021553bbc2ff7f71725121dbf221d21b734c642d0528dda4a30daa8b5725dbba

Resubmissions

16/02/2023, 00:06

230216-ad5wcsee2x 7

16/02/2023, 00:01

230216-aa4twsed9y 7

Analysis

max time kernel
137s
max time network
153s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
16/02/2023, 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mt5setup.exe
Size

3.2MB
MD5

d6bc6802b8685482a3e98e07073b4990
SHA1

bddccd8c24537f45679497f947688fbb1c3d1bec
SHA256

021553bbc2ff7f71725121dbf221d21b734c642d0528dda4a30daa8b5725dbba
SHA512

29594947769496634d1f0308c695718dbb6f5bab03ecbcac0ef25a5dfc51cd17e04aba7708af77b24c73b0ae31e5e2197f7a6e393295210d089e4ecef6a0b0d4
SSDEEP

49152:3Q4kgYgh0Zjq+v0/cTyD7CuDHwb0X3nOpCO4:LkgWq1HQS+kO4

Score

7^/10

bootkit discovery evasion persistence trojan

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 3 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	mt5setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	terminal64.exe

Executes dropped EXE 2 IoCs

pid	Process
524	terminal64.exe
1660	terminal64.exe

Loads dropped DLL 20 IoCs

pid	Process
1948	mt5setup.exe
1948	mt5setup.exe
1948	mt5setup.exe
1948	mt5setup.exe
1264	Process not Found
1264	Process not Found
1264	Process not Found
1264	Process not Found
1264	Process not Found
1948	mt5setup.exe
1264	Process not Found
1264	Process not Found
1264	Process not Found
1264	Process not Found
1264	Process not Found
1264	Process not Found
1660	terminal64.exe
1660	terminal64.exe
1660	terminal64.exe
1660	terminal64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	terminal64.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	terminal64.exe

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	terminal64.exe
File opened for modification	\??\PHYSICALDRIVE0	mt5setup.exe
File opened for modification	\??\PHYSICALDRIVE0	terminal64.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
524	terminal64.exe
524	terminal64.exe
1660	terminal64.exe
1660	terminal64.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\5.freelance.portuguese.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\7.risk-warning.english.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\PositionInfo\PositionInfoSample.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Controls\res\DropOn.bmp	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Indicators\Series.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\1.welcome.german.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\3.market.thai.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\6.virtualhosting.portuguese.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Experts\Advisors\ExpertMACD.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\VROC.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Profiles\Charts\Euro\chart03.chr	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Canvas\DX\Shaders\DefaultShaderPixel.hlsl	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Math\Stat\Gamma.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\WinAPI\winapi.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Expert\Signal\SignalDeMarker.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Expert\Trailing\TrailingFixedPips.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Generic\Interfaces\IMap.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\MovingAverages.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\5.freelance.japanese.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Sounds\request.wav	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Profiles\Charts\British Pound\order.wnd	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Experts\Examples\Math 3D\Sets\Skin.set	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\ADXW.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\Stochastic.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\OpenCL\Seascape\Seascape.mqproj	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\7.risk-warning.russian.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Experts\Examples\Math 3D\Sets\Chomolungma.set	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Controls\Defines.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Expert\Signal\SignalAMA.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Generic\Interfaces\ISet.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\TRIX.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\Canvas\CanvasSample.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\2.signals.italian.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\3.market.tajik.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Profiles\Charts\Market Overview\chart01.chr	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Controls\res\RightTransp.bmp	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Canvas\Charts\PieChart.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Expert\Money\MoneyFixedMargin.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Math\Stat\Beta.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\Panels\ChartPanel\ChartPanel.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\7.risk-warning.spanish.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Profiles\Charts\Euro\order.wnd	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Sounds\disconnect.wav	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Experts\Examples\Math 3D\Sets\DoubleScrew.set	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Expert\Signal\SignalMACD.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\checkwritepermissions.test	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Controls\res\Restore.bmp	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Controls\WndClient.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Expert\Money\MoneySizeOptimized.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\5.freelance.uzbek.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Controls\Scrolls.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\UnitTests\Generic\TestLinkedList.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\1.welcome.uzbek.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Experts\Examples\Math 3D Morpher\Functions.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Math\Stat\Poisson.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\PositionInfo\PositionInfoSampleInit.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\ZigZag.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Expert\Signal\SignalFrAMA.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Math\Stat\NoncentralBeta.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\ColorCandlesDaily.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\Price_Channel.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Math\Fuzzy\mamdanifuzzysystem.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Profiles\Charts\Default\chart01.chr	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Sounds\timeout.wav	mt5setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\	terminal64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	mt5setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	mt5setup.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	terminal64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	mt5setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	mt5setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	mt5setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	terminal64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	terminal64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	terminal64.exe

Modifies Internet Explorer settings 1 TTPs 23 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DE3D7F51-AD95-11ED-AEF5-42FEA5F7B9B2} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Modifies registry class 53 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MetaTrader 5 Export File\shell\open	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\shell\open	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\ShellNew	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MetaTrader 5 Export File\ = "MetaTrader 5 Export"	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MetaTrader 5 Export File\DefaultIcon\ = "C:\\Program Files\\MetaTrader 5\\terminal64.exe,15"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\shell	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header\shell\open	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MetaTrader 5 Export File\shell\open\command	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\DefaultIcon	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mq5\ = "MQL5.File"	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header\ = "MQL5 Header File"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header\DefaultIcon	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mt5	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\DefaultIcon\ = "C:\\Program Files\\MetaTrader 5\\terminal64.exe,1"	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mt5\ = "MetaTrader 5 Export File"	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\shell\open\command\ = "C:\\Program Files\\MetaTrader 5\\terminal64.exe /ex5:\"%1\""	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\shell\open\command	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\ = "MQL5 Source File"	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\ShellNew\NullFile	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mq5	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mq5\ShellNew\NullFile	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MetaTrader 5 Export File\DefaultIcon	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MetaTrader 5 Export File\shell\open\command\ = "C:\\Program Files\\MetaTrader 5\\terminal64.exe /import:\"%1\""	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\shell\open	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header\shell	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ex5\ = "EX5.File"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ex5	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\ = "URL:MQL5 Buy Protocol"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MetaTrader 5 Export File\shell	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header\shell\open\command\ = "C:\\Program Files\\MetaTrader 5\\metaeditor64.exe \"%1\""	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\shell\open\command\ = "C:\\Program Files\\MetaTrader 5\\metaeditor64.exe \"%1\""	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header\DefaultIcon\ = "C:\\Program Files\\MetaTrader 5\\metaeditor64.exe,2"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mqh	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\shell\open	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\shell\open\command	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\shell	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mqh\ = "MQL5.Header"	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\ = "MQL5 Program"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\shell	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\shell\open\command\ = "C:\\Program Files\\MetaTrader 5\\terminal64.exe \"%1\""	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\DefaultIcon	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mq5\ShellNew	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MetaTrader 5 Export File	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\URL Protocol	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\DefaultIcon\ = "C:\\Program Files\\MetaTrader 5\\terminal64.exe,2"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\DefaultIcon	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header\shell\open\command	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\shell\open\command	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\DefaultIcon\ = "C:\\Program Files\\MetaTrader 5\\metaeditor64.exe,1"	terminal64.exe

