019B2EE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2E30 NtWriteVirtualMemory,	0_2_019B2E30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B3090 NtSetValueKey,	0_2_019B3090
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B3010 NtOpenDirectoryObject,	0_2_019B3010
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B39B0 NtGetContextThread,	0_2_019B39B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B3D10 NtOpenProcessToken,	0_2_019B3D10
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B3D70 NtOpenThread,	0_2_019B3D70

Detected potential crypto function

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF3060	0_2_00EF3060
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF1000	0_2_00EF1000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF118B	0_2_00EF118B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF1190	0_2_00EF1190
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F1EAA3	0_2_00F1EAA3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF1300	0_2_00EF1300
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF24E0	0_2_00EF24E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFFCAC	0_2_00EFFCAC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFFCB3	0_2_00EFFCB3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFDEF7	0_2_00EFDEF7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFFED3	0_2_00EFFED3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F06643	0_2_00F06643
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFDF49	0_2_00EFDF49
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFDF53	0_2_00EFDF53
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A341A2	0_2_01A341A2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A401AA	0_2_01A401AA
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A381CC	0_2_01A381CC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970100	0_2_01970100
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A08158	0_2_01A08158
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A403E6	0_2_01A403E6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E3F0	0_2_0198E3F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3A352	0_2_01A3A352
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A002C0	0_2_01A002C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A40591	0_2_01A40591
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2E4F6	0_2_01A2E4F6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24420	0_2_01A24420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A32446	0_2_01A32446
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197C7C0	0_2_0197C7C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A4750	0_2_019A4750
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199C6E0	0_2_0199C6E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A4A9A6	0_2_01A4A9A6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01996962	0_2_01996962
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019668B8	0_2_019668B8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE8F0	0_2_019AE8F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198A840	0_2_0198A840
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01982840	0_2_01982840
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A36BD7	0_2_01A36BD7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3AB40	0_2_01A3AB40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01998DBF	0_2_01998DBF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197ADE0	0_2_0197ADE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198AD00	0_2_0198AD00
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1CD1F	0_2_01A1CD1F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20CB5	0_2_01A20CB5
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970CF2	0_2_01970CF2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980C00	0_2_01980C00
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FEFA0	0_2_019FEFA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01972FC8	0_2_01972FC8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198CFE0	0_2_0198CFE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A22F30	0_2_01A22F30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A0F30	0_2_019A0F30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C2F28	0_2_019C2F28
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F4F40	0_2_019F4F40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992E90	0_2_01992E90
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3CE93	0_2_01A3CE93
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3EEDB	0_2_01A3EEDB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3EE26	0_2_01A3EE26
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980E59	0_2_01980E59
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198B1B0	0_2_0198B1B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A4B16B	0_2_01A4B16B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196F172	0_2_0196F172
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B516C	0_2_019B516C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3F0E0	0_2_01A3F0E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A370E9	0_2_01A370E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019870C0	0_2_019870C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2F0CC	0_2_01A2F0CC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C739A	0_2_019C739A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3132D	0_2_01A3132D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196D34C	0_2_0196D34C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019852A0	0_2_019852A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A212ED	0_2_01A212ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199B2C0	0_2_0199B2C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1D5B0	0_2_01A1D5B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A37571	0_2_01A37571
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3F43F	0_2_01A3F43F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01971460	0_2_01971460
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3F7B0	0_2_01A3F7B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A316CC	0_2_01A316CC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A15910	0_2_01A15910
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01989950	0_2_01989950
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199B950	0_2_0199B950
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019838E0	0_2_019838E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ED800	0_2_019ED800
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199FB80	0_2_0199FB80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019BDBF9	0_2_019BDBF9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F5BF0	0_2_019F5BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FB76	0_2_01A3FB76
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A21AA3	0_2_01A21AA3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1DAAC	0_2_01A1DAAC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C5AA0	0_2_019C5AA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2DAC6	0_2_01A2DAC6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A37A46	0_2_01A37A46
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FA49	0_2_01A3FA49
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F3A6C	0_2_019F3A6C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199FDC0	0_2_0199FDC0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A37D73	0_2_01A37D73
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01983D40	0_2_01983D40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A31D5A	0_2_01A31D5A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FCF2	0_2_01A3FCF2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F9C32	0_2_019F9C32
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01981F92	0_2_01981F92
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FFB1	0_2_01A3FFB1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FF09	0_2_01A3FF09
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01989EB0	0_2_01989EB0

