hxxps://download[.]mql5[.]com/cdn/web/metaquotes[.]software[.]corp/mt5/mt5setup[.]exe?utm_source=www[.]metatrader4[.]com&utm_campaign=download

Analysis

max time kernel
174s
max time network
177s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
03-04-2023 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download.mql5.com/cdn/web/metaquotes.software.corp/mt5/mt5setup.exe?utm_source=www.metatrader4.com&utm_campaign=download

Score

8^/10

bootkit discovery evasion persistence trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 3 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

terminal64.exemt5setup.exeterminal64.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	mt5setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	terminal64.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

mt5setup.exeterminal64.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation	mt5setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation	terminal64.exe

Executes dropped EXE 4 IoCs

Processes:

mt5setup.exeterminal64.exeterminal64.exemetaeditor64.exe

pid process

744 mt5setup.exe
4276 terminal64.exe
4028 terminal64.exe
4144 metaeditor64.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
744	mt5setup.exe
4276	terminal64.exe
4028	terminal64.exe
4144	metaeditor64.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

terminal64.exeterminal64.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	terminal64.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	terminal64.exe

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

terminal64.exemetaeditor64.exemt5setup.exeterminal64.exe

description	ioc	process
File opened for modification	\??\PHYSICALDRIVE0	terminal64.exe
File opened for modification	\??\PHYSICALDRIVE0	metaeditor64.exe
File opened for modification	\??\PHYSICALDRIVE0	mt5setup.exe
File opened for modification	\??\PHYSICALDRIVE0	terminal64.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs

Processes:

terminal64.exeterminal64.exemetaeditor64.exe

pid process

4276 terminal64.exe
4276 terminal64.exe
4028 terminal64.exe
4028 terminal64.exe
4144 metaeditor64.exe
4144 metaeditor64.exe

Drops file in Program Files directory 64 IoCs

Processes:

mt5setup.exeterminal64.exemetaeditor64.exe

description	ioc	process
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\1.welcome.japanese.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Indicators\Trend.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\Remnant 3D\Shaders\vertex.hlsl	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\2.signals.chinese (simplified).welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\5.freelance.chinese (simplified).welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Expert\Expert.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Files\FileTxt.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\bases\dns.dat	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\Accelerator.ex5	metaeditor64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\History\EURUSD\2021.hcc	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\7.risk-warning.japanese.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Controls\res\ThumbVert.bmp	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\1.welcome.hungarian.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\6.virtualhosting.italian.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\7.risk-warning.turkish.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\MACD.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\OpenCL\Double\Wavelet.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\UnitTests\Alglib\TestInterfaces.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\Bears.ex5	metaeditor64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Experts\Examples\Correlation Matrix 3D\Correlation Matrix 3D.mqproj	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Controls\res\Left.bmp	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Math\Stat\Gamma.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\ATR.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\Momentum.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\OsMA.ex5	metaeditor64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\Canvas\CanvasSample.ex5	metaeditor64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\History\GBPUSD\2021.hcc	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\2.signals.hungarian.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\5.freelance.indonesian.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Profiles\Charts\Default\chart02.chr	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Experts\Examples\Math 3D\Sets\DoubleScrew.set	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\ZigzagColor.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\DPO.ex5	metaeditor64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\2.signals.vietnamese.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\6.virtualhosting.uzbek.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Profiles\Charts\British Pound\chart01.chr	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Controls\res\DropOff.bmp	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Math\Stat\Geometric.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\AD.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\Fractals.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\OrderInfo\OrderInfoSample.ex5	metaeditor64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\5.freelance.greek.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Expert\Money\MoneySizeOptimized.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\Bulls.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\Panels\ChartPanel\ChartPanel.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Scripts\Examples\Canvas\Charts\HistogramChartSample.ex5	metaeditor64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\1.welcome.russian.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\1.welcome.turkish.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\6.virtualhosting.malay.welcome	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\Profiles\SymbolSets\forex.all.set	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\WinAPI\wingdi.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\bases\MetaQuotes-Demo\history\USDJPY\2023.hcc	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Profiles\Charts\Euro\chart03.chr	mt5setup.exe
File created	C:\Program Files\MetaTrader 5\checkwritepermissions.test	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Profiles\Charts\Market Overview\chart02.chr	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\CHO.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Indicators\Examples\ColorCandlesDaily.mq5	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Experts\Examples\Math 3D Morpher\Math 3D Morpher.ex5	metaeditor64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\6.virtualhosting.default.welcome	mt5setup.exe
File opened for modification	C:\Program Files\MetaTrader 5\MQL5\Profiles\Charts\British Pound\chart01.chr	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Canvas\DX\DXObjectBase.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Generic\HashSet.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\MQL5\Include\Math\Fuzzy\fuzzyrule.mqh	terminal64.exe
File created	C:\Program Files\MetaTrader 5\Bases\Default\Mail\5.freelance.spanish.welcome	mt5setup.exe

Drops file in Windows directory 6 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exemetaeditor64.exeterminal64.exeMicrosoftEdge.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\	metaeditor64.exe
File opened for modification	C:\Windows\	terminal64.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

mt5setup.exeterminal64.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	mt5setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	mt5setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	terminal64.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

mt5setup.exeterminal64.exeterminal64.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	mt5setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	mt5setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	terminal64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	terminal64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	terminal64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	mt5setup.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

Processes:

terminal64.exeMicrosoftEdge.exebrowser_broker.exeMicrosoftEdgeCP.exeterminal64.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\terminal64.exe = "11000"	terminal64.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	terminal64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	terminal64.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133250193824770826"	chrome.exe

Modifies registry class 64 IoCs

Processes:

terminal64.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mq5	terminal64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 010000008d70af1b1dc1a498ebcad73c76b8f5fd65cda674a2fae258e22ef02f545e73c90e6c2963526d3bdda4e602eebb066d02fa012d602cfdcde5bc468bf10fb778456a8179b6cace9a6ffee2d8efc0b2a5b41c1f3c740145a32c028f6778687decee074f541cb104e2c5a65f9d420edbb1f099c56085f8f13e85dba8974232d0ddae2d768ea43c30624c0ffe9e2d96a065680195532fc023f3fcea33bc825dd0e7e714966c4cca70fdb44c5dad84282385565a2df7c6cdfa638818cf1481069d3645ca4e9b76e1e52492681d5078c082c7fe902e3dd61696a78afe1b1a0e7b57d26bd440b7f156b0b643c5de492c6bdf50fd7839b02c181799a87bb9bd05521eae70cd0b1e8d5cefde33af40acd3c2586168d1eceb7dda9c36ec0c4852e02d123e1f9b4f5b42cdc3ab61b0e396ad5d0f69bf64e9f58cdb47f23aaa67135601539d13a2ace3e8d14c64428c679e70a722a3ac12ce29ef2437ef1801b8fc131901b4a3a3c22f7d7bab71e76a6decc535b35797bc3c26585d8c68be69dad877003c17951e316cfa09fef67f2c93c1d0abe046ff43d48c780e66a47b8e1812031c670afc6cf66e9ff702	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ex5\ = "EX5.File"	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\shell	terminal64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File\ = "MQL5 Source File"	terminal64.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar\WebBrowser	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "71"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "99"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = c7407ea65a45d901	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EX5.File\shell\open\command\ = "C:\\Program Files\\MetaTrader 5\\terminal64.exe /ex5:\"%1\""	terminal64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension = "{771D2B26-1DA3-4DE8-9780-80ACDECE3832}"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mql5.com\ = "71"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mql5.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header\shell\open\command	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header\shell\open	terminal64.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.File	terminal64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mql5.com\Total = "27"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mql5.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MetaTrader 5 Export File\DefaultIcon	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mq5\ShellNew\NullFile	terminal64.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\MigrationTime = c7407ea65a45d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mq5\ = "MQL5.File"	terminal64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MQL5.Header\shell\open\command\ = "C:\\Program Files\\MetaTrader 5\\metaeditor64.exe \"%1\""	terminal64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mql5buy\shell\open	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mq5\ShellNew	terminal64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "176"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\AllowInPrivate	MicrosoftEdge.exe