Modifies system certificate store 2 TTPs 15 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob = 0f000000010000001400000085fef11b4f47fe3952f98301c9f98976fefee0ce09000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107300130123010060a2b0601040182373c0101030200c01400000001000000140000007b5b45cfafcecb7afd31921a6ab6f346eb5748501d00000001000000100000005b3b67000eeb80022e42605b6b3b72400b000000010000000e000000740068006100770074006500000003000000010000001400000091c6d6ee3e8ac86384e548c299295c756c817b812000000001000000240400003082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d010105050003820101007911c04bb391b6fcf0e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68	mt5setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob = 190000000100000010000000dc73f9b71e16d51d26527d32b11a6a3d03000000010000001400000091c6d6ee3e8ac86384e548c299295c756c817b810b000000010000000e00000074006800610077007400650000001d00000001000000100000005b3b67000eeb80022e42605b6b3b72401400000001000000140000007b5b45cfafcecb7afd31921a6ab6f346eb57485053000000010000002500000030233021060b6086480186f8450107300130123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f000000010000001400000085fef11b4f47fe3952f98301c9f98976fefee0ce2000000001000000240400003082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d010105050003820101007911c04bb391b6fcf0e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	mt5setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\SystemCertificates\CA\Certificates\CA7788C32DA1E4B7863A4FB57D00B55DDACBC7F9	mt5setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\SystemCertificates\CA\Certificates\CA7788C32DA1E4B7863A4FB57D00B55DDACBC7F9\Blob = 030000000100000014000000ca7788c32da1e4b7863a4fb57d00b55ddacbc7f91400000001000000140000003ae10986d4cf19c29676744976dce035c663639a04000000010000001000000042f8529fe545103fdd848980a8647f290f0000000100000030000000ed080184c5a30d366162d70be6fbb98ed70ace8650c3b7bccc7687cddaffb50f7d12eea1a961cc6f7fd0da9b3422f9fa19000000010000001000000076935b5c5a037216daaf8aac76df42c11800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000d7030000308203d3308202bba003020102021056671d04ea4f994c6f10814759d27594300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f726974793076301006072a8648ce3d020106052b81040022036200041aac545aa9f96823e77ad5246f53c65ad84babc6d5b6d1e67371aedd9cd60c61fddba08903b80514ec57ceee5d3fe221b3cef7d48a79e0a3837e2d97d061c4f199dc259163ab7f30a3b470e2c7a1339cf3bf2e5c53b15fb37d327f8a34e37979a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604143ae10986d4cf19c29676744976dce035c663639a300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c0500038201010019eceb9d892c200b04801d18de429972991632bd0e9c755b2c15e229406deeff72dbdbab901f8c95f28a3d087242895007e239156c0187d9161af5c0752bc5e6561107dfd898bc7c9f1939df8bca006473bc46109b93238dbe16c32e08829c863374763b284c8d034285b3e2b22342d51f7a756a1ad17caa6721c4333a396d53c9a2ed6222a8bbe2556c996c436b9197d10c0b93021dd2bc697749e61b4df7bf147803b0a6ba0bb4e1857f2fdc423bad740148ded66ce11998095e0ab36747fe1ce0d5c128ef4a8b44312604378d8974362eefa5220f83744992c7f710c20c29fbb7bdba7fe35fd59ff2a9f474d5b8e1b3b081e4e1a563a3ccea0478906ebff7	mt5setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	mt5setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81	mt5setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	mt5setup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
524	terminal64.exe
1660	terminal64.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1748	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
524	terminal64.exe
1748	iexplore.exe
1748	iexplore.exe
1660	terminal64.exe
1720	IEXPLORE.EXE
1720	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 524	1948	mt5setup.exe	30
PID 1948 wrote to memory of 524	1948	mt5setup.exe	30
PID 1948 wrote to memory of 524	1948	mt5setup.exe	30
PID 1948 wrote to memory of 1748	1948	mt5setup.exe	33
PID 1948 wrote to memory of 1748	1948	mt5setup.exe	33
PID 1948 wrote to memory of 1748	1948	mt5setup.exe	33
PID 1948 wrote to memory of 1728	1948	mt5setup.exe	34
PID 1948 wrote to memory of 1728	1948	mt5setup.exe	34
PID 1948 wrote to memory of 1728	1948	mt5setup.exe	34
PID 272 wrote to memory of 1660	272	explorer.exe	37
PID 272 wrote to memory of 1660	272	explorer.exe	37
PID 272 wrote to memory of 1660	272	explorer.exe	37
PID 1748 wrote to memory of 1720	1748	iexplore.exe	38
PID 1748 wrote to memory of 1720	1748	iexplore.exe	38
PID 1748 wrote to memory of 1720	1748	iexplore.exe	38
PID 1748 wrote to memory of 1720	1748	iexplore.exe	38

C:\Users\Admin\AppData\Local\Temp\mt5setup.exe
"C:\Users\Admin\AppData\Local\Temp\mt5setup.exe"
1⤵
- Checks BIOS information in registry
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files\MetaTrader 5\terminal64.exe
  "C:\Program Files\MetaTrader 5\terminal64.exe" /install
  2⤵
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:524
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://www.mql5.com/?utm_campaign=mql5.welcome.open&utm_medium=special&utm_source=web.installer&&utm_codepage=1033&utm_uniq=5216454140225968409&utm_link=BA3ED0977B4424C50E3C1B4F78599484
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1748
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1720
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" "C:\Program Files\MetaTrader 5\terminal64.exe"
  2⤵
  PID:1728

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:272
- C:\Program Files\MetaTrader 5\terminal64.exe
  "C:\Program Files\MetaTrader 5\terminal64.exe"
  2⤵
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1660
- - C:\Program Files\MetaTrader 5\metaeditor64.exe
    "C:\Program Files\MetaTrader 5\metaeditor64.exe" /portable /compile:"C:\Program Files\MetaTrader 5\MQL5" /inc:"C:\Program Files\MetaTrader 5\MQL5" /time:0 /flg:0 /stop:se240_7215030
    3⤵
    PID:524

