hxxps://download[.]mql5[.]com/cdn/web/metaquotes[.]software[.]corp/mt5/mt5setup[.]exe?utm_source=www[.]metatrader4[.]com&utm_campaign=download

Resubmissions

03-04-2023 15:31

230403-syd79aff28 8

03-04-2023 15:28

230403-swrqkahc6t 8

Analysis

max time kernel
183s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2023 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download.mql5.com/cdn/web/metaquotes.software.corp/mt5/mt5setup.exe?utm_source=www.metatrader4.com&utm_campaign=download

Score

8^/10

bootkit discovery evasion persistence trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 3 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

mt5setup.exeterminal64.exeterminal64.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	mt5setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	terminal64.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

mt5setup.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	mt5setup.exe

Executes dropped EXE 4 IoCs

Processes:

mt5setup.exeterminal64.exeterminal64.exemetaeditor64.exe

pid process

2108 mt5setup.exe
3180 terminal64.exe
3180 terminal64.exe
4260 metaeditor64.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
2108	mt5setup.exe
3180	terminal64.exe
3180	terminal64.exe
4260	metaeditor64.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

terminal64.exeterminal64.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	terminal64.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	terminal64.exe

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

metaeditor64.exemt5setup.exeterminal64.exeterminal64.exe

description	ioc	process
File opened for modification	\??\PHYSICALDRIVE0	metaeditor64.exe
File opened for modification	\??\PHYSICALDRIVE0	mt5setup.exe
File opened for modification	\??\PHYSICALDRIVE0	terminal64.exe
File opened for modification	\??\PHYSICALDRIVE0	terminal64.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs

Processes:

terminal64.exeterminal64.exemetaeditor64.exe

pid process

3180 terminal64.exe
3180 terminal64.exe
3180 terminal64.exe
3180 terminal64.exe
4260 metaeditor64.exe
4260 metaeditor64.exe

Drops file in Program Files directory 64 IoCs

Processes:

terminal64.exemt5setup.exemetaeditor64.exeterminal64.exe

description	ioc	process
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\TRIX.mq5	terminal64.exe
File opened for modification	C:\Program Files\MetaTrader 5\bases\MetaQuotes-Demo\symbols\symbols-5011992969.dat	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\7.risk-warning.german.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\7.risk-warning.turkish.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Math\Fuzzy\ruleparser.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\DEMA.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\bases\Default\mail\mail-0.dat	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\ObjectSphere\SphereSample.ex5	metaeditor64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\2.signals.spanish.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Generic\Interfaces\IEqualityComparer.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Profiles\Charts\Euro\chart02.chr	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Arrays\ArrayInt.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Expert\Signal\SignalSAR.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\BW-ZoneTrade.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\ObjectSphere\SphereSample.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\OpenCL\Double\Kernels\fft.cl	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\5.freelance.slovenian.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Sounds\email.wav	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\config\common.ini	terminal64.exe
File opened for modification	C:\Program Files\MetaTrader 5\bases\Default\trades\5011992969\cache.dat	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\1.welcome.turkish.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Controls\res\ThumbVert.bmp	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Profiles\SymbolSets\forex.all.set	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Canvas\DX\DXMath.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Canvas\DX\DXSurface.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\OpenCL\Float\Kernels\matrixmult.cl	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\OpenCL\Float\Kernels\wavelet.cl	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\UnitTests\Stat\TestStatPrecision.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Profiles\Charts\British Pound\chart02.chr	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Profiles\SymbolSets\forex.major.set	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\3.market.arabic.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\4.mobile.chinese (traditional).welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Profiles\Charts\Default\order.wnd	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\2.signals.german.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\2.signals.russian.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Controls\res\Down.bmp	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Controls\res\Restore.bmp	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Generic\Interfaces\IEqualityComparable.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Generic\Internal\ArrayFunction.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Generic\SortedMap.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Graphics\Graphic.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\2.signals.czech.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\checkwritepermissions.test	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\OrderInfo\OrderInfoSample.ex5	metaeditor64.exe
File created	C:\Program Files\MetaTrader 5\Profiles\Charts\Euro\chart01.chr	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Sounds\connect.wav	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Canvas\DX\DXBuffers.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Canvas\DX\DXUtils.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Math\Alglib\diffequations.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Trade\DealInfo.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\1.welcome.vietnamese.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\2.signals.turkish.welcome	mt5setup.exe
File opened for modification	C:\Program Files\MetaTrader 5\logs\metaeditor.log	metaeditor64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Graphics\Axis.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Math\Stat\Logistic.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\OpenCL\Double\Kernels\bitonicsort.cl	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\MarketFacilitationIndex.ex5	metaeditor64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\Canvas\Charts\LineChartSample.ex5	metaeditor64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\OpenCL\Double\Wavelet.ex5	metaeditor64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\2.signals.default.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\7.risk-warning.uzbek.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Canvas\DX\DXData.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Trade\SymbolInfo.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\2.signals.chinese (traditional).welcome	mt5setup.exe

Drops file in Windows directory 2 IoCs

Processes:

terminal64.exemetaeditor64.exe

description ioc process

File opened for modification C:\Windows\ terminal64.exe
File opened for modification C:\Windows\ metaeditor64.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\	terminal64.exe
File opened for modification	C:\Windows\	metaeditor64.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

mt5setup.exeterminal64.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	mt5setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	terminal64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	mt5setup.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemt5setup.exeterminal64.exeterminal64.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	mt5setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	terminal64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	mt5setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	mt5setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	terminal64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

terminal64.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\terminal64.exe = "11000"	terminal64.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133250167173775996"	chrome.exe

Modifies registry class 64 IoCs

Processes:

terminal64.exeterminal64.exemsedge.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	terminal64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MetaTrader 5 Export File	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\DefaultIcon	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\ = "MQL5 Source File"	terminal64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 620031000000000083562e8c10004d45544154527e3100004a0009000400efbe83561d8c83562e8c2e00000020db010000000600000000000000000000000000000048ae5c004d0065007400610054007200610064006500720020003500000018000000	terminal64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\DefaultIcon	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\URL Protocol	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MetaTrader 5 Export File\shell\open\command\ = "C:\\Program Files\\MetaTrader 5\\terminal64.exe /import:\"%1\""	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\shell	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\shell\open\command\ = "C:\\Program Files\\MetaTrader 5\\terminal64.exe /ex5:\"%1\""	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ex5\ = "EX5.File"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header\shell	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	terminal64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	terminal64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\shell\open	terminal64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 640031000000000083561d8c100050524f4752417e3100004c0009000400efbe874fdb4983561d8c2e0000003f0000000000010000000000000000000000000000004e0f4000500072006f006700720061006d002000460069006c0065007300000018000000	terminal64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MetaTrader 5 Export File\DefaultIcon\ = "C:\\Program Files\\MetaTrader 5\\terminal64.exe,15"	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\ShellNew\NullFile	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header\DefaultIcon	terminal64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	terminal64.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mt5\ = "MetaTrader 5 Export File"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\shell\open	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mq5\ShellNew	terminal64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	terminal64.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	terminal64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	terminal64.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mt5	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\DefaultIcon\ = "C:\\Program Files\\MetaTrader 5\\terminal64.exe,1"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\shell	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header\shell\open\command	terminal64.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	terminal64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	terminal64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	terminal64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\shell\open\command\ = "C:\\Program Files\\MetaTrader 5\\terminal64.exe \"%1\""	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\shell\open\command\ = "C:\\Program Files\\MetaTrader 5\\metaeditor64.exe \"%1\""	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mq5	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mqh\ = "MQL5.Header"	terminal64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\shell\open\command	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\DefaultIcon\ = "C:\\Program Files\\MetaTrader 5\\metaeditor64.exe,1"	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mq5\ = "MQL5.File"	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header\DefaultIcon\ = "C:\\Program Files\\MetaTrader 5\\metaeditor64.exe,2"	terminal64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\DefaultIcon\ = "C:\\Program Files\\MetaTrader 5\\terminal64.exe,2"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\shell\open\command	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	terminal64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\ = "URL:MQL5 Buy Protocol"	terminal64.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	terminal64.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	terminal64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\ = "MQL5 Program"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\shell\open\command	terminal64.exe