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 0196B970 appears 280 times
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 019C7E54 appears 102 times
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 019B5130 appears 58 times
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 019FF290 appears 105 times
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 019EEA12 appears 86 times

PE file does not import any functions

Source: SWIFT.exe

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: SWIFT.exe, 00000000.00000002.1785601892.0000000001A6D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SWIFT.exe
Source: SWIFT.exe, 00000000.00000003.1752574924.00000000018B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SWIFT.exe
Source: SWIFT.exe, 00000000.00000003.1750598446.0000000001702000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SWIFT.exe

Source: SWIFT.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: SWIFT.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SWIFT.exe

Static PE information: Section .text

Source: classification engine

Classification label: mal80.troj.winEXE@1/0@0/0

Source: SWIFT.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SWIFT.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: SWIFT.exe

ReversingLabs: Detection: 87%

Source: C:\Users\user\Desktop\SWIFT.exe

Section loaded: apphelp.dll

Uses code obfuscation techniques (call, push, ret)

Source: SWIFT.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: SWIFT.exe, 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1752574924.000000000178C000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1750598446.00000000015DF000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000002.1785601892.0000000001ADE000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SWIFT.exe, SWIFT.exe, 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1752574924.000000000178C000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1750598446.00000000015DF000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000002.1785601892.0000000001ADE000.00000040.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F14054 push esi; ret	0_2_00F14055
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF2145 pushad ; retf	0_2_00EF2170
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF32E0 push eax; ret	0_2_00EF32E2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F13BEB push esp; retf	0_2_00F13BF3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F13C2A push cs; retf	0_2_00F13C9D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F13C05 push esp; retf	0_2_00F13BF3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F13C05 push cs; retf	0_2_00F13C9D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F12592 push es; retn 0000h	0_2_00F1259A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F0163E push cs; retf	0_2_00F0164B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019709AD push ecx; mov dword ptr [esp], ecx	0_2_019709B6

Source: SWIFT.exe

Static PE information: section name: .text entropy: 7.99490496710245

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\SWIFT.exe

Code function: 0_2_019B096E rdtsc

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SWIFT.exe

API coverage: 0.7 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\SWIFT.exe TID: 6872