Modifies system certificate store 2 TTPs 7 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

mt5setup.exeterminal64.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	mt5setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	terminal64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	terminal64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	terminal64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	mt5setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	mt5setup.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

chrome.exeterminal64.exeterminal64.exemetaeditor64.exechrome.exe

pid	process
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
4276	terminal64.exe
4276	terminal64.exe
1644	chrome.exe
1644	chrome.exe
4028	terminal64.exe
4028	terminal64.exe
4144	metaeditor64.exe
4144	metaeditor64.exe
5796	chrome.exe
5796	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

terminal64.exe

pid process

4028 terminal64.exe
Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

3992 MicrosoftEdgeCP.exe
3992 MicrosoftEdgeCP.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

1644 chrome.exe
1644 chrome.exe

pid	process
4028	terminal64.exe

pid	process
3992	MicrosoftEdgeCP.exe
3992	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe

Suspicious use of FindShellTrayWindow 49 IoCs

Processes:

chrome.exe

pid	process
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe

Suspicious use of SetWindowsHookEx 60 IoCs

Processes:

terminal64.exeMicrosoftEdge.exeterminal64.exeMicrosoftEdgeCP.exemetaeditor64.exe

pid	process
4276	terminal64.exe
3612	MicrosoftEdge.exe
4028	terminal64.exe
3992	MicrosoftEdgeCP.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
3992	MicrosoftEdgeCP.exe
4028	terminal64.exe
4028	terminal64.exe
4028	terminal64.exe
4144	metaeditor64.exe
4028	terminal64.exe
4028	terminal64.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1644 wrote to memory of 3704	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3704	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2084	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2012	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2012	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2516	1644	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://download.mql5.com/cdn/web/metaquotes.software.corp/mt5/mt5setup.exe?utm_source=www.metatrader4.com&utm_campaign=download
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc51a09758,0x7ffc51a09768,0x7ffc51a09778
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:2
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5228 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5228 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5452 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:8
  2⤵
  PID:812
- C:\Users\Admin\Downloads\mt5setup.exe
  "C:\Users\Admin\Downloads\mt5setup.exe"
  2⤵
  - Checks BIOS information in registry
  - Checks computer location settings
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies system certificate store
  PID:744
- - C:\Program Files\MetaTrader 5\terminal64.exe
    "C:\Program Files\MetaTrader 5\terminal64.exe" /install
    3⤵
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4276
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe" "C:\Program Files\MetaTrader 5\terminal64.exe"
    3⤵
    PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 --field-trial-handle=1800,i,1428060477827295380,15111659426238952540,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5796

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3640

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3612

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1828

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3020
- C:\Program Files\MetaTrader 5\terminal64.exe
  "C:\Program Files\MetaTrader 5\terminal64.exe"
  2⤵
  - Checks BIOS information in registry
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4028
- - C:\Program Files\MetaTrader 5\metaeditor64.exe
    "C:\Program Files\MetaTrader 5\metaeditor64.exe" /portable /compile:"C:\Program Files\MetaTrader 5\MQL5" /inc:"C:\Program Files\MetaTrader 5\MQL5" /time:0 /flg:0 /stop:se5300_240632187
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4144

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:3992

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
PID:2624

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xf8
1⤵
PID:5008

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5368

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5560

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\MetaTrader 5\Bases\Default\Mail\mail-0.dat

Filesize
22KB

MD5
ec89e16131577351d8d4d4b131b3183f

SHA1
08ed9d7b35681af1562a4f0df9ef9eba192710e2

SHA256
df71ac142997d6c17124aa5c25d764471cbd82761758112f59831646b4bb05cb

SHA512
cb19d97bbfa9a75acc74b7c994a8393c21a47aa17387ecf04eb11699aed0025b22075ba231967bad2c856e54290bc3351eeacd13f81e75d9dae218339bed0fce

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\Mail\mail-5011994650.dat

Filesize
22KB

MD5
3666326fc0c7928f3d6834aee4f1c344

SHA1
81c61ac0c6683cdf3b36f091d582e5f0baacae40

SHA256
525b3be0eeced8444c1081e316dadadd2282db9228361e291089ec49371bec48

SHA512
c094bb22e490cafd5507667e5a6c1ae834dbb2bafc89f11bfdbd5a6bc5a87674ca8ebb402fd5f6dd1f6db799f3d93ff51389b8acb92687770762c6598f52869d

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\1.welcome.english.welcome

Filesize
10KB

MD5
0e91b8022d0831e85836f7e0a037ffd8

SHA1
684fe5d6dccabd0845929137aab92d8d4dbc9bd1

SHA256
f37218b1a6c40fdbbf5dae0d3fac2aa8476ef693550c1f977880cdc5e7e99e2b

SHA512
355e87ff9fdfd3b71bf37e2722a1421fd8352d8726856a2d5579c4c77aff95111bb7cd34a40dd43f007440bd834c53fdcdabcafea0f771458f764497d232288b

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\2.signals.english.welcome

Filesize
8KB

MD5
34fa0ab9072cf6ab1fafe19899a5b537

SHA1
4367430bac684dfe5bf542ca0d5a403dba759eec

SHA256
606facecb2d62b921e69e3ca0e6f078b086162bbe5f2f84062aff44de22f1c9c

SHA512
2c6dd2b9460f4abc405f4476d5bed8e67cf8d59d21075deaceac5df4c61fffeb7f90dcaf350ef054fcc75c28dc130f1189ff43c065d3fa66b640fc6332e324ee

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\3.market.english.welcome

Filesize
8KB

MD5
e127a5f0fc6f6075239024a2331bdb9c

SHA1
ca5da0d65e15aa080bf97870b3e0ef3b8b16eb37

SHA256
d4f18c75a42bb37af1c048a6917ed2d407bf30f5693c5ddff76193b8256a846b

SHA512
802b33f8663dfaa8bddec7c4c2be0ca75bc309e2bef5f2984af8885ecd20392d52fcf4add32ddc9c97614fa63b2cc5d2f08f23969f9e2abbd52ae995952c10b4

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\4.mobile.english.welcome

Filesize
8KB

MD5
ac4df097a953b04a6070fcf5e373dd46

SHA1
f8f868e6b765350a4faea6991e046a10fb0ccfe2

SHA256
a78107df49d95e8727fc8482711d217cd4930533571c2f9777b866c60f631ea4

SHA512
8174b483c61690eb0ae623bdfb94f1431c693675effc662ca83e1f047d03fa3b6738175793b1981011d30d47770a17e6d401a1d6a591d51eddcc93c3e9acd2d9

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\5.freelance.english.welcome

Filesize
8KB

MD5
7f3cd66e5646b6ca3a953291d95e2829

SHA1
b5dc498474b0fb06568b0bba7b73012a40368056

SHA256
ecba047f70b7e741e1b6e8d95894953f1f9676f3eef45c76b0db2850d4dae19d

SHA512
15b9b2686ae5d33027cf4e0fd54514a2e146248b7c2b7f956bba328b7f91c13c1131087be370b5e6ed5a4736283bbb0217f7176d2b830e0bd8a4996390e40233

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\6.virtualhosting.english.welcome

Filesize
9KB

MD5
710186c29dc07cea41f274fb2ac296de

SHA1
9f98ebe4f05847f1d38f5e3e68eb3555401e2325

SHA256
cbb50ea59ec71285dab14d71392b3ed807a13660e21496627cc6da0878b5d2be

SHA512
accfdd68e63b723693192709743e8694f1a9c19006598b6dbe482c4a8cd3ea36d531c2fe84a2f8f6b56cba5a51e4c1876ca02e34244e2783bfeed9f556e7e6bf

Download Submit
C:\Program Files\MetaTrader 5\Bases\Default\mail\7.risk-warning.english.welcome