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\MetaTrader 5\Bases\Default\mail\1.welcome.english.welcome

Filesize
10KB

MD5
0e91b8022d0831e85836f7e0a037ffd8

SHA1
684fe5d6dccabd0845929137aab92d8d4dbc9bd1

SHA256
f37218b1a6c40fdbbf5dae0d3fac2aa8476ef693550c1f977880cdc5e7e99e2b

SHA512
355e87ff9fdfd3b71bf37e2722a1421fd8352d8726856a2d5579c4c77aff95111bb7cd34a40dd43f007440bd834c53fdcdabcafea0f771458f764497d232288b

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\2.signals.english.welcome

Filesize
8KB

MD5
34fa0ab9072cf6ab1fafe19899a5b537

SHA1
4367430bac684dfe5bf542ca0d5a403dba759eec

SHA256
606facecb2d62b921e69e3ca0e6f078b086162bbe5f2f84062aff44de22f1c9c

SHA512
2c6dd2b9460f4abc405f4476d5bed8e67cf8d59d21075deaceac5df4c61fffeb7f90dcaf350ef054fcc75c28dc130f1189ff43c065d3fa66b640fc6332e324ee

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\3.market.english.welcome

Filesize
8KB

MD5
e127a5f0fc6f6075239024a2331bdb9c

SHA1
ca5da0d65e15aa080bf97870b3e0ef3b8b16eb37

SHA256
d4f18c75a42bb37af1c048a6917ed2d407bf30f5693c5ddff76193b8256a846b

SHA512
802b33f8663dfaa8bddec7c4c2be0ca75bc309e2bef5f2984af8885ecd20392d52fcf4add32ddc9c97614fa63b2cc5d2f08f23969f9e2abbd52ae995952c10b4

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\4.mobile.english.welcome

Filesize
8KB

MD5
ac4df097a953b04a6070fcf5e373dd46

SHA1
f8f868e6b765350a4faea6991e046a10fb0ccfe2

SHA256
a78107df49d95e8727fc8482711d217cd4930533571c2f9777b866c60f631ea4

SHA512
8174b483c61690eb0ae623bdfb94f1431c693675effc662ca83e1f047d03fa3b6738175793b1981011d30d47770a17e6d401a1d6a591d51eddcc93c3e9acd2d9

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\5.freelance.english.welcome

Filesize
8KB

MD5
7f3cd66e5646b6ca3a953291d95e2829

SHA1
b5dc498474b0fb06568b0bba7b73012a40368056

SHA256
ecba047f70b7e741e1b6e8d95894953f1f9676f3eef45c76b0db2850d4dae19d

SHA512
15b9b2686ae5d33027cf4e0fd54514a2e146248b7c2b7f956bba328b7f91c13c1131087be370b5e6ed5a4736283bbb0217f7176d2b830e0bd8a4996390e40233

Download Submit
C:\Program Files\MetaTrader 5\config\server.ini

Filesize
791B

MD5
bdb30d4668895f113fa728b3358c4830

SHA1
19292e30d8cfbe259a577017d8fb5c234de410cc

SHA256
4b84773803cfb70083145b5e777209dfd81f87c55bd42e101ad8a2ee5217e537

SHA512
44fac87c1e4478c452728890df6461a234f0af3eb81f1aa40c91dfc66ca1eac197ee703c0f2e8af4f9610b5212a73c7eec444b764b02e09467ab70fbfb9d321e

Download Submit
C:\Program Files\MetaTrader 5\config\settings.ini

Filesize
5KB

MD5
f91b4f3fde9a4508e7c216e3e53af195

SHA1
8624a7e67a1b62b3ade80663811eb409d1943b03

SHA256
c365582deba419f05bdbd517dca9c0cc3f52f6fe87d9779e5aa50d59b9d989d7

SHA512
e99db67d80ce9efcff8ec957e6979058c1fb417dddb0927c8804bce880080d93d1ca950ed729c2a0d599fe60c81eaf6260f0c174a8c27bbe93696c456db6ddd2

Download Submit
C:\Program Files\MetaTrader 5\config\terminal.lic

Filesize
37KB

MD5
899c6181cbe75717e92b8952bca19c9b

SHA1
03b6fc42d0a88ac17a30179a565fabc49422804e

SHA256
c90daf5513ff2ebc90674fab6826c53cc48b277326d34c5e3a6244e61eb565ed

SHA512
a560dcfd4259cf6650524f8675ca54718b2179d2ada770a9e083ee5a5eb5c37af039707bdfcde3d7ffa0044bafd7c8684b3919bc93252846f09a9a01fe682bf1

Download Submit
C:\Program Files\MetaTrader 5\logs\20230216.log

Filesize
432B

MD5
f92dd8fc72d1f042c0390ce75cf7eb5b

SHA1
ea614a23db2816984012a2610e57fd097d2139a1

SHA256
876c875a9b345feebe6312816e15d7bd60f270cc868a9665a9463a116572527c

SHA512
186c95decbec94300b51f2511312916c3479956974666121594b4ca1100a599fd23130488e6fdf8f5e27ef6d412ad2f48eb4ea4d4ddb072c0dc4fefd99958a6b

Download Submit
C:\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
30.1MB

MD5
fbd56993b4a3133101af7fdfc7b0df53

SHA1
98ff6e5c723148d97cee15c621c509a2f6cc78ec

SHA256
27b487b76e1c41b6dbafe0dd0a6fcc02a0cf61e127a229f493a4ec8a6848d75f

SHA512
a8e6bc11cea05750ec8a305ab926fbd1e248d2deb12381271fcfeea90d676b8c0354179a6b1b76c13b963884eb15e74d698bf9fe5a6bbffb78c16214df5d130e

Download Submit
C:\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
21.3MB

MD5
b16660218dfe9c76901b6e44b7bde91d

SHA1
c4f82998ef0796105ad8c9fc30375d70635e3369

SHA256
99187ab1ee2991ee6902faa478504648c5e90ad898a5c6d5dc9d355b6633b5f6

SHA512
103a95d587bc939c5200da76658dd5324db909aa7fa52a727b7c5d6e675bf7a44aac3e0400b9e4c37720e8a1fc979188f1e27aeca93980a37f579c8eb7281978

Download Submit
C:\Program Files\MetaTrader 5\metatester64.exe

Filesize
17.7MB

MD5
a942ea486f0785745ac1c72596571599

SHA1
dd44f520f271bbc7705b7957eb8de6c551557bba

SHA256
223ff068d66fccc4a4705e5250daf58e3dde53b88a8d8e77a6c090cff62d077f

SHA512
8e680d7ed51ed6f88189b49f06f54c247a71439fe86b2b8bfdfa7ab7abb6c94ac05732cff47ba9997016b7dba8d3a3ebb6562aa81f073435fa37d6c0f0218061