Modifies system certificate store 2 TTPs 12 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

mt5setup.exeterminal64.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	terminal64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1CBCA5DB2D52A7F693B674DE5F05A1D0C957DF0\Blob = 5c00000001000000040000008001000019000000010000001000000076935b5c5a037216daaf8aac76df42c1030000000100000014000000d1cbca5db2d52a7f693b674de5f05a1d0c957df01d0000000100000010000000280cf6042c30a2646644ba7286a3aa971400000001000000140000003ae10986d4cf19c29676744976dce035c663639a0b00000001000000180000005300650063007400690067006f00200045004300430000006200000001000000200000004ff460d54b9c86dabfbcfc5712e0400d2bed3fbc4d4fbdaa86e06adcd2a9ad7a53000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000300000000b043572c899dec43efd590cfce610cf443a6315925ebfe589f7506907e44824608489581c7ca0e041458514cf157614040000000100000010000000fa68bcd9b57fadfdc91d068328cc24c12000000001000000930200003082028f30820215a00302010202105c8b99c55a94c5d27156decd8980cc26300a06082a8648ce3d040303308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f726974793076301006072a8648ce3d020106052b81040022036200041aac545aa9f96823e77ad5246f53c65ad84babc6d5b6d1e67371aedd9cd60c61fddba08903b80514ec57ceee5d3fe221b3cef7d48a79e0a3837e2d97d061c4f199dc259163ab7f30a3b470e2c7a1339cf3bf2e5c53b15fb37d327f8a34e37979a3423040301d0603551d0e041604143ae10986d4cf19c29676744976dce035c663639a300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300a06082a8648ce3d040303036800306502303667a11608dce49700411d4ebee16301cf3baa421164a09d94390211795c7b1dfa64b9ee1642b3bf8ac209c4ece4b14d023100e92a61478c524a4b4e1870f6d644d66ef583ba6d58bd24d95648eaefc4a24681886a3a46d1a99b4dc961dad15d576a18	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	mt5setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	terminal64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	mt5setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1CBCA5DB2D52A7F693B674DE5F05A1D0C957DF0	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1CBCA5DB2D52A7F693B674DE5F05A1D0C957DF0\Blob = 040000000100000010000000fa68bcd9b57fadfdc91d068328cc24c10f00000001000000300000000b043572c899dec43efd590cfce610cf443a6315925ebfe589f7506907e44824608489581c7ca0e041458514cf157614090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000004ff460d54b9c86dabfbcfc5712e0400d2bed3fbc4d4fbdaa86e06adcd2a9ad7a0b00000001000000180000005300650063007400690067006f00200045004300430000001400000001000000140000003ae10986d4cf19c29676744976dce035c663639a1d0000000100000010000000280cf6042c30a2646644ba7286a3aa97030000000100000014000000d1cbca5db2d52a7f693b674de5f05a1d0c957df019000000010000001000000076935b5c5a037216daaf8aac76df42c12000000001000000930200003082028f30820215a00302010202105c8b99c55a94c5d27156decd8980cc26300a06082a8648ce3d040303308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f726974793076301006072a8648ce3d020106052b81040022036200041aac545aa9f96823e77ad5246f53c65ad84babc6d5b6d1e67371aedd9cd60c61fddba08903b80514ec57ceee5d3fe221b3cef7d48a79e0a3837e2d97d061c4f199dc259163ab7f30a3b470e2c7a1339cf3bf2e5c53b15fb37d327f8a34e37979a3423040301d0603551d0e041604143ae10986d4cf19c29676744976dce035c663639a300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300a06082a8648ce3d040303036800306502303667a11608dce49700411d4ebee16301cf3baa421164a09d94390211795c7b1dfa64b9ee1642b3bf8ac209c4ece4b14d023100e92a61478c524a4b4e1870f6d644d66ef583ba6d58bd24d95648eaefc4a24681886a3a46d1a99b4dc961dad15d576a18	mt5setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	mt5setup.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

chrome.exeterminal64.exeterminal64.exemetaeditor64.exemsedge.exemsedge.exechrome.exe

pid	process
4188	chrome.exe
4188	chrome.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
4260	metaeditor64.exe
4260	metaeditor64.exe
5760	msedge.exe
5760	msedge.exe
1592	msedge.exe
1592	msedge.exe
5152	chrome.exe
5152	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

terminal64.exe

pid process

3180 terminal64.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exemsedge.exe

pid process

4188 chrome.exe
4188 chrome.exe
1592 msedge.exe
1592 msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of SetWindowsHookEx 63 IoCs

Processes:

terminal64.exeterminal64.exemetaeditor64.exe

pid	process
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
4260	metaeditor64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe
3180	terminal64.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4188 wrote to memory of 4688	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4688	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 1980	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 2120	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 2120	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4644	4188	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://download.mql5.com/cdn/web/metaquotes.software.corp/mt5/mt5setup.exe?utm_source=www.metatrader4.com&utm_campaign=download
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffcb16a9758,0x7ffcb16a9768,0x7ffcb16a9778
2⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:2
2⤵
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:8
2⤵
PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:8
2⤵
PID:4644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:1
2⤵
PID:624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:1
2⤵
PID:1436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:8
2⤵
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:8
2⤵
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5464 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:8
2⤵
PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:8
2⤵
PID:5072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:8
2⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2860 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:8
2⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5132 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:8
2⤵
PID:1896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5196 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:8
2⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:8
2⤵
PID:3796

C:\Users\Admin\Downloads\mt5setup.exe
"C:\Users\Admin\Downloads\mt5setup.exe"
2⤵
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies system certificate store
PID:2108

C:\Program Files\MetaTrader 5\terminal64.exe
"C:\Program Files\MetaTrader 5\terminal64.exe" /install
3⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mql5.com/?utm_campaign=mql5.welcome.open&utm_medium=special&utm_source=web.installer&&utm_codepage=1033&utm_uniq=4934056179342409653&utm_link=B8C91850F40A0E94FD40AF19EB8B56B0
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffcb11d46f8,0x7ffcb11d4708,0x7ffcb11d4718
4⤵
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,1575994057632915756,41734906561962170,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2332 /prefetch:2
4⤵
PID:5732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,1575994057632915756,41734906561962170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,1575994057632915756,41734906561962170,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
4⤵
PID:5800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1575994057632915756,41734906561962170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
4⤵
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1575994057632915756,41734906561962170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
4⤵
PID:3872

C:\Windows\explorer.exe
"C:\Windows\explorer.exe" "C:\Program Files\MetaTrader 5\terminal64.exe"
3⤵
PID:3528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2848 --field-trial-handle=1812,i,14062387995036112619,16811999267982734783,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5152

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3764

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1296

C:\Program Files\MetaTrader 5\terminal64.exe
"C:\Program Files\MetaTrader 5\terminal64.exe"
2⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3180

C:\Program Files\MetaTrader 5\metaeditor64.exe
"C:\Program Files\MetaTrader 5\metaeditor64.exe" /portable /compile:"C:\Program Files\MetaTrader 5\MQL5" /inc:"C:\Program Files\MetaTrader 5\MQL5" /time:0 /flg:0 /stop:se5052_240646718
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4260

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x154
1⤵
PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2756

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\MetaTrader 5\Bases\Default\Mail\mail-0.dat
Filesize
22KB

MD5
5dbed32cc6cc818161e26b17eb1cd7d0

SHA1
3f676396c7e7b5cb23c2512ff19bd1771e2247d8

SHA256
e719932e33293176bacefd21ebb209f33094e6757acd36d75e82f34677f65981

SHA512
eea002430da3fcc898563003be5e0c6f045a7037c9b16722c68e3737114767418746da292673945367041d6e70939eb8dbd8405d7ecb83da686da8c4c1f11699

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\Mail\mail-5011992969.dat
Filesize
22KB

MD5
780643852b39dcd38e64b788843e9517

SHA1
8163087776246aad91aa254e32fd509c8825f27f

SHA256
15cb197980125bc55847d40b1bd33ad8236f4dd9ef669144ec0ab0914b507616

SHA512
f338c56ec563f1b16fbbb424631c43c3d93d35d7e6f2015c03f9aecd7a8b58d7db364f019ec6f624b110c469c6e75cb74671acc304a0a119f4885558398ff400

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\1.welcome.english.welcome
Filesize
10KB

MD5
0e91b8022d0831e85836f7e0a037ffd8

SHA1
684fe5d6dccabd0845929137aab92d8d4dbc9bd1

SHA256
f37218b1a6c40fdbbf5dae0d3fac2aa8476ef693550c1f977880cdc5e7e99e2b

SHA512
355e87ff9fdfd3b71bf37e2722a1421fd8352d8726856a2d5579c4c77aff95111bb7cd34a40dd43f007440bd834c53fdcdabcafea0f771458f764497d232288b

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\2.signals.english.welcome
Filesize
8KB