Filesize
9KB

MD5
59f014c5c4de767f5ee2ebca8f38c105

SHA1
cff6228b59c398c2c728e16904fbba413917a5cb

SHA256
4e7f56e2e8e3862859d6cece476130f8b517caa98098960f3abe96ef75e07afe

SHA512
17e3f8bdfc953ffa99bb006c5b76a5e2da24743fcaff2d50b186d32c2d2edaf1693793d1a08b05e0c603d9ff2cedf524cb58bf58a06abbba232166a811ab9fbc

Download Submit
C:\Program Files\MetaTrader 5\Bases\MetaQuotes-Demo\symbols\selected-5011994650.dat

Filesize
11KB

MD5
6d74ab180772ab01acef226aa2a63de0

SHA1
bf2c86e38e4897b88d54185394ca68f6525ae8cc

SHA256
445de0cfefb1376ea7e7dea0dc7f7d2473214b177159ddd5de8aa3230e9d73fb

SHA512
56b7bc75ef4f978df0a25f3bcbb8fe1965d85c00ecf0753ff7828cc7468ce55f5a5acba5dd2441843e78ba4ce1542903389e60884c25f4f26a96504f3a9ed7d9

Download Submit
C:\Program Files\MetaTrader 5\Config\common.ini

Filesize
246B

MD5
7bda4d8ea536336307e1eeb9b113c148

SHA1
86e1b51b58e848fdb65a7bb50516f87dc4ab5fc2

SHA256
2b3d5a634c91b5039b6e709b70c5d3e0f6fceeaa62da29f437c02f5f737d2f74

SHA512
8351850a1716c977463b8bd0936f7a2ca447e6d2d3fc3808f9a6fa0d61eaab84ffe8ad4f826f82d3cf25ebce656644eb7cd63730ec8c4c78ec961a89fa92777d

Download Submit
C:\Program Files\MetaTrader 5\Config\common.ini

Filesize
590B

MD5
9c27f9bda47c052118fce0933f9a44a3

SHA1
447e23ec72758cf2e91702205fb75a59d3c15a2c

SHA256
37561e5ef0ae007acd80c55290bdfa074b7fd5417e20c1281607696cff782e1c

SHA512
9328d04db9ef59d65ecc579876dc9b2515d7cbb19857c80ca9e8b8f78e801f048c547114638664dbf28797e0d70e550977946ad3ca81ba055a373465c067c967

Download Submit
C:\Program Files\MetaTrader 5\Config\common.ini

Filesize
1KB

MD5
768d7a1b17b7996d3b75e945246db9fb

SHA1
6f320335f651d060d9533fec34f891ff4dd0ea2b

SHA256
6f281e1d26bfc52e0f4e1f97702c2d43972b4cf33d23fc06dd605d2a789e0985

SHA512
497a89aa816d26551909c142c571658ead42fd871b4237401352f95573275a2eee61a9572f10bea76a071e79f38eaa4965c51bac38f61d0c126540c85a139532

Download Submit
C:\Program Files\MetaTrader 5\Config\terminal.ini

Filesize
8KB

MD5
4c7cc064bf7dc19406274350ae28f86d

SHA1
59f856f89e0c8c7c56389ff3bd5aa8d14bae5a1c

SHA256
91728337aa3c883c64f7d7d5e19dc994e341d33b7f0d4744b0c42460dd0853fb

SHA512
a5366872ae68bcf1c24f418c87f73e06153ff2df97f60df6a42055b1e07e72c63bf57a1acb3d6ee9ff2b75423f2e1355f0beb2ecdb1188b9450caf74d8b44220

Download Submit
C:\Program Files\MetaTrader 5\Config\terminal.ini

Filesize
8KB

MD5
47dfb7e31ff611894d3d9fb4bbcd0adc

SHA1
463df32842188752e4caa2a48afec315f2223b4c

SHA256
a6bb8b94ef2870d5e2c35f6c4f4312a1381f26f9f7bbca65f54db9b409d71779

SHA512
d57a985268c063806bf61614e214a5d4d91971dcd06d501be1319ec55caf27f00ff7b6ddec3214906ff813a432e3966979665b53a466e4456c8d55c4b530f940

Download Submit
C:\Program Files\MetaTrader 5\Config\terminal.ini

Filesize
8KB

MD5
edc59ff5b8b1c7b197093390aa008a5d

SHA1
d1163025c2da69ad131e1ada906678bfa9adc3a2

SHA256
a41795fb73cfca578db5461c53ce701c3aff72a693ec3e58dd95752e345ace29

SHA512
f37247f812aa99e81c418c84c49b9ee2551d7525e496458036ce10ff16526f092a0cd2da6fe6b072b259a48955deb931610aa89de74f8a57c5062f2041daf32f

Download Submit
C:\Program Files\MetaTrader 5\MetaEditor64.exe

Filesize
48.4MB

MD5
757c87197eb8ea9e14e2d2237d916f82

SHA1
be5e64a323770fef9dc6b340becbc73d8385ca98

SHA256
c3a4a0ec2dff5a2493f67ffbf000aa714dad48d78e02c380eb4f405ce65f17e7

SHA512
412ae8b6c8f3803470cddf25bf50e5d9694f46b364b312591d28d97555225540733da2a370c813399d7201cbc040cee8e06c37789717bf8db088ff807098768b

Download Submit
C:\Program Files\MetaTrader 5\bases\Default\history\EURUSD\2021.hcc

Filesize
6.4MB

MD5
7b505a138fe4716b6f83a15c4ec5958c

SHA1
63546469bb93c1c919aa48a1244602f2de5809a6

SHA256
73ca5ca233bdd6af686e4a3d5f4f78cffb2dff510e847428668dcdf7f7d309d9

SHA512
d6f9f0b1ac17bee5d3c35338f473d444980e9cc78485a5a3c220f27022cc038e13dabf161d194a89bb97490f4df6e804f67967db47a6ab725265d47bb04c9c94

Download Submit
C:\Program Files\MetaTrader 5\bases\Default\history\GBPUSD\2021.hcc

Filesize
4.4MB

MD5
8ccc7a95de60eb04b0c4d4504f9e849f

SHA1
6115904fee80ae130028061c855013d17a44784b

SHA256
2a22cc257cc3a184f1c3988e2b4db8cc4f39b86a997fc6bc3f2097dc97261bdf

SHA512
d754401a0dfc1d3fb058c9359db1ca1b3f77da5034f656d4c29670d2db0347a2f5cab3905912e6e85250f28ae4c1f7e7457b270da2f4cf1ab5fb6fd570e597d3

Download Submit
C:\Program Files\MetaTrader 5\bases\Default\symbols\selected-0.dat

Filesize
11KB

MD5
6d74ab180772ab01acef226aa2a63de0

SHA1
bf2c86e38e4897b88d54185394ca68f6525ae8cc

SHA256
445de0cfefb1376ea7e7dea0dc7f7d2473214b177159ddd5de8aa3230e9d73fb

SHA512
56b7bc75ef4f978df0a25f3bcbb8fe1965d85c00ecf0753ff7828cc7468ce55f5a5acba5dd2441843e78ba4ce1542903389e60884c25f4f26a96504f3a9ed7d9

Download Submit
C:\Program Files\MetaTrader 5\bases\Default\symbols\symbols-0.dat

Filesize
24KB

MD5
c9688f0b21a99019600ed62a855d0516

SHA1
096b1a329f6bf6ed63027af974827e749e5aa564

SHA256
cbfdb00cb0793b2c54efa316cea61b0b2bb12adaf3875ee0cfdba8e56c7d3003

SHA512
4c2f57e5ca1921906484757ad4c7d9e95d11937b1159bb3cb2e251164980ecef28d7338c70ff86a4d12adfe264a482ebde625a7152b33682874d500c1c43b527

Download Submit
C:\Program Files\MetaTrader 5\config\servers.dat

Filesize
8KB

MD5
de0c6b5c1bea485912d9026d95eab367

SHA1
e60c0dfd1aef6735f8630da2f25aa77a8267db4d

SHA256
d27ed475cf6304b913da0bf58c282c6099a288db9e3ed7a48c76cd016a741fe3

SHA512
8528e04fdaf90a5e029d56159bf6a57a2b13a6e505cc67e55514c02d0d6ea99f3ed23489624051a70de4e102f2cde799655b005cabd250bf03712e69c64d60da