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\chart01.chr

Filesize
4KB

MD5
b2cfa6007c87e8d2a840ca0f0e77ac33

SHA1
48e343fa5924c1561390ba8f79ac46371f53c3f5

SHA256
074c0cdb0d67bb4f343ba87e605124cc097016f77afc3e208f5765bcb8788906

SHA512
7d6536d329e91ca58347885a5244d408deb2ce604cbc09a9c691ab35f02cbc49923e7cd1a5122bbe78d5bd8d8261428a9eee5ad1e3743f1ad8a9e3bcb7ec2b30

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\chart02.chr

Filesize
4KB

MD5
31c047d58884c871c2e1252fa927532d

SHA1
8dcd59b06b0488f9d4e7d056e82180b619f75f8d

SHA256
62f347bfa85e9d8974a5bf0c8feb81f7cf8a5757be3fef5190c4ced757256aff

SHA512
e281466a544b4c6415f501249d18142cd35936339f475bd64b10275d94824c8fa6f7def82487ca0f2d570b4efc9d01bf3b1e6fa963419df65fc3bced29de7ae4

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\chart03.chr

Filesize
4KB

MD5
112922787ad3fa848865605831b81884

SHA1
e445f0bdbb629ebf34499a516c43562cc12c857f

SHA256
91ef37d31e90242d34c5844b42c6d50214efa91f402268be5462028f52d356b2

SHA512
e28db5da3b6c1e0a4880795a61cff8efee568e96d609e1e118d361deadc4169001767d9167abdb649a5cbaa7e7c277460e8a8df7017506dd0ec97429c58e1c44

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\chart04.chr

Filesize
4KB

MD5
11ee1f515055e93f0e810f5228050b36

SHA1
ec151685a379dfe8531a230beeeb679f2f9a9920

SHA256
c86795c22143cb9bf82790233cceba70ae966c2a9ca0f679634ac4cdb847d32c

SHA512
2a36ae76c37dda43339a43dd951d7df6580a2bf369531518cf69a48fcfce3ba59005e3d0921b4e6e65cd09ea3854ec223d66a5dffeb10761764dbcc6aa62d2a7

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\order.wnd

Filesize
106B

MD5
e6b06f612a351deaa8cda0836b25a4ce

SHA1
4739f8cecd1d075689730cfbc9140b13681832ff

SHA256
bb2aae933928e009b82803d3ce2a3aa464861cf5c51e9a9af1cb25fc5923ee11

SHA512
1f7a5c137fea0cd56b2c5676b6a038c15795f09fdff5efd50d9ed11ea102517fd4d5df5d7f1aedf2ecdd3e2a92e459b640f57eecaa5150ee759026aff273ab39

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\chart01.chr

Filesize
2KB

MD5
cbcb207b4eca61983c2bc6be8fa2cb6b

SHA1
a7c6fda5154230e176b2efd94078dc8e4b2c97f5

SHA256
ecd135cab470d4a90979027d44b73ad512039187fd19ed69ff7372a52b27b766

SHA512
00db4573d986f7ffacc792ea28d5c548a14c9eff85b33722c144b6dba1b41af50e7cbbd33b25bb8536ed40716c70421112d4a0b9c394f7759e6aaf9287d769a2

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\chart02.chr

Filesize
2KB

MD5
c6dbfbb29c324c008696d1f044042bd4

SHA1
d9e2f67944be3a6b904c6a66599eb13ba34199a0

SHA256
dae31e1135021dfb18e71fa94dd42c7c4a231a302238db84e36afeb8d1eec08b

SHA512
449cc241f5f480b38e89a6e84b9611f338d279952195a3a7805ed0eb30e922eabdfa1ea7b4466680e88f173a808d45b50d1e99e076267cde1a0471533ab5c0fd

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\chart03.chr

Filesize
3KB

MD5
c83dff4b48cd69721ae542f1deb6bef3

SHA1
edc884426ebdc9f7cab0d046b0547b80ebfbba63

SHA256
7b341556d2e6d41c34583479d01bc6142c97b740fd205409f88c9a7eeca12e4f

SHA512
448df704047cb145d3b91e8cb5a2cc4f6f65f26cd943ee23c28e489435b781f6c1c37ebbe53f75a97129a808cd1ed0332e788e38d646852b2c682006ac589d7c

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\chart04.chr

Filesize
2KB

MD5
10b587d941321e1ca2b37027d96adbdd

SHA1
284e2b33c5d953d9449ad380969e09d7a42ec08b

SHA256
5b99490c026f03727d529803079d5457bfbf02573f880e334fb8191e45c7a8b0

SHA512
f774d21cde508076a53d28b3357ff9ae622b3171b08b85e918a83c87e29b18d3b2f4ff6f092bbc351f9132d0fa4d3ccff2ed2a61b6ff0640c7a80d94d82433e4

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\order.wnd

Filesize
106B

MD5
71cf7ef63820a018a5fe3eeb974a64b4

SHA1
7bb5057c3d259da7f59d3cce99ac5bd44fde097d

SHA256
51b82b4d0db003a43f32b8719e50a0412b55efe52887b7df76d7a27a0703244d

SHA512
0452e3659fd9f1cc557ed9c4633c7cace04ea3dbeac098def8a97db38a91a1e858327fd009245e10e8ed25baa65885c03636f29a085a605c2d44da1fc201a507

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\chart01.chr

Filesize
4KB

MD5
6336e04febd73bd5260a2d974817a9cd

SHA1
774e1beed401346784f4a63e8d30adffc697bf77

SHA256
5b67146285c97192c6ce453a84e0cafadc3d2a8bd1c0fd5e7800db24aa2a0185

SHA512
34b7bce124e872d20b529e3675e0a32fdf0528d28be1d1a78c0c1bb724166f640ade32e713f8c3d138409baa505a7b41cfc4a2c3152a9cd39d8f62f122e5f12b

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\chart02.chr

Filesize
4KB

MD5
e4ee631b69c84953eb70b5be19e80178

SHA1
ffad8ebe062e6e484365d7f9761642303217175b

SHA256
4811b15a515522d3fece37b4a9089112011bd62d62652b295e14bb74aa63fa6e

SHA512
e98cfe41b726000a8c629ce418dc0944cb53c738af67b1d60a2abcff6b3f629c46b755b364320a03ddfd8ffa11049124b12cf4c657373abc891182a24909726d