Thread sleep time: -30000s >= -30000s

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SWIFT.exe

Process information queried: ProcessInformation

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\SWIFT.exe

Process queried: DebugPort

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\SWIFT.exe

Code function: 0_2_019B096E rdtsc

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\SWIFT.exe

Code function: 0_2_00F075F3 LdrLoadDll,

0_2_00F075F3

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F019F mov eax, dword ptr fs:[00000030h]	0_2_019F019F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F019F mov eax, dword ptr fs:[00000030h]	0_2_019F019F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F019F mov eax, dword ptr fs:[00000030h]	0_2_019F019F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F019F mov eax, dword ptr fs:[00000030h]	0_2_019F019F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A197 mov eax, dword ptr fs:[00000030h]	0_2_0196A197
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A197 mov eax, dword ptr fs:[00000030h]	0_2_0196A197
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A197 mov eax, dword ptr fs:[00000030h]	0_2_0196A197
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B0185 mov eax, dword ptr fs:[00000030h]	0_2_019B0185
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A14180 mov eax, dword ptr fs:[00000030h]	0_2_01A14180
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A14180 mov eax, dword ptr fs:[00000030h]	0_2_01A14180
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2C188 mov eax, dword ptr fs:[00000030h]	0_2_01A2C188
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2C188 mov eax, dword ptr fs:[00000030h]	0_2_01A2C188
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A461E5 mov eax, dword ptr fs:[00000030h]	0_2_01A461E5
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov eax, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov eax, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov ecx, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov eax, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov eax, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A361C3 mov eax, dword ptr fs:[00000030h]	0_2_01A361C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A361C3 mov eax, dword ptr fs:[00000030h]	0_2_01A361C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A01F8 mov eax, dword ptr fs:[00000030h]	0_2_019A01F8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov ecx, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov ecx, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov ecx, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov ecx, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A30115 mov eax, dword ptr fs:[00000030h]	0_2_01A30115
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118 mov ecx, dword ptr fs:[00000030h]	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118 mov eax, dword ptr fs:[00000030h]	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118 mov eax, dword ptr fs:[00000030h]	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118 mov eax, dword ptr fs:[00000030h]	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A0124 mov eax, dword ptr fs:[00000030h]	0_2_019A0124
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C156 mov eax, dword ptr fs:[00000030h]	0_2_0196C156
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976154 mov eax, dword ptr fs:[00000030h]	0_2_01976154
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976154 mov eax, dword ptr fs:[00000030h]	0_2_01976154
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov eax, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov eax, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov ecx, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov eax, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov eax, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A08158 mov eax, dword ptr fs:[00000030h]	0_2_01A08158
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A080A8 mov eax, dword ptr fs:[00000030h]	0_2_01A080A8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A360B8 mov eax, dword ptr fs:[00000030h]	0_2_01A360B8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A360B8 mov ecx, dword ptr fs:[00000030h]	0_2_01A360B8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197208A mov eax, dword ptr fs:[00000030h]	0_2_0197208A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F20DE mov eax, dword ptr fs:[00000030h]	0_2_019F20DE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C0F0 mov eax, dword ptr fs:[00000030h]	0_2_0196C0F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B20F0 mov ecx, dword ptr fs:[00000030h]	0_2_019B20F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A0E3 mov ecx, dword ptr fs:[00000030h]	0_2_0196A0E3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019780E9 mov eax, dword ptr fs:[00000030h]	0_2_019780E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F60E0 mov eax, dword ptr fs:[00000030h]	0_2_019F60E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E016 mov eax, dword ptr fs:[00000030h]	0_2_0198E016
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E016 mov eax, dword ptr fs:[00000030h]	0_2_0198E016
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E016 mov eax, dword ptr fs:[00000030h]	0_2_0198E016
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E016 mov eax, dword ptr fs:[00000030h]	0_2_0198E016
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06030 mov eax, dword ptr fs:[00000030h]	0_2_01A06030