Download Submit
C:\Program Files\MetaTrader 5\config\settings.ini

Filesize
5KB

MD5
0608746082f796f2a0f64ac0627ff6a6

SHA1
b7772325420b2b2892d8588643d97fa54ca8b782

SHA256
cdc08e1576a1da6d0b2c8957a924bcc5da664a449faac6e126bc807f9ebc4e29

SHA512
c40230af937919164af3732f080a2a988e86460bfdb8c383aa72ef88c899e142656e62de747718c07fc317af65969219e81942fb44dc52e41cf3de7c350e7c46

Download Submit
C:\Program Files\MetaTrader 5\config\terminal.lic

Filesize
37KB

MD5
bd2186aa431ba2bb586e254b0f0844d6

SHA1
e07dfb358b047365212ba0105ffb10d966f0f370

SHA256
91df59227516a3245a5d92bafcfb8fe30ac5319265fddfad30dd43a7da348c68

SHA512
0f1fd24fd24188f14b1be15703acd3e8cd504ef4d22dd70283e7a927aa9ea34f1f73301d6a5dfd0a6bcfe0ecf2756a8a29c32fa151badab5560a8cafcb741590

Download Submit
C:\Program Files\MetaTrader 5\logs\20230403.log

Filesize
432B

MD5
227308af197beb70947406cd281657ab

SHA1
248d9f91177f3ab4e5c92e6e41693c656a45cc4d

SHA256
a4762d27ffe1e8ae22cab0d12db1b73423ad6b1211324e9f26dd91148d5ebf6d

SHA512
b2ec9a55ae8e6ca1b2837db5140303370bfddc9636bee8a4939bec5799702f96c45db62c172232cd6922bfe9bb4136be34845a762340e0bcf083188417e24a50

Download Submit
C:\Program Files\MetaTrader 5\metaeditor64.exe

Filesize
48.4MB

MD5
757c87197eb8ea9e14e2d2237d916f82

SHA1
be5e64a323770fef9dc6b340becbc73d8385ca98

SHA256
c3a4a0ec2dff5a2493f67ffbf000aa714dad48d78e02c380eb4f405ce65f17e7

SHA512
412ae8b6c8f3803470cddf25bf50e5d9694f46b364b312591d28d97555225540733da2a370c813399d7201cbc040cee8e06c37789717bf8db088ff807098768b

Download Submit
C:\Program Files\MetaTrader 5\metatester64.exe

Filesize
24.5MB

MD5
828286c748e600e7346feaee0759442e

SHA1
733ecbf03998e2198a51e76c15ffe687a7177461

SHA256
c3df9cfc8c0fbc8b132626275ebdcba00578b758590acfc57505ad91f4522874

SHA512
713cdd5a70e20e73907d00f13b1442f25458541f8cf06e4b0cf420b281829f6600ead95869efa775fc073fdd2d13b10a7f81737c242a79fb07686e2723c12813

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\chart01.chr

Filesize
4KB

MD5
b2cfa6007c87e8d2a840ca0f0e77ac33

SHA1
48e343fa5924c1561390ba8f79ac46371f53c3f5

SHA256
074c0cdb0d67bb4f343ba87e605124cc097016f77afc3e208f5765bcb8788906

SHA512
7d6536d329e91ca58347885a5244d408deb2ce604cbc09a9c691ab35f02cbc49923e7cd1a5122bbe78d5bd8d8261428a9eee5ad1e3743f1ad8a9e3bcb7ec2b30

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\chart02.chr

Filesize
4KB

MD5
31c047d58884c871c2e1252fa927532d

SHA1
8dcd59b06b0488f9d4e7d056e82180b619f75f8d

SHA256
62f347bfa85e9d8974a5bf0c8feb81f7cf8a5757be3fef5190c4ced757256aff

SHA512
e281466a544b4c6415f501249d18142cd35936339f475bd64b10275d94824c8fa6f7def82487ca0f2d570b4efc9d01bf3b1e6fa963419df65fc3bced29de7ae4

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\chart03.chr

Filesize
4KB

MD5
112922787ad3fa848865605831b81884

SHA1
e445f0bdbb629ebf34499a516c43562cc12c857f

SHA256
91ef37d31e90242d34c5844b42c6d50214efa91f402268be5462028f52d356b2

SHA512
e28db5da3b6c1e0a4880795a61cff8efee568e96d609e1e118d361deadc4169001767d9167abdb649a5cbaa7e7c277460e8a8df7017506dd0ec97429c58e1c44

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\chart04.chr

Filesize
4KB

MD5
11ee1f515055e93f0e810f5228050b36

SHA1
ec151685a379dfe8531a230beeeb679f2f9a9920

SHA256
c86795c22143cb9bf82790233cceba70ae966c2a9ca0f679634ac4cdb847d32c

SHA512
2a36ae76c37dda43339a43dd951d7df6580a2bf369531518cf69a48fcfce3ba59005e3d0921b4e6e65cd09ea3854ec223d66a5dffeb10761764dbcc6aa62d2a7

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\British Pound\order.wnd

Filesize
106B

MD5
e6b06f612a351deaa8cda0836b25a4ce

SHA1
4739f8cecd1d075689730cfbc9140b13681832ff

SHA256
bb2aae933928e009b82803d3ce2a3aa464861cf5c51e9a9af1cb25fc5923ee11

SHA512
1f7a5c137fea0cd56b2c5676b6a038c15795f09fdff5efd50d9ed11ea102517fd4d5df5d7f1aedf2ecdd3e2a92e459b640f57eecaa5150ee759026aff273ab39

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\chart01.chr

Filesize
2KB

MD5
cbcb207b4eca61983c2bc6be8fa2cb6b

SHA1
a7c6fda5154230e176b2efd94078dc8e4b2c97f5

SHA256
ecd135cab470d4a90979027d44b73ad512039187fd19ed69ff7372a52b27b766

SHA512
00db4573d986f7ffacc792ea28d5c548a14c9eff85b33722c144b6dba1b41af50e7cbbd33b25bb8536ed40716c70421112d4a0b9c394f7759e6aaf9287d769a2

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\chart02.chr

Filesize
2KB

MD5
c6dbfbb29c324c008696d1f044042bd4

SHA1
d9e2f67944be3a6b904c6a66599eb13ba34199a0

SHA256
dae31e1135021dfb18e71fa94dd42c7c4a231a302238db84e36afeb8d1eec08b

SHA512
449cc241f5f480b38e89a6e84b9611f338d279952195a3a7805ed0eb30e922eabdfa1ea7b4466680e88f173a808d45b50d1e99e076267cde1a0471533ab5c0fd

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\chart03.chr

Filesize
3KB

MD5
c83dff4b48cd69721ae542f1deb6bef3

SHA1
edc884426ebdc9f7cab0d046b0547b80ebfbba63

SHA256
7b341556d2e6d41c34583479d01bc6142c97b740fd205409f88c9a7eeca12e4f

SHA512
448df704047cb145d3b91e8cb5a2cc4f6f65f26cd943ee23c28e489435b781f6c1c37ebbe53f75a97129a808cd1ed0332e788e38d646852b2c682006ac589d7c

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\chart04.chr

Filesize
2KB

MD5
10b587d941321e1ca2b37027d96adbdd

SHA1
284e2b33c5d953d9449ad380969e09d7a42ec08b

SHA256
5b99490c026f03727d529803079d5457bfbf02573f880e334fb8191e45c7a8b0

SHA512
f774d21cde508076a53d28b3357ff9ae622b3171b08b85e918a83c87e29b18d3b2f4ff6f092bbc351f9132d0fa4d3ccff2ed2a61b6ff0640c7a80d94d82433e4