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\chart03.chr

Filesize
4KB

MD5
1d317dea4589acf40cc4396102c0c963

SHA1
1972cd214e9e9940b84dfd97bc6ebc2b908589f8

SHA256
3fd62a7084445a99b60b8dceb28c85d4533fadcc5bc90934dcdd6e8e7025f866

SHA512
5447b13a0e1fbbee4f080d0fe2512759f21fe5261e3c11099bcd4db42db69a891d526e363fe2e749bbf858a167d95471c842a050ed1fca3ae92593d93c583e31

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\chart04.chr

Filesize
4KB

MD5
dda95b8c2f418bffd481d4ba463526a8

SHA1
c4b72025363e869e181d74d212dd54b2b751502c

SHA256
4c41121051b008ccc758ec19c0250db78cb98c563283d8747dea9a11956564ce

SHA512
bba961dc748661843d0e0ae4a329b7c5fc041ceac58ca97e98bf173234dc0ddf86370f477aed68f81951b414caabcbcd7187db21873fca638f39b5d6708092c2

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\order.wnd

Filesize
106B

MD5
e6b06f612a351deaa8cda0836b25a4ce

SHA1
4739f8cecd1d075689730cfbc9140b13681832ff

SHA256
bb2aae933928e009b82803d3ce2a3aa464861cf5c51e9a9af1cb25fc5923ee11

SHA512
1f7a5c137fea0cd56b2c5676b6a038c15795f09fdff5efd50d9ed11ea102517fd4d5df5d7f1aedf2ecdd3e2a92e459b640f57eecaa5150ee759026aff273ab39

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\chart01.chr

Filesize
5KB

MD5
0415270ec850a613df4e9c96e0f3d0c2

SHA1
5a22493dbbf2207e0fac23217f1b87574a5624d2

SHA256
7b0d5a4ae505f98dcd667da733541501c4bf49b8139076156868c8f37573a071

SHA512
dcf5026493e54aae6b4ca5823ef52793fb590ed03b26a584534d26dc0c82fe008cda43ce78c4f30f06469e8caf89093cce70f7d7e022a9b842cb97071b1195f8

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\chart02.chr

Filesize
3KB

MD5
a10290e8f40a09abd794779fdfe3b53a

SHA1
6755e2f6ccba07b57cd0421c93f8cd59d80f993a

SHA256
193cc0eb1a419a84422d7e55a51dd81e38cc691cf3b89020868f6ee4ac8156b3

SHA512
e42ee9a631439a0c13f54ee530cc55485a892cdb9e23e91bb95b1c5c63389d534916210e612f887c8f2040bf06d17f881f6de35fde55d82ce297cbf2087fd37b

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\chart03.chr

Filesize
2KB

MD5
0059904b9856356a2a9cf9fc7b29e473

SHA1
2d2957fcb64c1853b4291986c181ee729db464e7

SHA256
06c5bb507d83bfb9e853e8e660daa09192428cb59007ac23a9bafc97f329967e

SHA512
11f8e14e5f6c398259aff9b9484ab7893502a1d2bfed035bf081c614aae6a54a73f36a4eda25e00049bc42f438a407218a2fd6c12a3e4b06871c02c3df4933d0

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\chart04.chr

Filesize
3KB

MD5
811c149ea405e13325467dceafae0c74

SHA1
8810462e3e23d9c9aabc241092ea59d835ae9198

SHA256
fe5a8378274ae12a008942ae8d568b88ebc42354214c5c2082be2f85a7232c68

SHA512
d10cac190c92690e0cf919f1c08932d5950ca706ccb443af4bb82e1a5fef46175a2b4f99d7ddcc19e5422a45c52946c6dc35227037f2553a392075020712f42b

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\order.wnd

Filesize
106B

MD5
06ff51fc2a91c09cf9bb43e654a17ad8

SHA1
cc27a22873d1f2a53521ba0644b8ff9b0bd37ab7

SHA256
92d54f3324fa315c03360a09ad4021b5f54da068397caf3966d4d73066d7839a

SHA512
c88c0305dc577a2b74828f0048812cff7ef269f4efd2f0290afe27168e7d3eebee02ce59de9fd89eb3af85579f1c64ead61f11489995987a2d4fdd1a981e83bf

Download Submit
C:\Program Files\MetaTrader 5\profiles\SymbolSets\forex.all.set

Filesize
288B

MD5
207307971b3cdd0a2cdd503759f7b527

SHA1
4984f6c2476e0018447804ee99b5781b0416d511

SHA256
960e8672ba9df5a8d5325bdee8976703c3fc263ab7881c6772efc3433055a28a

SHA512
5285844469287df619032dfbf46861448c277bfca06b3a363c11f9ade787afb7efc7dfa7b4503b719161f3d8bbbd557e6777c0b4faf20ffd7de088656ffe4709

Download Submit
C:\Program Files\MetaTrader 5\profiles\SymbolSets\forex.crosses.set

Filesize
218B

MD5
a8c0ac3e5be4a1011a09f316c1bfabd3

SHA1
a0a52c5c9780405917c5a402cc928cc10cfc4b48

SHA256
c95a2b57f4de8504d8cafd99de6049d49df31e0a86466c0fae55008bec9e1736

SHA512
124f8bef314415e390a5906f9b98bc3c9619df6302e9a15881d82928d8a9fd00606e895ff1a3909e3a51354c2aa915b2aca91081d5de5320748c1754bb4aa112

Download Submit
C:\Program Files\MetaTrader 5\profiles\SymbolSets\forex.major.set

Filesize
64B

MD5
82aef6cfea3aeea241c6240f2ac9a779

SHA1
9e2a01aeed78c853915bd1d3a0df8a6188bd079e

SHA256
c5b114b137a44c5c93ad16c4befe696280ca069b4f4dd6ac7db2b66825ea4804

SHA512
ed3f38f5152e7f2fb71e479cd07e9a6f1cce0c62ec02ce05cd9bbc2bd67c4a22273d986f846e307261ccf7582ca60de5e65bb84efb24ea5a11ee27b22d6b0278

Download Submit
C:\Program Files\MetaTrader 5\profiles\Templates\ADX.tpl

Filesize
3KB

MD5
04fc692a8433953d5da484a7fce1293a

SHA1
664e5683afb88ff8227e1d01207f7ea84195cc64

SHA256
2e024d06758c05d7a2900f450e0456a696b4ec62c3684ed9b5983e6866516070

SHA512
b6ea72ca5ecd338a77db07a2312ec7725ed06c1be6f098f17edca5751053e27db9b24e58eb2e87767acbbcfdaf6256f9cf3a75c7f71374e07c59161ec9c831fa