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F4000 mov ecx, dword ptr fs:[00000030h]	0_2_019F4000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A020 mov eax, dword ptr fs:[00000030h]	0_2_0196A020
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C020 mov eax, dword ptr fs:[00000030h]	0_2_0196C020
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01972050 mov eax, dword ptr fs:[00000030h]	0_2_01972050
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6050 mov eax, dword ptr fs:[00000030h]	0_2_019F6050
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199C073 mov eax, dword ptr fs:[00000030h]	0_2_0199C073
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968397 mov eax, dword ptr fs:[00000030h]	0_2_01968397
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968397 mov eax, dword ptr fs:[00000030h]	0_2_01968397
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968397 mov eax, dword ptr fs:[00000030h]	0_2_01968397
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199438F mov eax, dword ptr fs:[00000030h]	0_2_0199438F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199438F mov eax, dword ptr fs:[00000030h]	0_2_0199438F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E388 mov eax, dword ptr fs:[00000030h]	0_2_0196E388
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E388 mov eax, dword ptr fs:[00000030h]	0_2_0196E388
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E388 mov eax, dword ptr fs:[00000030h]	0_2_0196E388
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019783C0 mov eax, dword ptr fs:[00000030h]	0_2_019783C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019783C0 mov eax, dword ptr fs:[00000030h]	0_2_019783C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019783C0 mov eax, dword ptr fs:[00000030h]	0_2_019783C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019783C0 mov eax, dword ptr fs:[00000030h]	0_2_019783C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F63C0 mov eax, dword ptr fs:[00000030h]	0_2_019F63C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A63FF mov eax, dword ptr fs:[00000030h]	0_2_019A63FF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E3F0 mov eax, dword ptr fs:[00000030h]	0_2_0198E3F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E3F0 mov eax, dword ptr fs:[00000030h]	0_2_0198E3F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E3F0 mov eax, dword ptr fs:[00000030h]	0_2_0198E3F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2C3CD mov eax, dword ptr fs:[00000030h]	0_2_01A2C3CD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A143D4 mov eax, dword ptr fs:[00000030h]	0_2_01A143D4
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A143D4 mov eax, dword ptr fs:[00000030h]	0_2_01A143D4
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E3DB mov eax, dword ptr fs:[00000030h]	0_2_01A1E3DB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E3DB mov eax, dword ptr fs:[00000030h]	0_2_01A1E3DB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E3DB mov ecx, dword ptr fs:[00000030h]	0_2_01A1E3DB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E3DB mov eax, dword ptr fs:[00000030h]	0_2_01A1E3DB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C310 mov ecx, dword ptr fs:[00000030h]	0_2_0196C310
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01990310 mov ecx, dword ptr fs:[00000030h]	0_2_01990310
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA30B mov eax, dword ptr fs:[00000030h]	0_2_019AA30B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA30B mov eax, dword ptr fs:[00000030h]	0_2_019AA30B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA30B mov eax, dword ptr fs:[00000030h]	0_2_019AA30B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov ecx, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1437C mov eax, dword ptr fs:[00000030h]	0_2_01A1437C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3A352 mov eax, dword ptr fs:[00000030h]	0_2_01A3A352
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A18350 mov ecx, dword ptr fs:[00000030h]	0_2_01A18350
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov ecx, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F0283 mov eax, dword ptr fs:[00000030h]	0_2_019F0283
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F0283 mov eax, dword ptr fs:[00000030h]	0_2_019F0283
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F0283 mov eax, dword ptr fs:[00000030h]	0_2_019F0283
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE284 mov eax, dword ptr fs:[00000030h]	0_2_019AE284
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE284 mov eax, dword ptr fs:[00000030h]	0_2_019AE284
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802A0 mov eax, dword ptr fs:[00000030h]	0_2_019802A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802A0 mov eax, dword ptr fs:[00000030h]	0_2_019802A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802E1 mov eax, dword ptr fs:[00000030h]	0_2_019802E1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802E1 mov eax, dword ptr fs:[00000030h]	0_2_019802E1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802E1 mov eax, dword ptr fs:[00000030h]	0_2_019802E1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196823B mov eax, dword ptr fs:[00000030h]	0_2_0196823B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A250 mov eax, dword ptr fs:[00000030h]	0_2_0196A250
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976259 mov eax, dword ptr fs:[00000030h]	0_2_01976259
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F8243 mov eax, dword ptr fs:[00000030h]	0_2_019F8243
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F8243 mov ecx, dword ptr fs:[00000030h]	0_2_019F8243