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Default\order.wnd

Filesize
106B

MD5
71cf7ef63820a018a5fe3eeb974a64b4

SHA1
7bb5057c3d259da7f59d3cce99ac5bd44fde097d

SHA256
51b82b4d0db003a43f32b8719e50a0412b55efe52887b7df76d7a27a0703244d

SHA512
0452e3659fd9f1cc557ed9c4633c7cace04ea3dbeac098def8a97db38a91a1e858327fd009245e10e8ed25baa65885c03636f29a085a605c2d44da1fc201a507

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\chart01.chr

Filesize
4KB

MD5
6336e04febd73bd5260a2d974817a9cd

SHA1
774e1beed401346784f4a63e8d30adffc697bf77

SHA256
5b67146285c97192c6ce453a84e0cafadc3d2a8bd1c0fd5e7800db24aa2a0185

SHA512
34b7bce124e872d20b529e3675e0a32fdf0528d28be1d1a78c0c1bb724166f640ade32e713f8c3d138409baa505a7b41cfc4a2c3152a9cd39d8f62f122e5f12b

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\chart02.chr

Filesize
4KB

MD5
e4ee631b69c84953eb70b5be19e80178

SHA1
ffad8ebe062e6e484365d7f9761642303217175b

SHA256
4811b15a515522d3fece37b4a9089112011bd62d62652b295e14bb74aa63fa6e

SHA512
e98cfe41b726000a8c629ce418dc0944cb53c738af67b1d60a2abcff6b3f629c46b755b364320a03ddfd8ffa11049124b12cf4c657373abc891182a24909726d

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\chart03.chr

Filesize
4KB

MD5
1d317dea4589acf40cc4396102c0c963

SHA1
1972cd214e9e9940b84dfd97bc6ebc2b908589f8

SHA256
3fd62a7084445a99b60b8dceb28c85d4533fadcc5bc90934dcdd6e8e7025f866

SHA512
5447b13a0e1fbbee4f080d0fe2512759f21fe5261e3c11099bcd4db42db69a891d526e363fe2e749bbf858a167d95471c842a050ed1fca3ae92593d93c583e31

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\chart04.chr

Filesize
4KB

MD5
dda95b8c2f418bffd481d4ba463526a8

SHA1
c4b72025363e869e181d74d212dd54b2b751502c

SHA256
4c41121051b008ccc758ec19c0250db78cb98c563283d8747dea9a11956564ce

SHA512
bba961dc748661843d0e0ae4a329b7c5fc041ceac58ca97e98bf173234dc0ddf86370f477aed68f81951b414caabcbcd7187db21873fca638f39b5d6708092c2

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Euro\order.wnd

Filesize
106B

MD5
e6b06f612a351deaa8cda0836b25a4ce

SHA1
4739f8cecd1d075689730cfbc9140b13681832ff

SHA256
bb2aae933928e009b82803d3ce2a3aa464861cf5c51e9a9af1cb25fc5923ee11

SHA512
1f7a5c137fea0cd56b2c5676b6a038c15795f09fdff5efd50d9ed11ea102517fd4d5df5d7f1aedf2ecdd3e2a92e459b640f57eecaa5150ee759026aff273ab39

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\chart01.chr

Filesize
5KB

MD5
0415270ec850a613df4e9c96e0f3d0c2

SHA1
5a22493dbbf2207e0fac23217f1b87574a5624d2

SHA256
7b0d5a4ae505f98dcd667da733541501c4bf49b8139076156868c8f37573a071

SHA512
dcf5026493e54aae6b4ca5823ef52793fb590ed03b26a584534d26dc0c82fe008cda43ce78c4f30f06469e8caf89093cce70f7d7e022a9b842cb97071b1195f8

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\chart02.chr

Filesize
3KB

MD5
a10290e8f40a09abd794779fdfe3b53a

SHA1
6755e2f6ccba07b57cd0421c93f8cd59d80f993a

SHA256
193cc0eb1a419a84422d7e55a51dd81e38cc691cf3b89020868f6ee4ac8156b3

SHA512
e42ee9a631439a0c13f54ee530cc55485a892cdb9e23e91bb95b1c5c63389d534916210e612f887c8f2040bf06d17f881f6de35fde55d82ce297cbf2087fd37b

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\chart03.chr

Filesize
2KB

MD5
0059904b9856356a2a9cf9fc7b29e473

SHA1
2d2957fcb64c1853b4291986c181ee729db464e7

SHA256
06c5bb507d83bfb9e853e8e660daa09192428cb59007ac23a9bafc97f329967e

SHA512
11f8e14e5f6c398259aff9b9484ab7893502a1d2bfed035bf081c614aae6a54a73f36a4eda25e00049bc42f438a407218a2fd6c12a3e4b06871c02c3df4933d0

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\chart04.chr

Filesize
3KB

MD5
811c149ea405e13325467dceafae0c74

SHA1
8810462e3e23d9c9aabc241092ea59d835ae9198

SHA256
fe5a8378274ae12a008942ae8d568b88ebc42354214c5c2082be2f85a7232c68

SHA512
d10cac190c92690e0cf919f1c08932d5950ca706ccb443af4bb82e1a5fef46175a2b4f99d7ddcc19e5422a45c52946c6dc35227037f2553a392075020712f42b

Download Submit
C:\Program Files\MetaTrader 5\profiles\Charts\Market Overview\order.wnd

Filesize
106B

MD5
06ff51fc2a91c09cf9bb43e654a17ad8

SHA1
cc27a22873d1f2a53521ba0644b8ff9b0bd37ab7

SHA256
92d54f3324fa315c03360a09ad4021b5f54da068397caf3966d4d73066d7839a

SHA512
c88c0305dc577a2b74828f0048812cff7ef269f4efd2f0290afe27168e7d3eebee02ce59de9fd89eb3af85579f1c64ead61f11489995987a2d4fdd1a981e83bf

Download Submit
C:\Program Files\MetaTrader 5\profiles\SymbolSets\forex.all.set

Filesize
288B

MD5
207307971b3cdd0a2cdd503759f7b527

SHA1
4984f6c2476e0018447804ee99b5781b0416d511

SHA256
960e8672ba9df5a8d5325bdee8976703c3fc263ab7881c6772efc3433055a28a

SHA512
5285844469287df619032dfbf46861448c277bfca06b3a363c11f9ade787afb7efc7dfa7b4503b719161f3d8bbbd557e6777c0b4faf20ffd7de088656ffe4709

Download Submit
C:\Program Files\MetaTrader 5\profiles\SymbolSets\forex.crosses.set

Filesize
218B

MD5
a8c0ac3e5be4a1011a09f316c1bfabd3

SHA1
a0a52c5c9780405917c5a402cc928cc10cfc4b48

SHA256
c95a2b57f4de8504d8cafd99de6049d49df31e0a86466c0fae55008bec9e1736

SHA512
124f8bef314415e390a5906f9b98bc3c9619df6302e9a15881d82928d8a9fd00606e895ff1a3909e3a51354c2aa915b2aca91081d5de5320748c1754bb4aa112

Download Submit
C:\Program Files\MetaTrader 5\profiles\SymbolSets\forex.major.set

Filesize
64B

MD5
82aef6cfea3aeea241c6240f2ac9a779

SHA1
9e2a01aeed78c853915bd1d3a0df8a6188bd079e

SHA256
c5b114b137a44c5c93ad16c4befe696280ca069b4f4dd6ac7db2b66825ea4804

SHA512
ed3f38f5152e7f2fb71e479cd07e9a6f1cce0c62ec02ce05cd9bbc2bd67c4a22273d986f846e307261ccf7582ca60de5e65bb84efb24ea5a11ee27b22d6b0278

Download Submit
C:\Program Files\MetaTrader 5\profiles\Templates\ADX.tpl

Filesize
3KB

MD5
04fc692a8433953d5da484a7fce1293a

SHA1
664e5683afb88ff8227e1d01207f7ea84195cc64

SHA256
2e024d06758c05d7a2900f450e0456a696b4ec62c3684ed9b5983e6866516070

SHA512
b6ea72ca5ecd338a77db07a2312ec7725ed06c1be6f098f17edca5751053e27db9b24e58eb2e87767acbbcfdaf6256f9cf3a75c7f71374e07c59161ec9c831fa