Download Submit
C:\Program Files\MetaTrader 5\profiles\Templates\BollingerBands.tpl

Filesize
4KB

MD5
1f89f726613edeebe6201e1395e990ac

SHA1
f1d178204fa3ceea0f7efaf62ac54a46a38f6076

SHA256
71cecd467b9e7a0fe41723e815ceb00624ba1cee4d07102a0154096a50eb369f

SHA512
a3fc403ca0728d6da7ad838f746569eb0df838943d9d95db7dc31753a9bda0d855790803201af98eabd0aaa6de4a35178b846efb2ed1a408e02e06934c6992d1

Download Submit
C:\Program Files\MetaTrader 5\profiles\Templates\Momentum.tpl

Filesize
7KB

MD5
f35cf96f510f5a2775b0867e9a689934

SHA1
8272482322dcdfdae839939b8154bb4dbc06f81d

SHA256
f0fc8b8e4cb5de6b7b93ba356c4bac4e9b0d52cf589048e30aea39b9c0ea9845

SHA512
6f9b9522bdd324e0771152a94294e447adee403567bd4da775eadae865e59be1bade60d71376308df3a7f7009c80dc2e5379190d475f27a570c0e29f26d6fe6c

Download Submit
C:\Program Files\MetaTrader 5\terminal64.exe

Filesize
67.8MB

MD5
431071b51c20d062cb3cc99269b04c02

SHA1
ea45300c250df14a098a0d14e585844040ff9af3

SHA256
44cbe030b5fd0c7a734e306f8525a150134bf5b0a52be1200779758b9a6062db

SHA512
a62b23879db984bcb8e71582b8f4ab491a238f9cd39d4dae2f44983c028982431e8cd549ab1a207d98cb8100c953c8ae8be9356894c7198833fbbc217b72f7a5

Download Submit
C:\Program Files\MetaTrader 5\terminal64.exe

Filesize
67.8MB

MD5
431071b51c20d062cb3cc99269b04c02

SHA1
ea45300c250df14a098a0d14e585844040ff9af3

SHA256
44cbe030b5fd0c7a734e306f8525a150134bf5b0a52be1200779758b9a6062db

SHA512
a62b23879db984bcb8e71582b8f4ab491a238f9cd39d4dae2f44983c028982431e8cd549ab1a207d98cb8100c953c8ae8be9356894c7198833fbbc217b72f7a5

Download Submit
C:\Program Files\MetaTrader 5\terminal64.exe

Filesize
67.8MB

MD5
431071b51c20d062cb3cc99269b04c02

SHA1
ea45300c250df14a098a0d14e585844040ff9af3

SHA256
44cbe030b5fd0c7a734e306f8525a150134bf5b0a52be1200779758b9a6062db

SHA512
a62b23879db984bcb8e71582b8f4ab491a238f9cd39d4dae2f44983c028982431e8cd549ab1a207d98cb8100c953c8ae8be9356894c7198833fbbc217b72f7a5

Download Submit
C:\Users\Admin\AppData\Roaming\MetaQuotes\Terminal\Community\dns.dat

Filesize
13KB

MD5
07a74e5f1dba203677865d2e5648a3b8

SHA1
898a1cad7ebb3ea4017f6a400649984a2587f4fa

SHA256
d693a68056423789ae1d0927f5be0ed0857cc587c9ba72e729cdaf14fa438219

SHA512
405876b1667604a7a39799e1a699708a12ae81bf8be9d80500cd93fdea8a2631fdb4ee79d6ea4c105378e4e5780dbbe7bad94aafd5c1373102bf4690f2ec6151

Download Submit
\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
48.9MB

MD5
98be9dfbaa0154092aef53195911ccb6

SHA1
a77ee839cc6c5efe81a638c8d88265e4a6b42599

SHA256
f3c0dfd75c7f7a350df2a6539b7c016e37a9daa0d917d39be7d16c2889529ff6

SHA512
08836fba4e904d8ab4c078960847965cf24ea78e794fe648d81592eddc93e8673223e679711e311ccf30f3d42c2e81757eeaf3cb03a52081af2288ad73afae8e

Download Submit
\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
48.9MB

MD5
98be9dfbaa0154092aef53195911ccb6

SHA1
a77ee839cc6c5efe81a638c8d88265e4a6b42599

SHA256
f3c0dfd75c7f7a350df2a6539b7c016e37a9daa0d917d39be7d16c2889529ff6

SHA512
08836fba4e904d8ab4c078960847965cf24ea78e794fe648d81592eddc93e8673223e679711e311ccf30f3d42c2e81757eeaf3cb03a52081af2288ad73afae8e

Download Submit
\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
48.9MB

MD5
98be9dfbaa0154092aef53195911ccb6

SHA1
a77ee839cc6c5efe81a638c8d88265e4a6b42599

SHA256
f3c0dfd75c7f7a350df2a6539b7c016e37a9daa0d917d39be7d16c2889529ff6

SHA512
08836fba4e904d8ab4c078960847965cf24ea78e794fe648d81592eddc93e8673223e679711e311ccf30f3d42c2e81757eeaf3cb03a52081af2288ad73afae8e

Download Submit
\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
48.9MB

MD5
98be9dfbaa0154092aef53195911ccb6

SHA1
a77ee839cc6c5efe81a638c8d88265e4a6b42599

SHA256
f3c0dfd75c7f7a350df2a6539b7c016e37a9daa0d917d39be7d16c2889529ff6

SHA512
08836fba4e904d8ab4c078960847965cf24ea78e794fe648d81592eddc93e8673223e679711e311ccf30f3d42c2e81757eeaf3cb03a52081af2288ad73afae8e

Download Submit
\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
48.9MB

MD5
98be9dfbaa0154092aef53195911ccb6

SHA1
a77ee839cc6c5efe81a638c8d88265e4a6b42599

SHA256
f3c0dfd75c7f7a350df2a6539b7c016e37a9daa0d917d39be7d16c2889529ff6

SHA512
08836fba4e904d8ab4c078960847965cf24ea78e794fe648d81592eddc93e8673223e679711e311ccf30f3d42c2e81757eeaf3cb03a52081af2288ad73afae8e

Download Submit
\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
48.9MB

MD5
98be9dfbaa0154092aef53195911ccb6

SHA1
a77ee839cc6c5efe81a638c8d88265e4a6b42599

SHA256
f3c0dfd75c7f7a350df2a6539b7c016e37a9daa0d917d39be7d16c2889529ff6

SHA512
08836fba4e904d8ab4c078960847965cf24ea78e794fe648d81592eddc93e8673223e679711e311ccf30f3d42c2e81757eeaf3cb03a52081af2288ad73afae8e