MD5
34fa0ab9072cf6ab1fafe19899a5b537

SHA1
4367430bac684dfe5bf542ca0d5a403dba759eec

SHA256
606facecb2d62b921e69e3ca0e6f078b086162bbe5f2f84062aff44de22f1c9c

SHA512
2c6dd2b9460f4abc405f4476d5bed8e67cf8d59d21075deaceac5df4c61fffeb7f90dcaf350ef054fcc75c28dc130f1189ff43c065d3fa66b640fc6332e324ee

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\3.market.english.welcome
Filesize
8KB

MD5
e127a5f0fc6f6075239024a2331bdb9c

SHA1
ca5da0d65e15aa080bf97870b3e0ef3b8b16eb37

SHA256
d4f18c75a42bb37af1c048a6917ed2d407bf30f5693c5ddff76193b8256a846b

SHA512
802b33f8663dfaa8bddec7c4c2be0ca75bc309e2bef5f2984af8885ecd20392d52fcf4add32ddc9c97614fa63b2cc5d2f08f23969f9e2abbd52ae995952c10b4

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\4.mobile.english.welcome
Filesize
8KB

MD5
ac4df097a953b04a6070fcf5e373dd46

SHA1
f8f868e6b765350a4faea6991e046a10fb0ccfe2

SHA256
a78107df49d95e8727fc8482711d217cd4930533571c2f9777b866c60f631ea4

SHA512
8174b483c61690eb0ae623bdfb94f1431c693675effc662ca83e1f047d03fa3b6738175793b1981011d30d47770a17e6d401a1d6a591d51eddcc93c3e9acd2d9

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\5.freelance.english.welcome
Filesize
8KB

MD5
7f3cd66e5646b6ca3a953291d95e2829

SHA1
b5dc498474b0fb06568b0bba7b73012a40368056

SHA256
ecba047f70b7e741e1b6e8d95894953f1f9676f3eef45c76b0db2850d4dae19d

SHA512
15b9b2686ae5d33027cf4e0fd54514a2e146248b7c2b7f956bba328b7f91c13c1131087be370b5e6ed5a4736283bbb0217f7176d2b830e0bd8a4996390e40233

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\6.virtualhosting.english.welcome
Filesize
9KB

MD5
710186c29dc07cea41f274fb2ac296de

SHA1
9f98ebe4f05847f1d38f5e3e68eb3555401e2325

SHA256
cbb50ea59ec71285dab14d71392b3ed807a13660e21496627cc6da0878b5d2be

SHA512
accfdd68e63b723693192709743e8694f1a9c19006598b6dbe482c4a8cd3ea36d531c2fe84a2f8f6b56cba5a51e4c1876ca02e34244e2783bfeed9f556e7e6bf

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\7.risk-warning.english.welcome
Filesize
9KB

MD5
59f014c5c4de767f5ee2ebca8f38c105

SHA1
cff6228b59c398c2c728e16904fbba413917a5cb

SHA256
4e7f56e2e8e3862859d6cece476130f8b517caa98098960f3abe96ef75e07afe

SHA512
17e3f8bdfc953ffa99bb006c5b76a5e2da24743fcaff2d50b186d32c2d2edaf1693793d1a08b05e0c603d9ff2cedf524cb58bf58a06abbba232166a811ab9fbc

Download Submit
C:\Program Files\MetaTrader 5\Bases\MetaQuotes-Demo\symbols\selected-5011992969.dat
Filesize
11KB

MD5
6d74ab180772ab01acef226aa2a63de0

SHA1
bf2c86e38e4897b88d54185394ca68f6525ae8cc

SHA256
445de0cfefb1376ea7e7dea0dc7f7d2473214b177159ddd5de8aa3230e9d73fb

SHA512
56b7bc75ef4f978df0a25f3bcbb8fe1965d85c00ecf0753ff7828cc7468ce55f5a5acba5dd2441843e78ba4ce1542903389e60884c25f4f26a96504f3a9ed7d9

Download Submit
C:\Program Files\MetaTrader 5\Config\common.ini
Filesize
246B

MD5
cb41d3bf8ddb7e6ba5e16788ea033331

SHA1
a955a45bd64e7c3e084f799f76c03934d3bf6707

SHA256
56111616a9217200272dd480517f660b34ef6b607b6ae612713dd619062c9a95

SHA512
8f5ff66b7359d662692699d3d56eede3c111fa6b099cb823fdb4bbe10ab7562fc97ce60b9917b162861bd742bab9e27ef7583810fa12ff4d5824fab0d5c991b3

Download Submit
C:\Program Files\MetaTrader 5\Config\common.ini
Filesize
590B

MD5
bf6564f1740add2ee33e84e8a8ec3545

SHA1
ac02242e8d62cc5c47eb998b3e1f5d9750649d8f

SHA256
888da0e8a8fe999fb3512f32bad4a13440ec33ab6cd85556b36929d262bb2349

SHA512
2437850ab2e40d203bc85d15e61c141d61664a1764679915e6044052cdb08ff82c38b2aeea817c85587d5808a256a07f37287533b84e93a512de18a3912211b6

Download Submit
C:\Program Files\MetaTrader 5\Config\common.ini
Filesize
1KB

MD5
b3a3c376f2f3094bd0960424780faeaa

SHA1
742416ec1c104a69c86485f5ec58d5f7efffeead

SHA256
77dc0f9dde0b0b2d874c5d7bf666024ea965ef6fda0b2a28742e0142bf76905f

SHA512
1000ef38fef0a4623573cc44128aa805762ed6dc8e2fedec6572f4d9cc979ea7ef1acf60f5f3bfe46e4c9798ac67a4250054647b349f5cd2a04373947f1c3a8a

Download Submit
C:\Program Files\MetaTrader 5\Config\servers.dat.new
Filesize
11KB

MD5
1e9f5d1d65e06b305539e0c5d2b4a139

SHA1
83676a7f398460eabe75eb8c6f3d663dc9595f0f

SHA256
9d8046ac1c4aaa1cf183cde9f79912cddaa1c6b5ebc0ec34eb50437848c17d00

SHA512
f182cde4591dfa388fbd28cf2399d14d663bcbbb99e43941d1cb8adce6d084fb849734fdd9ca1d5073401390eb0c1bd2081193778e7bc0bc203eba19e3abdf54

Download Submit
C:\Program Files\MetaTrader 5\Config\terminal.ini
Filesize
8KB

MD5
527929aff0365f16cf60f35e1a5cc5fc

SHA1
efe2efd77fc9594df84862face8f270cea5237fb

SHA256
5afebf752e3380ebe831983491e7a68f1234cc35bfaf28a9ca0fd4ae8bd0ed6b

SHA512
419edb14f3ffc26258de535a19a59931f322e2b6fedfcb2c9ea288d486331238a325a795b0e1b0c0b367800fa42a1e3b3c59cb8f1e0f9212a00979c5e8ce0c8d

Download Submit
C:\Program Files\MetaTrader 5\Config\terminal.ini
Filesize
8KB

MD5
0aca6e4c49ba25666eb5d9199fff8a5a

SHA1
17dcdfc5e240fe3aa47986807b3fc45596376b04

SHA256
9145d793a87879d3e5d02f2b1c4c2b3135163f75889ba7dc2e4685b6a7abbcd8

SHA512
eefc9745209bddc420f6ff2ac679efccba2cff1c555e6f28fe01dc7d3efb7d5314eece11d572986294f8d0c8b914909088e44d81faed8b25652c8d5ef478494d

Download Submit
C:\Program Files\MetaTrader 5\Config\terminal.ini
Filesize
7KB

MD5
47559b25127fe44aaf57761c8394c4c6

SHA1
0e7b91a4c6c21935a9de281431fa589d29b3460c

SHA256
9d0aa6027ad5738d72a4a18aa67d6f01455736de4d70533e4f388da8c109f04b

SHA512
0a87054df67bc75d3dbd456c041efb3403467e0cbc2ba7125131017e8f9666221ff9bf5512977bd1e69f0ecadece2abc3182d2ad4cf5ae556390aa87f0647aa7

Download Submit
C:\Program Files\MetaTrader 5\MQL5\Experts\Advisors\ExpertMACD.mq5
Filesize
5KB

MD5
1771d966f1694a6c020c68a81d8c5d19

SHA1
2a844e5a5b2f6c43078a7b23cad60cefa4d21b12

SHA256
28df02cb227d11fc65b8be6605348350fdd076879b5b462f94459f77cbc91534

SHA512
fd3db5c20c08db2134d9a336e2e5bbbde44d0ca404a60463afd3f068a0c1caba2a27f9bd6878d2e79181386ea7a70d3b12d531a9b62d3b7a0ffe36df1f731aec