Download Submit
C:\Program Files\MetaTrader 5\profiles\Templates\BollingerBands.tpl

Filesize
4KB

MD5
1f89f726613edeebe6201e1395e990ac

SHA1
f1d178204fa3ceea0f7efaf62ac54a46a38f6076

SHA256
71cecd467b9e7a0fe41723e815ceb00624ba1cee4d07102a0154096a50eb369f

SHA512
a3fc403ca0728d6da7ad838f746569eb0df838943d9d95db7dc31753a9bda0d855790803201af98eabd0aaa6de4a35178b846efb2ed1a408e02e06934c6992d1

Download Submit
C:\Program Files\MetaTrader 5\profiles\Templates\Momentum.tpl

Filesize
7KB

MD5
f35cf96f510f5a2775b0867e9a689934

SHA1
8272482322dcdfdae839939b8154bb4dbc06f81d

SHA256
f0fc8b8e4cb5de6b7b93ba356c4bac4e9b0d52cf589048e30aea39b9c0ea9845

SHA512
6f9b9522bdd324e0771152a94294e447adee403567bd4da775eadae865e59be1bade60d71376308df3a7f7009c80dc2e5379190d475f27a570c0e29f26d6fe6c

Download Submit
C:\Program Files\MetaTrader 5\terminal.ico

Filesize
149KB

MD5
5197541836c3544ad215e7d71f0c5089

SHA1
5c69b7edcf5e8caf19dd8366741ba7f658cccea8

SHA256
3d9217bef0605051de79de1dc59fa87065735666901e1b7bb3a81c0847a79216

SHA512
3f9999e8b817c5fc2788aa507bd0f22843d984956135ab4cb43aa3f97d0b594a103dd8fe289baae05ea94ee30a5368f6ba2693824d96a45fd22ac6108e920e90

Download Submit
C:\Program Files\MetaTrader 5\terminal64.exe

Filesize
75.7MB

MD5
1fc97f08d1ba9d854c87b7634318a148

SHA1
0d93187010ab3d0e432c48db771767a0996c3a1b

SHA256
61553a3c3a0d7eb53e88a901e1374fb3af50df2bfc894a45f30a8cb0943fe23c

SHA512
1e53ec38a4b058f74bd612b61e13e4cb3f2ff2db6c28a15fe8bae311c7ed4af16dbff516fcf11791d094c1bcb355d604dedf0530352e709f7543ee5454c6217f

Download Submit
C:\Program Files\MetaTrader 5\terminal64.exe

Filesize
75.7MB

MD5
1fc97f08d1ba9d854c87b7634318a148

SHA1
0d93187010ab3d0e432c48db771767a0996c3a1b

SHA256
61553a3c3a0d7eb53e88a901e1374fb3af50df2bfc894a45f30a8cb0943fe23c

SHA512
1e53ec38a4b058f74bd612b61e13e4cb3f2ff2db6c28a15fe8bae311c7ed4af16dbff516fcf11791d094c1bcb355d604dedf0530352e709f7543ee5454c6217f

Download Submit
C:\Program Files\MetaTrader 5\terminal64.exe

Filesize
75.7MB

MD5
1fc97f08d1ba9d854c87b7634318a148

SHA1
0d93187010ab3d0e432c48db771767a0996c3a1b

SHA256
61553a3c3a0d7eb53e88a901e1374fb3af50df2bfc894a45f30a8cb0943fe23c

SHA512
1e53ec38a4b058f74bd612b61e13e4cb3f2ff2db6c28a15fe8bae311c7ed4af16dbff516fcf11791d094c1bcb355d604dedf0530352e709f7543ee5454c6217f

Download Submit
C:\Program Files\MetaTrader 5\terminal64.exe

Filesize
75.7MB

MD5
1fc97f08d1ba9d854c87b7634318a148

SHA1
0d93187010ab3d0e432c48db771767a0996c3a1b

SHA256
61553a3c3a0d7eb53e88a901e1374fb3af50df2bfc894a45f30a8cb0943fe23c

SHA512
1e53ec38a4b058f74bd612b61e13e4cb3f2ff2db6c28a15fe8bae311c7ed4af16dbff516fcf11791d094c1bcb355d604dedf0530352e709f7543ee5454c6217f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
f7dcb24540769805e5bb30d193944dce

SHA1
e26c583c562293356794937d9e2e6155d15449ee

SHA256
6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

SHA512
cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
645B

MD5
8c4f0ec61dd25e20a289de4a3ea332fa

SHA1
f3fdf81f231a9d75b57c1cc75068a2da17ce9e7d

SHA256
d761d938007a727c4b9df7322dd3e4fa28d3290b482a1e86492fe92d7aaab282

SHA512
53c82a41f2e7a8515e6dbb3575885b7dc8546991d3dfe05f77f22609f9805be03e24fd7efdb85f705dedd42d0ad567774e8cd40db3529ffe18200fe1500f75ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
acb89074b367e894406f1f37d3ee0663

SHA1
e3624be43fdc1617ce831ed50dcc25152a15c469

SHA256
f2d1a20bfa18776f870aeb4cb9114fe0e1e07e4afb56ef758e3742c62d05dddf

SHA512
7559a172c6dc5acd29f8a62cd44ed716f8966a50b43b9015e6548c32c94251b145963c06269836b4e38a6e5cebf565b00d9de04e793b01e8290a0d7f7284c5f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9c7d0a6d29cc1068ca1d6457c72e4354

SHA1
3e3ad976db548d54d2fec460b257ba1a4655199a

SHA256
4b3805c628e4103e7e91e215e0a90da03b4c5e2c11a877f27e3d3cb3cab0dc33

SHA512
f68524846c09abd50bdd9d658084cc814f0ca177f67a55c601f629b647c27241fee5421215309f08f9dd73b0fa4f61fabf3b1a3e73b23f88f01c3c70c1899a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f96f6b7712dc54488d11c17997df32c6

SHA1
17240e6a1d4cc1d87b1b117350db7028711108e1

SHA256
badf1c59e427a8d0498de92515f3b6defa82ab335caae4f56f87ac7705746f55

SHA512
776a42a179b89a81aa26fbb8db58b677243b62f2dee43c5cc7615f1f2ba7cec91af6bb1f7d2ba34b5d5ac1879e839edcce6fe34fdf21e200cf750174eb870345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dffaa58ebf1d3b8e315958350f055ad3

SHA1
1379ee3d093844a0808c10fafa4c04bec036cf0c

SHA256
1c069d4eb6d76ac66b4968f3e733f94e78c09155aef1eee0ae028bfea147a75f

SHA512
d44541c3e14f74b548bfa79f6b51d64a3c85e6cc0b82d36b01ef766cecc8396d7e30604ba048a3c796c82ce942a355f505fc1c0211edd1f40ad7f1b973e2746b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b4742f205389eedaaf53c5d8088eafef

SHA1
0a00821f578ae6e39e5cf6aca4b7577787484d04

SHA256
cca81208089879ffed4474380c4d6d90a43bfb41aa0aeeed7380b4e02fdf2c63

SHA512
ab73557a4f4ae8a336a23f51d363cc4946980dc38e343ef069da3aacaf5ab9b59349123f86b6416aea92287622d0f1d01f6380fed7214a2f2c9bb4e517978fe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
c8ec4875f86b304a7b9d1a872e528d04

SHA1
0eb6b0e0f60a5a0474fa3992461d9fb7ef225379

SHA256
4d639e3119700db52b2203b53b66862ef13188ea698d79ccebc95293c5678de9

SHA512
7aec7ccd0ce8995918b8452abb75194715edfbabf12b1f4b023a6261070f2da56154d3de0495b31a04f09eb76d4450be600695a3e6ae836de89754e2e0fc2299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
dc5cb0762280f59f4dcd061338f59f92