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2A250 mov eax, dword ptr fs:[00000030h]	0_2_01A2A250
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2A250 mov eax, dword ptr fs:[00000030h]	0_2_01A2A250
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974260 mov eax, dword ptr fs:[00000030h]	0_2_01974260
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974260 mov eax, dword ptr fs:[00000030h]	0_2_01974260
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974260 mov eax, dword ptr fs:[00000030h]	0_2_01974260
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196826B mov eax, dword ptr fs:[00000030h]	0_2_0196826B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE59C mov eax, dword ptr fs:[00000030h]	0_2_019AE59C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A4588 mov eax, dword ptr fs:[00000030h]	0_2_019A4588
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01972582 mov eax, dword ptr fs:[00000030h]	0_2_01972582
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01972582 mov ecx, dword ptr fs:[00000030h]	0_2_01972582
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019945B1 mov eax, dword ptr fs:[00000030h]	0_2_019945B1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019945B1 mov eax, dword ptr fs:[00000030h]	0_2_019945B1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F05A7 mov eax, dword ptr fs:[00000030h]	0_2_019F05A7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F05A7 mov eax, dword ptr fs:[00000030h]	0_2_019F05A7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F05A7 mov eax, dword ptr fs:[00000030h]	0_2_019F05A7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019765D0 mov eax, dword ptr fs:[00000030h]	0_2_019765D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA5D0 mov eax, dword ptr fs:[00000030h]	0_2_019AA5D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA5D0 mov eax, dword ptr fs:[00000030h]	0_2_019AA5D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE5CF mov eax, dword ptr fs:[00000030h]	0_2_019AE5CF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE5CF mov eax, dword ptr fs:[00000030h]	0_2_019AE5CF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019725E0 mov eax, dword ptr fs:[00000030h]	0_2_019725E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC5ED mov eax, dword ptr fs:[00000030h]	0_2_019AC5ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC5ED mov eax, dword ptr fs:[00000030h]	0_2_019AC5ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06500 mov eax, dword ptr fs:[00000030h]	0_2_01A06500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978550 mov eax, dword ptr fs:[00000030h]	0_2_01978550
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978550 mov eax, dword ptr fs:[00000030h]	0_2_01978550
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A656A mov eax, dword ptr fs:[00000030h]	0_2_019A656A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A656A mov eax, dword ptr fs:[00000030h]	0_2_019A656A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A656A mov eax, dword ptr fs:[00000030h]	0_2_019A656A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A44B0 mov ecx, dword ptr fs:[00000030h]	0_2_019A44B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FA4B0 mov eax, dword ptr fs:[00000030h]	0_2_019FA4B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2A49A mov eax, dword ptr fs:[00000030h]	0_2_01A2A49A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019764AB mov eax, dword ptr fs:[00000030h]	0_2_019764AB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019704E5 mov ecx, dword ptr fs:[00000030h]	0_2_019704E5
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8402 mov eax, dword ptr fs:[00000030h]	0_2_019A8402
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8402 mov eax, dword ptr fs:[00000030h]	0_2_019A8402
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8402 mov eax, dword ptr fs:[00000030h]	0_2_019A8402
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA430 mov eax, dword ptr fs:[00000030h]	0_2_019AA430
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C427 mov eax, dword ptr fs:[00000030h]	0_2_0196C427
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E420 mov eax, dword ptr fs:[00000030h]	0_2_0196E420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E420 mov eax, dword ptr fs:[00000030h]	0_2_0196E420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E420 mov eax, dword ptr fs:[00000030h]	0_2_0196E420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199245A mov eax, dword ptr fs:[00000030h]	0_2_0199245A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196645D mov eax, dword ptr fs:[00000030h]	0_2_0196645D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199A470 mov eax, dword ptr fs:[00000030h]	0_2_0199A470
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199A470 mov eax, dword ptr fs:[00000030h]	0_2_0199A470
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199A470 mov eax, dword ptr fs:[00000030h]	0_2_0199A470
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2A456 mov eax, dword ptr fs:[00000030h]	0_2_01A2A456
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC460 mov ecx, dword ptr fs:[00000030h]	0_2_019FC460