Download Submit
C:\Program Files\MetaTrader 5\MQL5\Include\Expert\Expert.mqh
Filesize
119KB

MD5
baee1334a7508a92c31929ad633486d2

SHA1
af33a85c109ee76259e23f11951f5081ffc0396a

SHA256
23a2ee06d0cee8f7722a8734b602b50f3911472c822e8f2478ad941d5ed37433

SHA512
8268b99626c12059c66e9bab389dec2eab109b5fa179ba7da4a78923e308ade30f1d8ce3bbc2eba343a8b08f731f346639817f9905dd71fb511868f795ed6069

Download Submit
C:\Program Files\MetaTrader 5\MQL5\Include\Expert\ExpertBase.mqh
Filesize
26KB

MD5
2dd2adb5767ba6688d90468140708a7b

SHA1
5fecfb7ef5ac46884150bf735e9eaaf08c8fa29d

SHA256
601168c3e392265bd7ffed132d3c0733c37047a8b7a733195d543c41a48ef600

SHA512
52777851274a7a341b4d179673eaa23e7a680f65b64a1b441365b6519b75cc3575bb460f1701268dc0ba688a351596da276b58bae528ff403cf12cac570e405c

Download Submit
C:\Program Files\MetaTrader 5\MQL5\Include\Trade\SymbolInfo.mqh
Filesize
35KB

MD5
7e63e7c80e9b74b108ad6509d573eaeb

SHA1
3dd78a1f266e8b6b366db3025e19235e5ce37423

SHA256
faef9815da8557d8c3802591e9d7e15aba388e759329059748425289facec84a

SHA512
865ee71920ffee328913c70919b29244a6b8ba2f2203fe3c6b11ab324a0b8f7bbdba5c4f4d3897430fcac9760fb6c62a6821ff44686d84d85edc43aa89a05f9a

Download Submit
C:\Program Files\MetaTrader 5\MetaEditor64.exe
Filesize
48.4MB

MD5
757c87197eb8ea9e14e2d2237d916f82

SHA1
be5e64a323770fef9dc6b340becbc73d8385ca98

SHA256
c3a4a0ec2dff5a2493f67ffbf000aa714dad48d78e02c380eb4f405ce65f17e7

SHA512
412ae8b6c8f3803470cddf25bf50e5d9694f46b364b312591d28d97555225540733da2a370c813399d7201cbc040cee8e06c37789717bf8db088ff807098768b

Download Submit
C:\Program Files\MetaTrader 5\MetaEditor64.exe
Filesize
48.4MB

MD5
757c87197eb8ea9e14e2d2237d916f82

SHA1
be5e64a323770fef9dc6b340becbc73d8385ca98

SHA256
c3a4a0ec2dff5a2493f67ffbf000aa714dad48d78e02c380eb4f405ce65f17e7

SHA512
412ae8b6c8f3803470cddf25bf50e5d9694f46b364b312591d28d97555225540733da2a370c813399d7201cbc040cee8e06c37789717bf8db088ff807098768b

Download Submit
C:\Program Files\MetaTrader 5\bases\Default\symbols\selected-0.dat
Filesize
11KB

MD5
6d74ab180772ab01acef226aa2a63de0

SHA1
bf2c86e38e4897b88d54185394ca68f6525ae8cc

SHA256
445de0cfefb1376ea7e7dea0dc7f7d2473214b177159ddd5de8aa3230e9d73fb

SHA512
56b7bc75ef4f978df0a25f3bcbb8fe1965d85c00ecf0753ff7828cc7468ce55f5a5acba5dd2441843e78ba4ce1542903389e60884c25f4f26a96504f3a9ed7d9

Download Submit
C:\Program Files\MetaTrader 5\bases\Default\symbols\symbols-0.dat
Filesize
24KB

MD5
c9688f0b21a99019600ed62a855d0516

SHA1
096b1a329f6bf6ed63027af974827e749e5aa564

SHA256
cbfdb00cb0793b2c54efa316cea61b0b2bb12adaf3875ee0cfdba8e56c7d3003

SHA512
4c2f57e5ca1921906484757ad4c7d9e95d11937b1159bb3cb2e251164980ecef28d7338c70ff86a4d12adfe264a482ebde625a7152b33682874d500c1c43b527

Download Submit
C:\Program Files\MetaTrader 5\config\servers.dat
Filesize
8KB

MD5
de0c6b5c1bea485912d9026d95eab367

SHA1
e60c0dfd1aef6735f8630da2f25aa77a8267db4d

SHA256
d27ed475cf6304b913da0bf58c282c6099a288db9e3ed7a48c76cd016a741fe3

SHA512
8528e04fdaf90a5e029d56159bf6a57a2b13a6e505cc67e55514c02d0d6ea99f3ed23489624051a70de4e102f2cde799655b005cabd250bf03712e69c64d60da

Download Submit
C:\Program Files\MetaTrader 5\config\terminal.lic
Filesize
37KB

MD5
bd2186aa431ba2bb586e254b0f0844d6

SHA1
e07dfb358b047365212ba0105ffb10d966f0f370

SHA256
91df59227516a3245a5d92bafcfb8fe30ac5319265fddfad30dd43a7da348c68

SHA512
0f1fd24fd24188f14b1be15703acd3e8cd504ef4d22dd70283e7a927aa9ea34f1f73301d6a5dfd0a6bcfe0ecf2756a8a29c32fa151badab5560a8cafcb741590

Download Submit
C:\Program Files\MetaTrader 5\metaeditor64.exe
Filesize
48.4MB

MD5
757c87197eb8ea9e14e2d2237d916f82

SHA1
be5e64a323770fef9dc6b340becbc73d8385ca98

SHA256
c3a4a0ec2dff5a2493f67ffbf000aa714dad48d78e02c380eb4f405ce65f17e7

SHA512
412ae8b6c8f3803470cddf25bf50e5d9694f46b364b312591d28d97555225540733da2a370c813399d7201cbc040cee8e06c37789717bf8db088ff807098768b

Download Submit
C:\Program Files\MetaTrader 5\metatester64.exe
Filesize
24.5MB

MD5
828286c748e600e7346feaee0759442e

SHA1
733ecbf03998e2198a51e76c15ffe687a7177461

SHA256
c3df9cfc8c0fbc8b132626275ebdcba00578b758590acfc57505ad91f4522874

SHA512
713cdd5a70e20e73907d00f13b1442f25458541f8cf06e4b0cf420b281829f6600ead95869efa775fc073fdd2d13b10a7f81737c242a79fb07686e2723c12813

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\chart01.chr
Filesize
4KB

MD5
b2cfa6007c87e8d2a840ca0f0e77ac33

SHA1
48e343fa5924c1561390ba8f79ac46371f53c3f5

SHA256
074c0cdb0d67bb4f343ba87e605124cc097016f77afc3e208f5765bcb8788906

SHA512
7d6536d329e91ca58347885a5244d408deb2ce604cbc09a9c691ab35f02cbc49923e7cd1a5122bbe78d5bd8d8261428a9eee5ad1e3743f1ad8a9e3bcb7ec2b30

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\chart02.chr
Filesize
4KB

MD5
31c047d58884c871c2e1252fa927532d

SHA1
8dcd59b06b0488f9d4e7d056e82180b619f75f8d

SHA256
62f347bfa85e9d8974a5bf0c8feb81f7cf8a5757be3fef5190c4ced757256aff

SHA512
e281466a544b4c6415f501249d18142cd35936339f475bd64b10275d94824c8fa6f7def82487ca0f2d570b4efc9d01bf3b1e6fa963419df65fc3bced29de7ae4

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\chart03.chr
Filesize
4KB

MD5
112922787ad3fa848865605831b81884

SHA1
e445f0bdbb629ebf34499a516c43562cc12c857f

SHA256
91ef37d31e90242d34c5844b42c6d50214efa91f402268be5462028f52d356b2

SHA512
e28db5da3b6c1e0a4880795a61cff8efee568e96d609e1e118d361deadc4169001767d9167abdb649a5cbaa7e7c277460e8a8df7017506dd0ec97429c58e1c44

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\chart04.chr
Filesize
4KB

MD5
11ee1f515055e93f0e810f5228050b36

SHA1
ec151685a379dfe8531a230beeeb679f2f9a9920

SHA256
c86795c22143cb9bf82790233cceba70ae966c2a9ca0f679634ac4cdb847d32c

SHA512
2a36ae76c37dda43339a43dd951d7df6580a2bf369531518cf69a48fcfce3ba59005e3d0921b4e6e65cd09ea3854ec223d66a5dffeb10761764dbcc6aa62d2a7