SHA1
6cde352b16ade60ea776da59c2810298075e0e5f

SHA256
7ddf8e35dcda9dfe015e8f91e91d1b15e2e7699fb3f8a039afe9306259638afa

SHA512
31170c993096a78119d89f53526c8f2316dcc2b337e337766a18f0a0acb8d37c352309cab2b5e74c0a722b8770e6c2b0c7159008c4b4117cc38e04f13a9cd644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
d2795a8471a28334b285c60370d97df8

SHA1
9410283e870bf7c0df5efe218348642631cb6698

SHA256
19b30f4fe42f42a52de17050a984e61179845ecde9d8a8cfd99dc7086a4f640f

SHA512
89fbdbea49f905ec38e7e2725135d8cdd2f2b6bb33a22b24b2819b03ac134597521df81e56da84a196343f6a82e7189854450c12c2126bb37ba8eb2b22112115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
9293c336d2834ea3e1341f5a5cd01246

SHA1
b539b2abec1fd5b70ea41c73bea9f65b8613612f

SHA256
019adcc6f9ace85c0da83e587c5d478cfe00c3d8ba7c9fc37ff0f9202e9a3664

SHA512
6ba6a3c6c2207ce7921f5786369c763f88fee287ff1f7412bfcea03cc04cfe6a0eeed2e330f9809a1bdba146f8d2fb300552a954f2b4e5185689a981ab50bbe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56dfa7.TMP

Filesize
105KB

MD5
3d510dc884008567c228b4132add7cf4

SHA1
358272fca37cbecae3c5f52655971560741d28fb

SHA256
2e50b6ab9d8e3acc208f67bf3c3a7d9c387250a3fd2e717d7b4b207e1be70e23

SHA512
98ed3767e7d15fa001a86f6d403d60511465a91a04c61944465ab02a114e67c0b606b261624d1c967c37d1921db4888c7f48ac13a38e44920abef0dbe0127b90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FLQISSZ5\all.e03f1d48fe45a6666e263ac8692dae3f[1].css

Filesize
525KB

MD5
e03f1d48fe45a6666e263ac8692dae3f

SHA1
f9c98dc3488e84ba2009199e41a45c325f421985

SHA256
35a8c4ea87f04f6af9ff0e57955bf4a94bb5523b50be229d9aa876a6a615ef1d

SHA512
483d473fc53f436178bcc11199ffb8443d23975b471cd4f83d1cc72d6c4d7ae3f381fe5b9c432b0ae49ccea6671937da4c5ff9f3512247012888f8a91aa1b37f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FLQISSZ5\core.0ed504e3172222d5cb71990138e60410[1].css

Filesize
76KB

MD5
0ed504e3172222d5cb71990138e60410

SHA1
fb664b9d5ae36ed05cab1e936d013f4c4e84e983

SHA256
65dccb660893e49426d0b9bcbf5bee3d424a09d4f9b7b67f911d23ca889a6103

SHA512
2858dfd99b2c6a76f1a859b0274281d37b98d80e89583c570befe9565aaff566c668a986401e419e3aba7c5f390b44064c165daeae67a64235443b8c76bea587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RIZDY293\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RIZDY293\market.b40fcad83f9234ad63f6e7a13cdb5685[1].css

Filesize
117KB

MD5
b40fcad83f9234ad63f6e7a13cdb5685

SHA1
ad818c96f61d3fd9c2ee4ca5e848fc1484189ece

SHA256
8515aeb4c276570363799284ff8d21944d3dbacc5bfe2c56283f8fdf4de590f6

SHA512
dbccabcc3afee1e13e2fb7924482fd3d362121fee28be2ba0290c2d83abef5a0d15a6c7aca8f3ca6304bb227c1d9ea94a3134ab83e99cdfc5a24305560790c88

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\0NF8T3MY\www.mql5[1].xml

Filesize
337B

MD5
ac006f5f8affa2ae5172691cfc1b6202

SHA1
bf955bfb4ddc2daa9f43fbdd69d7a9164310ddd3

SHA256
99643c4110b5f0e7ba97a333dc2a493dcb024de00dc8b024dd3ca1d348f0cd88

SHA512
4e200231787f3f0df473b1df65ee16e2c5f46199e79d35bc1984469736d0773698e7b115a91f17242b51ba24704df97000ca9837aa90be74ba9a795a4986a3b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\0NF8T3MY\www.mql5[1].xml

Filesize
337B

MD5
ac006f5f8affa2ae5172691cfc1b6202

SHA1
bf955bfb4ddc2daa9f43fbdd69d7a9164310ddd3

SHA256
99643c4110b5f0e7ba97a333dc2a493dcb024de00dc8b024dd3ca1d348f0cd88

SHA512
4e200231787f3f0df473b1df65ee16e2c5f46199e79d35bc1984469736d0773698e7b115a91f17242b51ba24704df97000ca9837aa90be74ba9a795a4986a3b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\0NF8T3MY\www.mql5[1].xml

Filesize
616B

MD5
bbdac75f97b7b90cc8540719ece8d94f

SHA1
3b6d2a7c1ce6fd1f72b8b47aa8db9f40dfcd643c

SHA256
da30b7b2af21d97ba2860379c97df6fa74bc59b9611a7b33c9e18c4deb76d484

SHA512
c0d601726c9df5e0a1f39297f14db98065c52a3723acb044f06cbe3f867111a90f9c6c425e87fbff88958df411cdbc481627727abccf9c47b5d2ff3140cc476b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GE6QR2Z9\favicon[1].ico

Filesize
23KB

MD5
85d88ec7ade811f1b2ece9826ceb3d68

SHA1
4d114d35221f3951e5fffbec29928ce4cc8e26f8

SHA256
05df6366097bbc6f292460a50a38cafc70282f5379386b6d084f0d2b93501591

SHA512
5b8dc1d50b39db64551c6268dcd0bb1351cfffbdf64cdd5c7ba333e1a9ad73b705da225e993048b4eee1e33da9485a6690605d3b3bff79782e055d52af98e03d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\pjazva1\imagestore.dat

Filesize
24KB

MD5
127b93faaa8d02654ff01a489e93366e

SHA1
1ddc5d0917da050fcb69ff9f5e4cdff43e727f8f

SHA256
5372ade22a832708dce7fac6b05a4de5dc28e57870a8b8be81fc14ebdaed2bd2

SHA512
cf1c738c0844efb231cd15ec76dd686d45b5a04d93a1ca3e670025cf3877cd514f466fc5108ae80fd0db00a739ead001ed62fa8528eb3309ca2f30684b17f5fe

Download Submit
C:\Users\Admin\AppData\Roaming\MetaQuotes\Terminal\Community\dns.dat

Filesize
13KB

MD5
9eba5a69558d8e858b95be6faa3ec558

SHA1
25362e8e9dc52bebb60f02ea1dfb4c2ad0cb917e

SHA256
148e33181250191c27b2ce0321e6269bbf950b7e807b3e5e86397ef29a621506

SHA512
8415b5c53b9e1e531ca7155b90ff8903b2d9598c12b3ffa02c4e7acc218b29b46a9ca130292d8afdef941b4db0916e0155f1610096c7117c4515faed15bff5b7

Download Submit
C:\Users\Admin\Downloads\mt5setup.exe

Filesize
3.3MB

MD5
853535125a38e34154f0a26136b5fe81

SHA1
108f975341407b6d71e44ccc9be14082a158e51d

SHA256
a102b42e757f31875722da6fc5af191297f76f8691ae9a8a4c64b8169b14160d

SHA512
c2bc2d52c2cba0dd51afe40a85ead2c016cc9c8a7bbc93f1247d1287ad3745ed95e7406c6f333f804d83c2ca6c46af9f72b887df818f19585f3ba372f38844a0

Download Submit
C:\Users\Admin\Downloads\mt5setup.exe

Filesize
3.3MB

MD5
853535125a38e34154f0a26136b5fe81

SHA1
108f975341407b6d71e44ccc9be14082a158e51d

SHA256
a102b42e757f31875722da6fc5af191297f76f8691ae9a8a4c64b8169b14160d

SHA512
c2bc2d52c2cba0dd51afe40a85ead2c016cc9c8a7bbc93f1247d1287ad3745ed95e7406c6f333f804d83c2ca6c46af9f72b887df818f19585f3ba372f38844a0