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A247A0 mov eax, dword ptr fs:[00000030h]	0_2_01A247A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1678E mov eax, dword ptr fs:[00000030h]	0_2_01A1678E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019707AF mov eax, dword ptr fs:[00000030h]	0_2_019707AF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197C7C0 mov eax, dword ptr fs:[00000030h]	0_2_0197C7C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F07C3 mov eax, dword ptr fs:[00000030h]	0_2_019F07C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019747FB mov eax, dword ptr fs:[00000030h]	0_2_019747FB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019747FB mov eax, dword ptr fs:[00000030h]	0_2_019747FB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019927ED mov eax, dword ptr fs:[00000030h]	0_2_019927ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019927ED mov eax, dword ptr fs:[00000030h]	0_2_019927ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019927ED mov eax, dword ptr fs:[00000030h]	0_2_019927ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE7E1 mov eax, dword ptr fs:[00000030h]	0_2_019FE7E1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970710 mov eax, dword ptr fs:[00000030h]	0_2_01970710
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A0710 mov eax, dword ptr fs:[00000030h]	0_2_019A0710
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC700 mov eax, dword ptr fs:[00000030h]	0_2_019AC700
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A273C mov eax, dword ptr fs:[00000030h]	0_2_019A273C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A273C mov ecx, dword ptr fs:[00000030h]	0_2_019A273C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A273C mov eax, dword ptr fs:[00000030h]	0_2_019A273C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EC730 mov eax, dword ptr fs:[00000030h]	0_2_019EC730
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC720 mov eax, dword ptr fs:[00000030h]	0_2_019AC720
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC720 mov eax, dword ptr fs:[00000030h]	0_2_019AC720
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE75D mov eax, dword ptr fs:[00000030h]	0_2_019FE75D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970750 mov eax, dword ptr fs:[00000030h]	0_2_01970750
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F4755 mov eax, dword ptr fs:[00000030h]	0_2_019F4755
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2750 mov eax, dword ptr fs:[00000030h]	0_2_019B2750
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2750 mov eax, dword ptr fs:[00000030h]	0_2_019B2750
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A674D mov esi, dword ptr fs:[00000030h]	0_2_019A674D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A674D mov eax, dword ptr fs:[00000030h]	0_2_019A674D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A674D mov eax, dword ptr fs:[00000030h]	0_2_019A674D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978770 mov eax, dword ptr fs:[00000030h]	0_2_01978770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974690 mov eax, dword ptr fs:[00000030h]	0_2_01974690
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974690 mov eax, dword ptr fs:[00000030h]	0_2_01974690
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A66B0 mov eax, dword ptr fs:[00000030h]	0_2_019A66B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC6A6 mov eax, dword ptr fs:[00000030h]	0_2_019AC6A6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA6C7 mov ebx, dword ptr fs:[00000030h]	0_2_019AA6C7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA6C7 mov eax, dword ptr fs:[00000030h]	0_2_019AA6C7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE6F2 mov eax, dword ptr fs:[00000030h]	0_2_019EE6F2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE6F2 mov eax, dword ptr fs:[00000030h]	0_2_019EE6F2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE6F2 mov eax, dword ptr fs:[00000030h]	0_2_019EE6F2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE6F2 mov eax, dword ptr fs:[00000030h]	0_2_019EE6F2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F06F1 mov eax, dword ptr fs:[00000030h]	0_2_019F06F1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F06F1 mov eax, dword ptr fs:[00000030h]	0_2_019F06F1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2619 mov eax, dword ptr fs:[00000030h]	0_2_019B2619
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE609 mov eax, dword ptr fs:[00000030h]	0_2_019EE609
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A6620 mov eax, dword ptr fs:[00000030h]	0_2_019A6620
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8620 mov eax, dword ptr fs:[00000030h]	0_2_019A8620
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197262C mov eax, dword ptr fs:[00000030h]	0_2_0197262C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E627 mov eax, dword ptr fs:[00000030h]	0_2_0198E627
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3866E mov eax, dword ptr fs:[00000030h]	0_2_01A3866E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3866E mov eax, dword ptr fs:[00000030h]	0_2_01A3866E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198C640 mov eax, dword ptr fs:[00000030h]	0_2_0198C640
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A2674 mov eax, dword ptr fs:[00000030h]	0_2_019A2674
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA660 mov eax, dword ptr fs:[00000030h]	0_2_019AA660
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA660 mov eax, dword ptr fs:[00000030h]	0_2_019AA660