Download Submit
\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
48.9MB

MD5
98be9dfbaa0154092aef53195911ccb6

SHA1
a77ee839cc6c5efe81a638c8d88265e4a6b42599

SHA256
f3c0dfd75c7f7a350df2a6539b7c016e37a9daa0d917d39be7d16c2889529ff6

SHA512
08836fba4e904d8ab4c078960847965cf24ea78e794fe648d81592eddc93e8673223e679711e311ccf30f3d42c2e81757eeaf3cb03a52081af2288ad73afae8e

Download Submit
\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
48.9MB

MD5
98be9dfbaa0154092aef53195911ccb6

SHA1
a77ee839cc6c5efe81a638c8d88265e4a6b42599

SHA256
f3c0dfd75c7f7a350df2a6539b7c016e37a9daa0d917d39be7d16c2889529ff6

SHA512
08836fba4e904d8ab4c078960847965cf24ea78e794fe648d81592eddc93e8673223e679711e311ccf30f3d42c2e81757eeaf3cb03a52081af2288ad73afae8e

Download Submit
\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
48.9MB

MD5
98be9dfbaa0154092aef53195911ccb6

SHA1
a77ee839cc6c5efe81a638c8d88265e4a6b42599

SHA256
f3c0dfd75c7f7a350df2a6539b7c016e37a9daa0d917d39be7d16c2889529ff6

SHA512
08836fba4e904d8ab4c078960847965cf24ea78e794fe648d81592eddc93e8673223e679711e311ccf30f3d42c2e81757eeaf3cb03a52081af2288ad73afae8e

Download Submit
\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
48.9MB

MD5
98be9dfbaa0154092aef53195911ccb6

SHA1
a77ee839cc6c5efe81a638c8d88265e4a6b42599

SHA256
f3c0dfd75c7f7a350df2a6539b7c016e37a9daa0d917d39be7d16c2889529ff6

SHA512
08836fba4e904d8ab4c078960847965cf24ea78e794fe648d81592eddc93e8673223e679711e311ccf30f3d42c2e81757eeaf3cb03a52081af2288ad73afae8e

Download Submit
\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
36.9MB

MD5
059788400a62fc0dabcb3697bf96aa79

SHA1
8bf195fd7ac35c70dc9f44f286b6fa37459e0a1b

SHA256
60d1e48fd84bc012e218ce9899877f2bdd9c0dee582d5171150ee4b7cacc7ee9

SHA512
5ae75da00126ef56dd35eca5392d7be984073ffecdbf4f89682d5ec40d9661b3cd817207fe324850183390e7e291e1229a0adbbb54c31d29d8cfe11f59d77e11

Download Submit
\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
37.3MB

MD5
ac43c856a815f6d126e1617480179fd9

SHA1
34aac86017b34f127a9c4c4c3b484eb9f2eaaba5

SHA256
b933d761bb7cc22f25053aac473f37e1927697853bfc216d754fe99dd0bc83a7

SHA512
e05a998842e6cdbc711d8058852f4a213b3a7a6525852c78f8666bff05ff3ec057cba5d5a04d3798e2daab6057be90b196b3a5bde3973bbf994d958d02541bfb

Download Submit
\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
22.2MB

MD5
56e02a0ba6cd4018d8593b3d7178ecbc

SHA1
45b8c5f14f277ea512df6a03a4faadb00b22d73f

SHA256
62e495f8eb627d14f528cdc0ad4eaeb0b0dbd1c89fed1542efe5e3f81900aa74

SHA512
35c34af5b4d8d995175cba35146102d04820438eb6b43498e8dd6cfc935e63fd0d85545ccaa01287cbb7f707f8f0808f50d867c53c2ddcf4b104a909d5ccc082

Download Submit
\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
23.6MB

MD5
98d3d0b6e7cb3de8ccda4bf20b9362f7

SHA1
fce579e38e6fdd95e6a3a1ccf89559009adc345a

SHA256
a8c227bbd11c9f5afef982646423f7263566b4784a2ba34f8ae6a793e80d8c21

SHA512
a2d57f73de7fa96fb04f209e3af250e7098e0750b1ba4b84ab063c6adf8eacf57ac1ee6067f2674692245826789ce4686a63d95c28bb654a7ceb585a2f5aae7e

Download Submit
\Program Files\MetaTrader 5\metatester64.exe

Filesize
17.7MB

MD5
a942ea486f0785745ac1c72596571599

SHA1
dd44f520f271bbc7705b7957eb8de6c551557bba

SHA256
223ff068d66fccc4a4705e5250daf58e3dde53b88a8d8e77a6c090cff62d077f

SHA512
8e680d7ed51ed6f88189b49f06f54c247a71439fe86b2b8bfdfa7ab7abb6c94ac05732cff47ba9997016b7dba8d3a3ebb6562aa81f073435fa37d6c0f0218061

Download Submit
\Program Files\MetaTrader 5\metatester64.exe

Filesize
17.7MB

MD5
a942ea486f0785745ac1c72596571599

SHA1
dd44f520f271bbc7705b7957eb8de6c551557bba

SHA256
223ff068d66fccc4a4705e5250daf58e3dde53b88a8d8e77a6c090cff62d077f

SHA512
8e680d7ed51ed6f88189b49f06f54c247a71439fe86b2b8bfdfa7ab7abb6c94ac05732cff47ba9997016b7dba8d3a3ebb6562aa81f073435fa37d6c0f0218061

Download Submit
\Program Files\MetaTrader 5\terminal64.exe

Filesize
67.8MB

MD5
431071b51c20d062cb3cc99269b04c02

SHA1
ea45300c250df14a098a0d14e585844040ff9af3

SHA256
44cbe030b5fd0c7a734e306f8525a150134bf5b0a52be1200779758b9a6062db

SHA512
a62b23879db984bcb8e71582b8f4ab491a238f9cd39d4dae2f44983c028982431e8cd549ab1a207d98cb8100c953c8ae8be9356894c7198833fbbc217b72f7a5

Download Submit
\Program Files\MetaTrader 5\terminal64.exe

Filesize
67.8MB

MD5
431071b51c20d062cb3cc99269b04c02

SHA1
ea45300c250df14a098a0d14e585844040ff9af3

SHA256
44cbe030b5fd0c7a734e306f8525a150134bf5b0a52be1200779758b9a6062db

SHA512
a62b23879db984bcb8e71582b8f4ab491a238f9cd39d4dae2f44983c028982431e8cd549ab1a207d98cb8100c953c8ae8be9356894c7198833fbbc217b72f7a5