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\order.wnd
Filesize
106B

MD5
e6b06f612a351deaa8cda0836b25a4ce

SHA1
4739f8cecd1d075689730cfbc9140b13681832ff

SHA256
bb2aae933928e009b82803d3ce2a3aa464861cf5c51e9a9af1cb25fc5923ee11

SHA512
1f7a5c137fea0cd56b2c5676b6a038c15795f09fdff5efd50d9ed11ea102517fd4d5df5d7f1aedf2ecdd3e2a92e459b640f57eecaa5150ee759026aff273ab39

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\chart01.chr
Filesize
2KB

MD5
cbcb207b4eca61983c2bc6be8fa2cb6b

SHA1
a7c6fda5154230e176b2efd94078dc8e4b2c97f5

SHA256
ecd135cab470d4a90979027d44b73ad512039187fd19ed69ff7372a52b27b766

SHA512
00db4573d986f7ffacc792ea28d5c548a14c9eff85b33722c144b6dba1b41af50e7cbbd33b25bb8536ed40716c70421112d4a0b9c394f7759e6aaf9287d769a2

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\chart02.chr
Filesize
2KB

MD5
c6dbfbb29c324c008696d1f044042bd4

SHA1
d9e2f67944be3a6b904c6a66599eb13ba34199a0

SHA256
dae31e1135021dfb18e71fa94dd42c7c4a231a302238db84e36afeb8d1eec08b

SHA512
449cc241f5f480b38e89a6e84b9611f338d279952195a3a7805ed0eb30e922eabdfa1ea7b4466680e88f173a808d45b50d1e99e076267cde1a0471533ab5c0fd

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\chart03.chr
Filesize
3KB

MD5
c83dff4b48cd69721ae542f1deb6bef3

SHA1
edc884426ebdc9f7cab0d046b0547b80ebfbba63

SHA256
7b341556d2e6d41c34583479d01bc6142c97b740fd205409f88c9a7eeca12e4f

SHA512
448df704047cb145d3b91e8cb5a2cc4f6f65f26cd943ee23c28e489435b781f6c1c37ebbe53f75a97129a808cd1ed0332e788e38d646852b2c682006ac589d7c

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\chart04.chr
Filesize
2KB

MD5
10b587d941321e1ca2b37027d96adbdd

SHA1
284e2b33c5d953d9449ad380969e09d7a42ec08b

SHA256
5b99490c026f03727d529803079d5457bfbf02573f880e334fb8191e45c7a8b0

SHA512
f774d21cde508076a53d28b3357ff9ae622b3171b08b85e918a83c87e29b18d3b2f4ff6f092bbc351f9132d0fa4d3ccff2ed2a61b6ff0640c7a80d94d82433e4

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\order.wnd
Filesize
106B

MD5
71cf7ef63820a018a5fe3eeb974a64b4

SHA1
7bb5057c3d259da7f59d3cce99ac5bd44fde097d

SHA256
51b82b4d0db003a43f32b8719e50a0412b55efe52887b7df76d7a27a0703244d

SHA512
0452e3659fd9f1cc557ed9c4633c7cace04ea3dbeac098def8a97db38a91a1e858327fd009245e10e8ed25baa65885c03636f29a085a605c2d44da1fc201a507

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\chart01.chr
Filesize
4KB

MD5
6336e04febd73bd5260a2d974817a9cd

SHA1
774e1beed401346784f4a63e8d30adffc697bf77

SHA256
5b67146285c97192c6ce453a84e0cafadc3d2a8bd1c0fd5e7800db24aa2a0185

SHA512
34b7bce124e872d20b529e3675e0a32fdf0528d28be1d1a78c0c1bb724166f640ade32e713f8c3d138409baa505a7b41cfc4a2c3152a9cd39d8f62f122e5f12b

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\chart02.chr
Filesize
4KB

MD5
e4ee631b69c84953eb70b5be19e80178

SHA1
ffad8ebe062e6e484365d7f9761642303217175b

SHA256
4811b15a515522d3fece37b4a9089112011bd62d62652b295e14bb74aa63fa6e

SHA512
e98cfe41b726000a8c629ce418dc0944cb53c738af67b1d60a2abcff6b3f629c46b755b364320a03ddfd8ffa11049124b12cf4c657373abc891182a24909726d

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\chart03.chr
Filesize
4KB

MD5
1d317dea4589acf40cc4396102c0c963

SHA1
1972cd214e9e9940b84dfd97bc6ebc2b908589f8

SHA256
3fd62a7084445a99b60b8dceb28c85d4533fadcc5bc90934dcdd6e8e7025f866

SHA512
5447b13a0e1fbbee4f080d0fe2512759f21fe5261e3c11099bcd4db42db69a891d526e363fe2e749bbf858a167d95471c842a050ed1fca3ae92593d93c583e31

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\chart04.chr
Filesize
4KB

MD5
dda95b8c2f418bffd481d4ba463526a8

SHA1
c4b72025363e869e181d74d212dd54b2b751502c

SHA256
4c41121051b008ccc758ec19c0250db78cb98c563283d8747dea9a11956564ce

SHA512
bba961dc748661843d0e0ae4a329b7c5fc041ceac58ca97e98bf173234dc0ddf86370f477aed68f81951b414caabcbcd7187db21873fca638f39b5d6708092c2

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\order.wnd
Filesize
106B

MD5
e6b06f612a351deaa8cda0836b25a4ce

SHA1
4739f8cecd1d075689730cfbc9140b13681832ff

SHA256
bb2aae933928e009b82803d3ce2a3aa464861cf5c51e9a9af1cb25fc5923ee11

SHA512
1f7a5c137fea0cd56b2c5676b6a038c15795f09fdff5efd50d9ed11ea102517fd4d5df5d7f1aedf2ecdd3e2a92e459b640f57eecaa5150ee759026aff273ab39

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\chart01.chr
Filesize
5KB

MD5
0415270ec850a613df4e9c96e0f3d0c2

SHA1
5a22493dbbf2207e0fac23217f1b87574a5624d2

SHA256
7b0d5a4ae505f98dcd667da733541501c4bf49b8139076156868c8f37573a071

SHA512
dcf5026493e54aae6b4ca5823ef52793fb590ed03b26a584534d26dc0c82fe008cda43ce78c4f30f06469e8caf89093cce70f7d7e022a9b842cb97071b1195f8

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\chart02.chr
Filesize
3KB

MD5
a10290e8f40a09abd794779fdfe3b53a

SHA1
6755e2f6ccba07b57cd0421c93f8cd59d80f993a

SHA256
193cc0eb1a419a84422d7e55a51dd81e38cc691cf3b89020868f6ee4ac8156b3

SHA512
e42ee9a631439a0c13f54ee530cc55485a892cdb9e23e91bb95b1c5c63389d534916210e612f887c8f2040bf06d17f881f6de35fde55d82ce297cbf2087fd37b

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\chart03.chr
Filesize
2KB

MD5
0059904b9856356a2a9cf9fc7b29e473

SHA1
2d2957fcb64c1853b4291986c181ee729db464e7

SHA256
06c5bb507d83bfb9e853e8e660daa09192428cb59007ac23a9bafc97f329967e

SHA512
11f8e14e5f6c398259aff9b9484ab7893502a1d2bfed035bf081c614aae6a54a73f36a4eda25e00049bc42f438a407218a2fd6c12a3e4b06871c02c3df4933d0

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\chart04.chr
Filesize
3KB

MD5
811c149ea405e13325467dceafae0c74

SHA1
8810462e3e23d9c9aabc241092ea59d835ae9198

SHA256
fe5a8378274ae12a008942ae8d568b88ebc42354214c5c2082be2f85a7232c68

SHA512
d10cac190c92690e0cf919f1c08932d5950ca706ccb443af4bb82e1a5fef46175a2b4f99d7ddcc19e5422a45c52946c6dc35227037f2553a392075020712f42b

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\order.wnd
Filesize
106B

MD5
06ff51fc2a91c09cf9bb43e654a17ad8

SHA1
cc27a22873d1f2a53521ba0644b8ff9b0bd37ab7

SHA256
92d54f3324fa315c03360a09ad4021b5f54da068397caf3966d4d73066d7839a

SHA512
c88c0305dc577a2b74828f0048812cff7ef269f4efd2f0290afe27168e7d3eebee02ce59de9fd89eb3af85579f1c64ead61f11489995987a2d4fdd1a981e83bf