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F89B3 mov esi, dword ptr fs:[00000030h]	0_2_019F89B3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F89B3 mov eax, dword ptr fs:[00000030h]	0_2_019F89B3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F89B3 mov eax, dword ptr fs:[00000030h]	0_2_019F89B3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019709AD mov eax, dword ptr fs:[00000030h]	0_2_019709AD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019709AD mov eax, dword ptr fs:[00000030h]	0_2_019709AD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A49D0 mov eax, dword ptr fs:[00000030h]	0_2_019A49D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A069C0 mov eax, dword ptr fs:[00000030h]	0_2_01A069C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A29F9 mov eax, dword ptr fs:[00000030h]	0_2_019A29F9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A29F9 mov eax, dword ptr fs:[00000030h]	0_2_019A29F9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3A9D3 mov eax, dword ptr fs:[00000030h]	0_2_01A3A9D3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE9E0 mov eax, dword ptr fs:[00000030h]	0_2_019FE9E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A0892B mov eax, dword ptr fs:[00000030h]	0_2_01A0892B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC912 mov eax, dword ptr fs:[00000030h]	0_2_019FC912
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968918 mov eax, dword ptr fs:[00000030h]	0_2_01968918
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968918 mov eax, dword ptr fs:[00000030h]	0_2_01968918
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE908 mov eax, dword ptr fs:[00000030h]	0_2_019EE908
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE908 mov eax, dword ptr fs:[00000030h]	0_2_019EE908
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F892A mov eax, dword ptr fs:[00000030h]	0_2_019F892A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F0946 mov eax, dword ptr fs:[00000030h]	0_2_019F0946
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A14978 mov eax, dword ptr fs:[00000030h]	0_2_01A14978
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A14978 mov eax, dword ptr fs:[00000030h]	0_2_01A14978
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC97C mov eax, dword ptr fs:[00000030h]	0_2_019FC97C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B096E mov eax, dword ptr fs:[00000030h]	0_2_019B096E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B096E mov edx, dword ptr fs:[00000030h]	0_2_019B096E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B096E mov eax, dword ptr fs:[00000030h]	0_2_019B096E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01996962 mov eax, dword ptr fs:[00000030h]	0_2_01996962
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01996962 mov eax, dword ptr fs:[00000030h]	0_2_01996962
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01996962 mov eax, dword ptr fs:[00000030h]	0_2_01996962
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC89D mov eax, dword ptr fs:[00000030h]	0_2_019FC89D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970887 mov eax, dword ptr fs:[00000030h]	0_2_01970887
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3A8E4 mov eax, dword ptr fs:[00000030h]	0_2_01A3A8E4
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E8C0 mov eax, dword ptr fs:[00000030h]	0_2_0199E8C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC8F9 mov eax, dword ptr fs:[00000030h]	0_2_019AC8F9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC8F9 mov eax, dword ptr fs:[00000030h]	0_2_019AC8F9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC810 mov eax, dword ptr fs:[00000030h]	0_2_019FC810
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1483A mov eax, dword ptr fs:[00000030h]	0_2_01A1483A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1483A mov eax, dword ptr fs:[00000030h]	0_2_01A1483A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA830 mov eax, dword ptr fs:[00000030h]	0_2_019AA830
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov ecx, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974859 mov eax, dword ptr fs:[00000030h]	0_2_01974859
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974859 mov eax, dword ptr fs:[00000030h]	0_2_01974859
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A0854 mov eax, dword ptr fs:[00000030h]	0_2_019A0854
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06870 mov eax, dword ptr fs:[00000030h]	0_2_01A06870
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06870 mov eax, dword ptr fs:[00000030h]	0_2_01A06870
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01982840 mov ecx, dword ptr fs:[00000030h]	0_2_01982840
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE872 mov eax, dword ptr fs:[00000030h]	0_2_019FE872
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE872 mov eax, dword ptr fs:[00000030h]	0_2_019FE872
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24BB0 mov eax, dword ptr fs:[00000030h]	0_2_01A24BB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24BB0 mov eax, dword ptr fs:[00000030h]	0_2_01A24BB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980BBE mov eax, dword ptr fs:[00000030h]	0_2_01980BBE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980BBE mov eax, dword ptr fs:[00000030h]	0_2_01980BBE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01990BCB mov eax, dword ptr fs:[00000030h]	0_2_01990BCB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01990BCB mov eax, dword ptr fs:[00000030h]	0_2_01990BCB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01990BCB mov eax, dword ptr fs:[00000030h]	0_2_01990BCB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970BCD mov eax, dword ptr fs:[00000030h]	0_2_01970BCD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970BCD mov eax, dword ptr fs:[00000030h]	0_2_01970BCD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970BCD mov eax, dword ptr fs:[00000030h]	0_2_01970BCD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199EBFC mov eax, dword ptr fs:[00000030h]	0_2_0199EBFC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978BF0 mov eax, dword ptr fs:[00000030h]	0_2_01978BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978BF0 mov eax, dword ptr fs:[00000030h]	0_2_01978BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978BF0 mov eax, dword ptr fs:[00000030h]	0_2_01978BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FCBF0 mov eax, dword ptr fs:[00000030h]	0_2_019FCBF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1EBD0 mov eax, dword ptr fs:[00000030h]	0_2_01A1EBD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A38B28 mov eax, dword ptr fs:[00000030h]	0_2_01A38B28