Download Submit
C:\Users\Admin\Downloads\mt5setup.exe

Filesize
3.3MB

MD5
853535125a38e34154f0a26136b5fe81

SHA1
108f975341407b6d71e44ccc9be14082a158e51d

SHA256
a102b42e757f31875722da6fc5af191297f76f8691ae9a8a4c64b8169b14160d

SHA512
c2bc2d52c2cba0dd51afe40a85ead2c016cc9c8a7bbc93f1247d1287ad3745ed95e7406c6f333f804d83c2ca6c46af9f72b887df818f19585f3ba372f38844a0

Download Submit
\??\pipe\crashpad_1644_QTBBCPVRVWKZZYLV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/744-248-0x0000000004A70000-0x0000000005162000-memory.dmp

Filesize
6.9MB

Download
memory/744-287-0x000000000E600000-0x000000000E682000-memory.dmp

Filesize
520KB

Download
memory/744-286-0x000000000D0C0000-0x000000000D0EA000-memory.dmp

Filesize
168KB

Download
memory/744-285-0x000000000CFD0000-0x000000000CFDB000-memory.dmp

Filesize
44KB

Download
memory/744-283-0x00000000096E0000-0x0000000009701000-memory.dmp

Filesize
132KB

Download
memory/744-280-0x0000000008250000-0x0000000008264000-memory.dmp

Filesize
80KB

Download
memory/744-281-0x0000000009670000-0x0000000009695000-memory.dmp

Filesize
148KB

Download
memory/744-282-0x00000000096A0000-0x00000000096D6000-memory.dmp

Filesize
216KB

Download
memory/744-278-0x00000000093C0000-0x00000000093EF000-memory.dmp

Filesize
188KB

Download
memory/744-279-0x00000000095F0000-0x000000000966C000-memory.dmp

Filesize
496KB

Download
memory/744-277-0x0000000009390000-0x00000000093B2000-memory.dmp

Filesize
136KB

Download
memory/744-276-0x0000000008220000-0x000000000823D000-memory.dmp

Filesize
116KB

Download
memory/744-275-0x0000000008F20000-0x0000000008F8B000-memory.dmp

Filesize
428KB

Download
memory/744-274-0x00000000080B0000-0x0000000008216000-memory.dmp

Filesize
1.4MB

Download
memory/744-273-0x00000000080A0000-0x00000000080AB000-memory.dmp

Filesize
44KB

Download
memory/744-272-0x0000000008060000-0x0000000008094000-memory.dmp

Filesize
208KB

Download
memory/744-271-0x0000000007F70000-0x0000000007F87000-memory.dmp

Filesize
92KB

Download
memory/744-270-0x0000000008380000-0x000000000838A000-memory.dmp

Filesize
40KB

Download
memory/744-268-0x0000000007040000-0x0000000007048000-memory.dmp

Filesize
32KB

Download
memory/744-269-0x0000000007050000-0x0000000007087000-memory.dmp

Filesize
220KB

Download
memory/744-267-0x00000000082D0000-0x0000000008374000-memory.dmp

Filesize
656KB

Download
memory/744-266-0x0000000008270000-0x00000000082CC000-memory.dmp

Filesize
368KB

Download
memory/744-265-0x0000000007980000-0x0000000007A70000-memory.dmp

Filesize
960KB

Download
memory/744-264-0x0000000006ED0000-0x0000000006EE4000-memory.dmp

Filesize
80KB

Download
memory/744-263-0x00000000075F0000-0x0000000007672000-memory.dmp

Filesize
520KB

Download
memory/744-262-0x0000000006EC0000-0x0000000006ED0000-memory.dmp

Filesize
64KB

Download
memory/744-261-0x0000000006FA0000-0x000000000703E000-memory.dmp

Filesize
632KB

Download
memory/744-259-0x0000000005870000-0x000000000589D000-memory.dmp

Filesize
180KB

Download
memory/744-260-0x0000000006F00000-0x0000000006F95000-memory.dmp

Filesize
596KB

Download
memory/744-258-0x0000000005630000-0x0000000005659000-memory.dmp

Filesize
164KB

Download
memory/744-256-0x0000000005600000-0x0000000005630000-memory.dmp

Filesize
192KB

Download
memory/744-257-0x0000000004950000-0x0000000004961000-memory.dmp

Filesize
68KB

Download
memory/744-255-0x0000000004A30000-0x0000000004A45000-memory.dmp

Filesize
84KB

Download
memory/744-254-0x00000000049C0000-0x0000000004A2A000-memory.dmp

Filesize
424KB

Download
memory/744-253-0x0000000004970000-0x00000000049BC000-memory.dmp

Filesize
304KB

Download
memory/744-252-0x0000000004830000-0x0000000004841000-memory.dmp

Filesize
68KB

Download
memory/744-251-0x0000000005560000-0x00000000055FA000-memory.dmp

Filesize
616KB

Download
memory/744-250-0x0000000004850000-0x0000000004946000-memory.dmp

Filesize
984KB

Download
memory/744-249-0x0000000005200000-0x00000000054F9000-memory.dmp

Filesize
3.0MB

Download
memory/744-247-0x00000000044D0000-0x000000000456D000-memory.dmp

Filesize
628KB

Download
memory/744-246-0x00000000046C0000-0x000000000476A000-memory.dmp

Filesize
680KB

Download
memory/744-245-0x0000000004670000-0x00000000046B9000-memory.dmp

Filesize
292KB

Download
memory/744-244-0x0000000004340000-0x00000000044C9000-memory.dmp

Filesize
1.5MB

Download
memory/744-243-0x0000000003E90000-0x0000000003EAE000-memory.dmp

Filesize
120KB

Download
memory/744-242-0x0000000004210000-0x0000000004335000-memory.dmp

Filesize
1.1MB

Download
memory/744-241-0x00000000041B0000-0x0000000004209000-memory.dmp

Filesize
356KB

Download
memory/744-240-0x0000000004000000-0x00000000041A9000-memory.dmp

Filesize
1.7MB

Download
memory/744-239-0x0000000003C30000-0x0000000003DC5000-memory.dmp

Filesize
1.6MB

Download
memory/744-238-0x0000000003C20000-0x0000000003C2A000-memory.dmp

Filesize
40KB

Download
memory/744-237-0x0000000003C10000-0x0000000003C1C000-memory.dmp

Filesize
48KB

Download
memory/744-236-0x0000000003BE0000-0x0000000003C05000-memory.dmp

Filesize
148KB

Download
memory/744-231-0x00000000032A0000-0x000000000335F000-memory.dmp

Filesize
764KB

Download
memory/744-235-0x0000000003970000-0x0000000003BD7000-memory.dmp

Filesize
2.4MB

Download
memory/744-234-0x0000000003540000-0x0000000003596000-memory.dmp

Filesize
344KB

Download
memory/744-232-0x0000000003480000-0x00000000034D1000-memory.dmp

Filesize
324KB

Download
memory/744-233-0x00000000037A0000-0x0000000003969000-memory.dmp

Filesize
1.8MB

Download
memory/744-230-0x0000000003150000-0x0000000003293000-memory.dmp

Filesize
1.3MB

Download
memory/744-229-0x0000000001D10000-0x0000000003147000-memory.dmp

Filesize
20.2MB

Download
memory/744-228-0x0000000001980000-0x0000000001A21000-memory.dmp

Filesize
644KB

Download
memory/744-227-0x0000000000FA0000-0x0000000000FC7000-memory.dmp

Filesize
156KB

Download
memory/744-226-0x0000000001BC0000-0x0000000001D0A000-memory.dmp

Filesize
1.3MB

Download
memory/744-225-0x0000000001910000-0x000000000197C000-memory.dmp

Filesize
432KB

Download
memory/744-224-0x00000000014F0000-0x0000000001739000-memory.dmp

Filesize
2.3MB

Download
memory/744-223-0x0000000001440000-0x00000000014EE000-memory.dmp

Filesize
696KB

Download