Download Submit
C:\Program Files\MetaTrader 5\profiles\SymbolSets\forex.all.set
Filesize
288B

MD5
207307971b3cdd0a2cdd503759f7b527

SHA1
4984f6c2476e0018447804ee99b5781b0416d511

SHA256
960e8672ba9df5a8d5325bdee8976703c3fc263ab7881c6772efc3433055a28a

SHA512
5285844469287df619032dfbf46861448c277bfca06b3a363c11f9ade787afb7efc7dfa7b4503b719161f3d8bbbd557e6777c0b4faf20ffd7de088656ffe4709

Download Submit
C:\Program Files\MetaTrader 5\profiles\SymbolSets\forex.crosses.set
Filesize
218B

MD5
a8c0ac3e5be4a1011a09f316c1bfabd3

SHA1
a0a52c5c9780405917c5a402cc928cc10cfc4b48

SHA256
c95a2b57f4de8504d8cafd99de6049d49df31e0a86466c0fae55008bec9e1736

SHA512
124f8bef314415e390a5906f9b98bc3c9619df6302e9a15881d82928d8a9fd00606e895ff1a3909e3a51354c2aa915b2aca91081d5de5320748c1754bb4aa112

Download Submit
C:\Program Files\MetaTrader 5\profiles\SymbolSets\forex.major.set
Filesize
64B

MD5
82aef6cfea3aeea241c6240f2ac9a779

SHA1
9e2a01aeed78c853915bd1d3a0df8a6188bd079e

SHA256
c5b114b137a44c5c93ad16c4befe696280ca069b4f4dd6ac7db2b66825ea4804

SHA512
ed3f38f5152e7f2fb71e479cd07e9a6f1cce0c62ec02ce05cd9bbc2bd67c4a22273d986f846e307261ccf7582ca60de5e65bb84efb24ea5a11ee27b22d6b0278

Download Submit
C:\Program Files\MetaTrader 5\profiles\Templates\ADX.tpl
Filesize
3KB

MD5
04fc692a8433953d5da484a7fce1293a

SHA1
664e5683afb88ff8227e1d01207f7ea84195cc64

SHA256
2e024d06758c05d7a2900f450e0456a696b4ec62c3684ed9b5983e6866516070

SHA512
b6ea72ca5ecd338a77db07a2312ec7725ed06c1be6f098f17edca5751053e27db9b24e58eb2e87767acbbcfdaf6256f9cf3a75c7f71374e07c59161ec9c831fa

Download Submit
C:\Program Files\MetaTrader 5\profiles\Templates\BollingerBands.tpl
Filesize
4KB

MD5
1f89f726613edeebe6201e1395e990ac

SHA1
f1d178204fa3ceea0f7efaf62ac54a46a38f6076

SHA256
71cecd467b9e7a0fe41723e815ceb00624ba1cee4d07102a0154096a50eb369f

SHA512
a3fc403ca0728d6da7ad838f746569eb0df838943d9d95db7dc31753a9bda0d855790803201af98eabd0aaa6de4a35178b846efb2ed1a408e02e06934c6992d1

Download Submit
C:\Program Files\MetaTrader 5\profiles\Templates\Momentum.tpl
Filesize
7KB

MD5
f35cf96f510f5a2775b0867e9a689934

SHA1
8272482322dcdfdae839939b8154bb4dbc06f81d

SHA256
f0fc8b8e4cb5de6b7b93ba356c4bac4e9b0d52cf589048e30aea39b9c0ea9845

SHA512
6f9b9522bdd324e0771152a94294e447adee403567bd4da775eadae865e59be1bade60d71376308df3a7f7009c80dc2e5379190d475f27a570c0e29f26d6fe6c

Download Submit
C:\Program Files\MetaTrader 5\terminal.ico
Filesize
149KB

MD5
5197541836c3544ad215e7d71f0c5089

SHA1
5c69b7edcf5e8caf19dd8366741ba7f658cccea8

SHA256
3d9217bef0605051de79de1dc59fa87065735666901e1b7bb3a81c0847a79216

SHA512
3f9999e8b817c5fc2788aa507bd0f22843d984956135ab4cb43aa3f97d0b594a103dd8fe289baae05ea94ee30a5368f6ba2693824d96a45fd22ac6108e920e90

Download Submit
C:\Program Files\MetaTrader 5\terminal64.exe
Filesize
75.7MB

MD5
1fc97f08d1ba9d854c87b7634318a148

SHA1
0d93187010ab3d0e432c48db771767a0996c3a1b

SHA256
61553a3c3a0d7eb53e88a901e1374fb3af50df2bfc894a45f30a8cb0943fe23c

SHA512
1e53ec38a4b058f74bd612b61e13e4cb3f2ff2db6c28a15fe8bae311c7ed4af16dbff516fcf11791d094c1bcb355d604dedf0530352e709f7543ee5454c6217f

Download Submit
C:\Program Files\MetaTrader 5\terminal64.exe
Filesize
75.7MB

MD5
1fc97f08d1ba9d854c87b7634318a148

SHA1
0d93187010ab3d0e432c48db771767a0996c3a1b

SHA256
61553a3c3a0d7eb53e88a901e1374fb3af50df2bfc894a45f30a8cb0943fe23c

SHA512
1e53ec38a4b058f74bd612b61e13e4cb3f2ff2db6c28a15fe8bae311c7ed4af16dbff516fcf11791d094c1bcb355d604dedf0530352e709f7543ee5454c6217f

Download Submit
C:\Program Files\MetaTrader 5\terminal64.exe
Filesize
75.7MB

MD5
1fc97f08d1ba9d854c87b7634318a148

SHA1
0d93187010ab3d0e432c48db771767a0996c3a1b

SHA256
61553a3c3a0d7eb53e88a901e1374fb3af50df2bfc894a45f30a8cb0943fe23c

SHA512
1e53ec38a4b058f74bd612b61e13e4cb3f2ff2db6c28a15fe8bae311c7ed4af16dbff516fcf11791d094c1bcb355d604dedf0530352e709f7543ee5454c6217f

Download Submit
C:\Program Files\MetaTrader 5\terminal64.exe
Filesize
75.7MB

MD5
1fc97f08d1ba9d854c87b7634318a148

SHA1
0d93187010ab3d0e432c48db771767a0996c3a1b

SHA256
61553a3c3a0d7eb53e88a901e1374fb3af50df2bfc894a45f30a8cb0943fe23c

SHA512
1e53ec38a4b058f74bd612b61e13e4cb3f2ff2db6c28a15fe8bae311c7ed4af16dbff516fcf11791d094c1bcb355d604dedf0530352e709f7543ee5454c6217f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
957B

MD5
56efb886d5c6250f06a3be7ac51681af

SHA1
962f6f6791bf98a3d8601ca9362bd72babdfd8e1

SHA256
88e09b5eac7bb6e7cbdde8134bd662fbabe447aaa22b60bafff454b178fab7d5

SHA512
6bf68c0b41327758a4feff7a726c0d45885719d086c9a9e133c410173ba45ee1ce4c871e42812b67dc7eab5f2e5e80d068a3c50249c9364fe443868c2d85e79b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
c37007453f349130cbb622cffcd5191b

SHA1
29cfd65ba9047f507aecd5f2b4a34cfd4c879cfa

SHA256
b7a5b9746a132fa8330fb7bbd24258f1a4ba7932cf10620de0f99cd0a8d1b6ca

SHA512
bc21d03bc138f0228f3951a3aaccee39bcf437b0327b14bcd1a65e00c63094e344c66b5a9c337bca92d9c2f4927617fffbb07cb0aaac4857da8f7a8cc554b386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
5555db6e504147f32bf814efa63d55f0

SHA1
0cc035f68322ca73f1f2327e7b85b8058f45711d

SHA256
e72fc378f4c8b9e876cf8bb7ca933d2b4ee972997ae48a96f8c8e26466985dca

SHA512
6b27e9a209642709977543f4c3bb5e63684b6ec1f00428e2c2f95ac5ca569eb2996f2954f9de10f3d9c761efc140d32cb6513511e67dce674ab3450b3edc62a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
9eed0c1c051effb71b8984bd05b5febd

SHA1
1c7114c88e6350a72aa821d66ad13009c64318d1

SHA256
e758935dffad55bf2f7ab9be3f71ca84ac4ad2ddcea6e48551ecb6f80cbb09d3

SHA512
9513c45bd8b94605ef464d85ca64a9dc41b160202242078b70dab11624ac55209e0b902a0f31712bad013be44380d04f8f3c22cc2c4faebceded6a78ee42dd89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
4b217157b9e766fdfcd27ae696bc0427