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A38B28 mov eax, dword ptr fs:[00000030h]	0_2_01A38B28
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199EB20 mov eax, dword ptr fs:[00000030h]	0_2_0199EB20
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199EB20 mov eax, dword ptr fs:[00000030h]	0_2_0199EB20
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06B40 mov eax, dword ptr fs:[00000030h]	0_2_01A06B40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06B40 mov eax, dword ptr fs:[00000030h]	0_2_01A06B40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3AB40 mov eax, dword ptr fs:[00000030h]	0_2_01A3AB40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A18B42 mov eax, dword ptr fs:[00000030h]	0_2_01A18B42
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196CB7E mov eax, dword ptr fs:[00000030h]	0_2_0196CB7E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24B4B mov eax, dword ptr fs:[00000030h]	0_2_01A24B4B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24B4B mov eax, dword ptr fs:[00000030h]	0_2_01A24B4B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1EB50 mov eax, dword ptr fs:[00000030h]	0_2_01A1EB50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8A90 mov edx, dword ptr fs:[00000030h]	0_2_019A8A90
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44A80 mov eax, dword ptr fs:[00000030h]	0_2_01A44A80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978AA0 mov eax, dword ptr fs:[00000030h]	0_2_01978AA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978AA0 mov eax, dword ptr fs:[00000030h]	0_2_01978AA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C6AA4 mov eax, dword ptr fs:[00000030h]	0_2_019C6AA4
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970AD0 mov eax, dword ptr fs:[00000030h]	0_2_01970AD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A4AD0 mov eax, dword ptr fs:[00000030h]	0_2_019A4AD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A4AD0 mov eax, dword ptr fs:[00000030h]	0_2_019A4AD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C6ACC mov eax, dword ptr fs:[00000030h]	0_2_019C6ACC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C6ACC mov eax, dword ptr fs:[00000030h]	0_2_019C6ACC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C6ACC mov eax, dword ptr fs:[00000030h]	0_2_019C6ACC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AAAEE mov eax, dword ptr fs:[00000030h]	0_2_019AAAEE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AAAEE mov eax, dword ptr fs:[00000030h]	0_2_019AAAEE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FCA11 mov eax, dword ptr fs:[00000030h]	0_2_019FCA11
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA38 mov eax, dword ptr fs:[00000030h]	0_2_019ACA38
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01994A35 mov eax, dword ptr fs:[00000030h]	0_2_01994A35
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01994A35 mov eax, dword ptr fs:[00000030h]	0_2_01994A35
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199EA2E mov eax, dword ptr fs:[00000030h]	0_2_0199EA2E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA24 mov eax, dword ptr fs:[00000030h]	0_2_019ACA24
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1EA60 mov eax, dword ptr fs:[00000030h]	0_2_01A1EA60
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980A5B mov eax, dword ptr fs:[00000030h]	0_2_01980A5B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980A5B mov eax, dword ptr fs:[00000030h]	0_2_01980A5B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ECA72 mov eax, dword ptr fs:[00000030h]	0_2_019ECA72
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ECA72 mov eax, dword ptr fs:[00000030h]	0_2_019ECA72
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA6F mov eax, dword ptr fs:[00000030h]	0_2_019ACA6F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA6F mov eax, dword ptr fs:[00000030h]	0_2_019ACA6F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA6F mov eax, dword ptr fs:[00000030h]	0_2_019ACA6F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44DAD mov eax, dword ptr fs:[00000030h]	0_2_01A44DAD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A38DAE mov eax, dword ptr fs:[00000030h]	0_2_01A38DAE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A38DAE mov eax, dword ptr fs:[00000030h]	0_2_01A38DAE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01998DBF mov eax, dword ptr fs:[00000030h]	0_2_01998DBF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01998DBF mov eax, dword ptr fs:[00000030h]	0_2_01998DBF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACDB1 mov ecx, dword ptr fs:[00000030h]	0_2_019ACDB1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACDB1 mov eax, dword ptr fs:[00000030h]	0_2_019ACDB1

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Stealing of Sensitive Information

Source: Yara match	File source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Remote Access Functionality