Download Submit
\Program Files\MetaTrader 5\terminal64.exe

Filesize
67.8MB

MD5
431071b51c20d062cb3cc99269b04c02

SHA1
ea45300c250df14a098a0d14e585844040ff9af3

SHA256
44cbe030b5fd0c7a734e306f8525a150134bf5b0a52be1200779758b9a6062db

SHA512
a62b23879db984bcb8e71582b8f4ab491a238f9cd39d4dae2f44983c028982431e8cd549ab1a207d98cb8100c953c8ae8be9356894c7198833fbbc217b72f7a5

Download Submit
\Program Files\MetaTrader 5\terminal64.exe

Filesize
67.8MB

MD5
431071b51c20d062cb3cc99269b04c02

SHA1
ea45300c250df14a098a0d14e585844040ff9af3

SHA256
44cbe030b5fd0c7a734e306f8525a150134bf5b0a52be1200779758b9a6062db

SHA512
a62b23879db984bcb8e71582b8f4ab491a238f9cd39d4dae2f44983c028982431e8cd549ab1a207d98cb8100c953c8ae8be9356894c7198833fbbc217b72f7a5

Download Submit
\Program Files\MetaTrader 5\terminal64.exe

Filesize
67.8MB

MD5
431071b51c20d062cb3cc99269b04c02

SHA1
ea45300c250df14a098a0d14e585844040ff9af3

SHA256
44cbe030b5fd0c7a734e306f8525a150134bf5b0a52be1200779758b9a6062db

SHA512
a62b23879db984bcb8e71582b8f4ab491a238f9cd39d4dae2f44983c028982431e8cd549ab1a207d98cb8100c953c8ae8be9356894c7198833fbbc217b72f7a5

Download Submit
\Program Files\MetaTrader 5\uninstall.exe

Filesize
3.2MB

MD5
d6bc6802b8685482a3e98e07073b4990

SHA1
bddccd8c24537f45679497f947688fbb1c3d1bec

SHA256
021553bbc2ff7f71725121dbf221d21b734c642d0528dda4a30daa8b5725dbba

SHA512
29594947769496634d1f0308c695718dbb6f5bab03ecbcac0ef25a5dfc51cd17e04aba7708af77b24c73b0ae31e5e2197f7a6e393295210d089e4ecef6a0b0d4

Download Submit
memory/524-203-0x000000013F3F0000-0x0000000142537000-memory.dmp

Filesize
49.3MB

Download
memory/524-137-0x000000013F150000-0x00000001437EF000-memory.dmp

Filesize
70.6MB

Download
memory/524-148-0x000000013F150000-0x00000001437EF000-memory.dmp

Filesize
70.6MB

Download
memory/524-138-0x000000013F150000-0x00000001437EF000-memory.dmp

Filesize
70.6MB

Download
memory/1660-172-0x000000013F330000-0x00000001439CF000-memory.dmp

Filesize
70.6MB

Download
memory/1660-194-0x000000013F330000-0x00000001439CF000-memory.dmp

Filesize
70.6MB

Download
memory/1948-79-0x0000000004F30000-0x0000000004F4A000-memory.dmp

Filesize
104KB

Download
memory/1948-77-0x0000000004D70000-0x0000000004D96000-memory.dmp

Filesize
152KB

Download
memory/1948-74-0x0000000004C00000-0x0000000004C0A000-memory.dmp

Filesize
40KB

Download
memory/1948-76-0x0000000004C10000-0x0000000004C2B000-memory.dmp

Filesize
108KB

Download
memory/1948-73-0x0000000004AD0000-0x0000000004AEE000-memory.dmp

Filesize
120KB

Download
memory/1948-72-0x00000000048E0000-0x00000000048F7000-memory.dmp

Filesize
92KB

Download
memory/1948-71-0x0000000004870000-0x00000000048C5000-memory.dmp

Filesize
340KB

Download
memory/1948-70-0x0000000004730000-0x0000000004757000-memory.dmp

Filesize
156KB

Download
memory/1948-69-0x0000000004A00000-0x0000000004AE2000-memory.dmp

Filesize
904KB

Download
memory/1948-68-0x0000000004690000-0x00000000046A4000-memory.dmp

Filesize
80KB

Download
memory/1948-67-0x0000000004670000-0x0000000004684000-memory.dmp

Filesize
80KB

Download
memory/1948-66-0x0000000002630000-0x0000000002647000-memory.dmp

Filesize
92KB

Download
memory/1948-65-0x00000000045E0000-0x0000000004666000-memory.dmp

Filesize
536KB

Download
memory/1948-64-0x0000000004430000-0x00000000044C9000-memory.dmp

Filesize
612KB

Download
memory/1948-63-0x00000000028B0000-0x00000000029B9000-memory.dmp

Filesize
1.0MB

Download
memory/1948-75-0x0000000005360000-0x00000000053B7000-memory.dmp

Filesize
348KB

Download
memory/1948-78-0x00000000053C0000-0x0000000005412000-memory.dmp

Filesize
328KB

Download
memory/1948-62-0x0000000001060000-0x0000000001275000-memory.dmp

Filesize
2.1MB

Download
memory/1948-84-0x0000000006520000-0x0000000006591000-memory.dmp

Filesize
452KB

Download
memory/1948-85-0x00000000066E0000-0x0000000006744000-memory.dmp

Filesize
400KB

Download
memory/1948-61-0x0000000000F20000-0x0000000001045000-memory.dmp

Filesize
1.1MB

Download
memory/1948-86-0x00000000065C0000-0x00000000065D8000-memory.dmp

Filesize
96KB

Download
memory/1948-54-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/1948-87-0x0000000006750000-0x000000000676A000-memory.dmp

Filesize
104KB

Download
memory/1948-60-0x00000000002D0000-0x00000000002F2000-memory.dmp

Filesize
136KB

Download
memory/1948-59-0x0000000000B61000-0x0000000000B63000-memory.dmp

Filesize
8KB

Download
memory/1948-58-0x00000000007F0000-0x0000000000861000-memory.dmp

Filesize
452KB

Download
memory/1948-57-0x00000000002B0000-0x00000000002CF000-memory.dmp

Filesize
124KB

Download
memory/1948-56-0x0000000000640000-0x0000000000709000-memory.dmp

Filesize
804KB

Download
memory/1948-55-0x00000000004A0000-0x00000000005CD000-memory.dmp

Filesize
1.2MB

Download
memory/1948-106-0x0000000006830000-0x000000000684A000-memory.dmp

Filesize
104KB

Download
memory/1948-107-0x0000000007020000-0x000000000703A000-memory.dmp

Filesize
104KB

Download