SHA1
6afd38a314ee880bdf3d6c3b526194bb7f658f43

SHA256
25e412842a1d946cb1f52ebb105dfcfea50c244df9097e43ddbaccdb1c7f9ae0

SHA512
1fb086782549553c1652fcc5141bc9f1a405d0b185bbf8c4e4871528021e1ab1e495ae90014fba7d877e4434fdd358cee18977c4b08c06bdcc10f857dd301be7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
174KB

MD5
66a8089d033d3b93084759f6de95610c

SHA1
471cd7186526cd5ee8b74d08793cc6d604a66ef8

SHA256
1d85bf817878f3f76c4bce4eb08a5d50ce36c5816de0f594985e4f30205ddc18

SHA512
e183994c6a5ef16e22cc0f15c56023270607192d6f83b2993dc0aee5e3432c4b4ccb59148b2b06a21e80fc9a607b6301aa6cfdb4485f197e9a4d7a076ad70b22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
113KB

MD5
dd992966669abbccaac96cb1dedb3ee0

SHA1
33d83c1e7cfbc574b3fd00612445b880594ea4d5

SHA256
f7e0ba208f4412365c7bc4cc20ef335823cd6e007b283ceb6bd5c8d3d83e6009

SHA512
85eeee05eb9538b359c6441d07b8f58ffb9f028feaeb3b36e8a68ae0be4f52246f02b08e5086dc533706f6b2b6ec83a1bf6c1c810729c94c09c468f612900bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5759c8.TMP
Filesize
106KB

MD5
d1a476a513297a4f410878d73e118ab0

SHA1
fef59395f10ffeafe82bd90b34450dc0881a1f6c

SHA256
12e5ab7657592542acf540fa37693f9076ebfdf4244fb43bbbaaef38cbe2fc4f

SHA512
c5de212cfe46fc39d9a2c62f463f2579e1c7bc2a0df2cfe772e68658cce865623242c8ea549dc074320ef64169bb4c8e6ef3e7a7d60c96876f17bb8c2f6a42d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
543ac3d8749b5c8b44aa102b2c67b47c

SHA1
8b9571c8bb197d8425aaf5933e047d07d5d2a710

SHA256
a0c40312f71b91cd01592cd9eeff5b9704d7ed97bbec7cfd4660065dd9a5e2ab

SHA512
6398537cc0d35e6f3d244d3d4264faa1593236fe09ba449886dba3636186134e05c926563232e3b6bbcc1755c9e4d99067a499f54f94c18fa2fd23d52f1ca8b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5875e7.TMP
Filesize
48B

MD5
9e1d6042958ebcc8ba8bf78cc804657d

SHA1
015dbc6a7ca753ea80f74d183c6e8841468bd159

SHA256
5aab947b5fedcb22b2ab856da784fbd0b0b83d25459964435bae429d103228fa

SHA512
99c01b3a2ba50f392ab40316d2da3a7c3309c389fbb1851a08ae7b954792639c5b87c9d35c1977cc9e5ce0b14565daed87393179aeff8da79241d54d0eb7bc56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
46018704c5299bff0f2c321a9b4cf2ee

SHA1
a5f3ec2308252886bbfb3a389a3f127c0e633c69

SHA256
273860e175e166db11f4d5c3395c18e1a2a21d797b2f683a9ecb877697fbedcd

SHA512
c70914cd1d8006fc161081d430a1882c9d5dcd57d334329711b0e7b0e4896d2ba030d0a8a01c4d86c7cca19ad6df6d6137ede078ba42e0819c4b4e69f400fdaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
180B

MD5
be69635bcac8c3f6195cc24092220097

SHA1
e900380eaa0fc9e8abd56c835afc05f3c8906549

SHA256
f51cdde30ff9f55ff2bae485dfda8b596d1065bc84a9f73f73e66b4da968b174

SHA512
637ea3e4e9d899623f4aa614f0c9535444043f2dbfa25043b635b64876fb68a5a96169a8a3157670c26a57a38496e71e7c28477c4609ac1791b38066a5d3e503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
9ff49c5738657abc37630873327c11d7

SHA1
f71b9e48e9515776e6c52a4fe3eafbac734376d5

SHA256
d1cf171c7f55b5b55b43dafc7a090b2b2f45a639f667da1d336e921143a2783a

SHA512
48738d7018bda79de0dbca8592c113244f10aab95aba7123e027af424f1d7708c8e8dce6af489a0b86204d3436788cdc952d61fe7c790fdf6d77f4f91e12de1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
90b4fc69fa86e178dd77e5582a9a1598

SHA1
2f869748ca685cbbc6668265db9c0e44b61b9643

SHA256
35b06abdab5c931d0f3ddded14bef38403459a7d195ca709132140e7c1b1cba9

SHA512
b381bdf8b70dcb84335dd7a7c85d4b3cf6a27065fe75297de2254cee9693b2ae951550762b208e04c168f9a6daa4202e6b70e566d1b90e722362e03905edcebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
75a0646923cec27362db28c4bd1d28f5

SHA1
926bb8b7de369d8f1fd20c46d72b07db2f6fb75e

SHA256
c706c48f0dc443f7abab483f886b03dc522f9734b23333cca7885f27cf4779b4

SHA512
d935fb620a11d9319bf5390f67b05d25a1f931dd5c23d3912c679d96492688712b41f8b86583d74e2adeac8f5401d9d12613149081afb83af54375743d5cc027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
b9abab5c69eba81bc44ab2bac19203bf

SHA1
6697846aca38852539ac0833c32f315c2c07e6c7

SHA256
58a9d7eec59f84bae890bc88eb91c054976da84ae7b19877a95c84a148350e60

SHA512
bd0aa69c56ef1dd1d9e05c6cdaba8370944b996b170b80d51665a28117ac004e0d2e4c2bc2e5acff251945b8c69ff9680c4ef4f0bc135d27b6de8eb3fa8d9b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
773461511927a4048e6b0b991976cdc0

SHA1
4aa35736f074dd95e0327676120aa5c31079532a

SHA256
706e49c5aec8a60c665acf8e56242705f8a4e7325cb1a27b6f61f8c1a54fa987

SHA512
d54033fad46f8d70c25ebecfcb3eccb5275da4f03e5cc7743a44a573ca8874c818b2dc79ce6e0d55047cfa117265f9caa08ed44ed191e15a58cd6ca9b5ce7f4f

Download Submit
C:\Users\Admin\AppData\Roaming\MetaQuotes\Terminal\Community\dns.dat
Filesize
13KB

MD5
9eba5a69558d8e858b95be6faa3ec558

SHA1
25362e8e9dc52bebb60f02ea1dfb4c2ad0cb917e

SHA256
148e33181250191c27b2ce0321e6269bbf950b7e807b3e5e86397ef29a621506

SHA512
8415b5c53b9e1e531ca7155b90ff8903b2d9598c12b3ffa02c4e7acc218b29b46a9ca130292d8afdef941b4db0916e0155f1610096c7117c4515faed15bff5b7

Download Submit
C:\Users\Admin\AppData\Roaming\MetaQuotes\Terminal\Community\mql5.community.dat
Filesize
5KB

MD5
5f4aca147d8ec06a0c964c06ff3d8b8c

SHA1
ed36db37069bd723f2c73454e93964f3c424eb0f

SHA256
3821d39abb2738e2810fc6aaed69718e531803d4fdcd0a416b7a44f96b7b6094

SHA512
f052953e69ba3f4e99f6dbafac79960f0dd236ad69b4a70b904d74e30e0dd7b2d0e78f46a51293306ff097d7d04f4397e4390a5d3eb7f502a0a6aff2154666f2

Download Submit
C:\Users\Admin\Downloads\mt5setup.exe
Filesize
3.3MB

MD5
df07c835750e3e3e5e574e59a80a4d46

SHA1
6fee65431e951fa05217003a0a74c6337e0ea57d

SHA256
ca873f05da9a5ce3ebe868a2c60c57d623db51b32f91719f0ac5573d38d4b026

SHA512
30af5d2382324302e1f9b42cfd3c99d4d53ec8dac3306ccbc4887c9a96bdbfaade86df83975a5caa1ffc98bb5226cd0845eabd46482ade12ff649fd9ae1474d9

Download Submit
C:\Users\Admin\Downloads\mt5setup.exe
Filesize
3.3MB

MD5
df07c835750e3e3e5e574e59a80a4d46

SHA1
6fee65431e951fa05217003a0a74c6337e0ea57d

SHA256
ca873f05da9a5ce3ebe868a2c60c57d623db51b32f91719f0ac5573d38d4b026

SHA512
30af5d2382324302e1f9b42cfd3c99d4d53ec8dac3306ccbc4887c9a96bdbfaade86df83975a5caa1ffc98bb5226cd0845eabd46482ade12ff649fd9ae1474d9

Download Submit
C:\Users\Admin\Downloads\mt5setup.exe
Filesize
3.3MB

MD5
df07c835750e3e3e5e574e59a80a4d46

SHA1
6fee65431e951fa05217003a0a74c6337e0ea57d

SHA256
ca873f05da9a5ce3ebe868a2c60c57d623db51b32f91719f0ac5573d38d4b026

SHA512
30af5d2382324302e1f9b42cfd3c99d4d53ec8dac3306ccbc4887c9a96bdbfaade86df83975a5caa1ffc98bb5226cd0845eabd46482ade12ff649fd9ae1474d9

Download Submit
\??\pipe\crashpad_4188_GEPCHABVPJHAERSH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2108-244-0x0000000002000000-0x000000000212A000-memory.dmp

Filesize
1.2MB

Download
memory/2108-290-0x0000000006A10000-0x0000000006A2D000-memory.dmp

Filesize
116KB

Download
memory/2108-273-0x0000000004EC0000-0x0000000004EEC000-memory.dmp

Filesize
176KB

Download
memory/2108-272-0x0000000005070000-0x0000000005800000-memory.dmp

Filesize
7.6MB

Download
memory/2108-271-0x0000000004E20000-0x0000000004EBE000-memory.dmp

Filesize
632KB

Download
memory/2108-269-0x0000000004D50000-0x0000000004D62000-memory.dmp

Filesize
72KB

Download
memory/2108-270-0x0000000004D90000-0x0000000004E13000-memory.dmp

Filesize
524KB

Download
memory/2108-267-0x0000000003740000-0x0000000003770000-memory.dmp

Filesize
192KB

Download
memory/2108-268-0x0000000004D30000-0x0000000004D42000-memory.dmp

Filesize
72KB

Download
memory/2108-266-0x0000000002F30000-0x0000000002F5C000-memory.dmp

Filesize
176KB

Download
memory/2108-241-0x0000000000A00000-0x0000000000A2B000-memory.dmp

Filesize
172KB

Download
memory/2108-264-0x00000000031D0000-0x0000000003525000-memory.dmp

Filesize
3.3MB

Download
memory/2108-263-0x0000000003030000-0x00000000030CD000-memory.dmp

Filesize
628KB

Download
memory/2108-262-0x00000000030D0000-0x00000000031D0000-memory.dmp

Filesize
1024KB

Download
memory/2108-261-0x0000000002F90000-0x000000000302B000-memory.dmp

Filesize
620KB

Download
memory/2108-260-0x00000000027C0000-0x000000000285E000-memory.dmp

Filesize
632KB

Download
memory/2108-259-0x00000000026B0000-0x00000000027BB000-memory.dmp

Filesize
1.0MB

Download
memory/2108-257-0x0000000002550000-0x000000000267A000-memory.dmp

Filesize
1.2MB

Download
memory/2108-258-0x0000000002680000-0x00000000026A2000-memory.dmp

Filesize
136KB

Download
memory/2108-255-0x0000000002D40000-0x0000000002EE9000-memory.dmp

Filesize
1.7MB

Download
memory/2108-254-0x0000000002200000-0x000000000220A000-memory.dmp

Filesize
40KB

Download
memory/2108-253-0x0000000002B50000-0x0000000002D34000-memory.dmp

Filesize
1.9MB

Download
memory/2108-252-0x00000000017B0000-0x00000000017BC000-memory.dmp

Filesize
48KB

Download
memory/2108-251-0x00000000028B0000-0x0000000002B4A000-memory.dmp

Filesize
2.6MB

Download
memory/2108-249-0x0000000002300000-0x0000000002456000-memory.dmp

Filesize
1.3MB

Download
memory/2108-250-0x00000000024F0000-0x0000000002550000-memory.dmp

Filesize
384KB

Download
memory/2108-248-0x0000000001780000-0x00000000017A7000-memory.dmp

Filesize
156KB

Download
memory/2108-247-0x0000000001720000-0x0000000001775000-memory.dmp

Filesize
340KB

Download
memory/2108-245-0x0000000002130000-0x00000000021FD000-memory.dmp

Filesize
820KB

Download
memory/2108-281-0x00000000062B0000-0x00000000062C9000-memory.dmp

Filesize
100KB

Download
memory/2108-288-0x00000000068C0000-0x00000000068F4000-memory.dmp

Filesize
208KB

Download
memory/2108-275-0x0000000004EF0000-0x0000000004F9D000-memory.dmp

Filesize
692KB

Download
memory/2108-265-0x0000000002EF0000-0x0000000002F21000-memory.dmp

Filesize
196KB

Download
memory/2108-240-0x00000000014C0000-0x0000000001661000-memory.dmp

Filesize
1.6MB

Download
memory/2108-239-0x0000000000EF0000-0x0000000000F5B000-memory.dmp

Filesize
428KB

Download
memory/2108-229-0x0000000000C20000-0x0000000000EE9000-memory.dmp

Filesize
2.8MB

Download
memory/2108-228-0x0000000000B60000-0x0000000000C1E000-memory.dmp

Filesize
760KB

Download
memory/2108-282-0x0000000006AD0000-0x0000000006B3A000-memory.dmp

Filesize
424KB

Download
memory/2108-283-0x0000000006B40000-0x0000000006C0C000-memory.dmp

Filesize
816KB

Download
memory/2108-285-0x0000000006C60000-0x0000000006C68000-memory.dmp

Filesize
32KB

Download
memory/2108-276-0x0000000005D50000-0x0000000005DF9000-memory.dmp

Filesize
676KB

Download
memory/2108-278-0x0000000005E00000-0x0000000005E92000-memory.dmp

Filesize
584KB

Download
memory/2108-284-0x0000000006C10000-0x0000000006C4B000-memory.dmp

Filesize
236KB

Download
memory/2108-280-0x00000000061A0000-0x00000000062AB000-memory.dmp

Filesize
1.0MB

Download
memory/2108-277-0x0000000004FE0000-0x0000000004FF1000-memory.dmp

Filesize
68KB

Download
memory/2108-303-0x000000000D160000-0x000000000D259000-memory.dmp

Filesize
996KB

Download
memory/2108-302-0x000000000D0B0000-0x000000000D15C000-memory.dmp

Filesize
688KB

Download
memory/2108-301-0x0000000007D40000-0x0000000007D4D000-memory.dmp

Filesize
52KB

Download
memory/2108-300-0x00000000080E0000-0x0000000008106000-memory.dmp

Filesize
152KB

Download
memory/2108-295-0x0000000006CA0000-0x0000000006CBF000-memory.dmp

Filesize
124KB

Download
memory/2108-298-0x0000000008070000-0x00000000080AB000-memory.dmp

Filesize
236KB

Download
memory/2108-299-0x00000000080B0000-0x00000000080D7000-memory.dmp

Filesize
156KB

Download
memory/2108-297-0x0000000007D70000-0x0000000007D85000-memory.dmp

Filesize
84KB

Download
memory/2108-279-0x0000000005030000-0x0000000005044000-memory.dmp

Filesize
80KB

Download
memory/2108-296-0x0000000007A60000-0x0000000007A91000-memory.dmp

Filesize
196KB

Download
memory/2108-294-0x0000000006C70000-0x0000000006C93000-memory.dmp

Filesize
140KB

Download
memory/2108-293-0x0000000007FD0000-0x0000000008061000-memory.dmp

Filesize
580KB

Download
memory/2108-292-0x0000000006A40000-0x0000000006ABF000-memory.dmp

Filesize
508KB

Download
memory/2108-291-0x0000000007DB0000-0x0000000007EC5000-memory.dmp

Filesize
1.1MB

Download
memory/2108-242-0x0000000001670000-0x000000000171C000-memory.dmp

Filesize
688KB

Download
memory/2108-289-0x0000000006900000-0x000000000690C000-memory.dmp

Filesize
48KB

Download
memory/2108-243-0x00000000018C0000-0x0000000001FFF000-memory.dmp

Filesize
7.2MB

Download
memory/2108-287-0x00000000067E0000-0x00000000067F8000-memory.dmp

Filesize
96KB

Download
memory/2108-286-0x00000000066D0000-0x00000000066DA000-memory.dmp

Filesize
40KB

Download