Analysis Overview
SHA256
02b05f38602f3f153a01bc5585e7a7482852bfb964cc8865905b584e62eb71b6
Threat Level: Known bad
The file Mt5_Servers.exe was found to be: Known bad.
Malicious Activity Summary
Xenorat family
XenorRat
Detect XenoRat Payload
Checks computer location settings
Executes dropped EXE
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Scheduled Task/Job: Scheduled Task
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-03-17 11:04
Signatures
Detect XenoRat Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xenorat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-17 11:04
Reported
2025-03-17 11:14
Platform
win10ltsc2021-20250314-en
Max time kernel
587s
Max time network
599s
Command Line
Signatures
Detect XenoRat Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
XenorRat
Xenorat family
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133866834501162093" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe
"C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe"
C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "Mt5 Servers" /XML "C:\Users\Admin\AppData\Local\Temp\tmp6169.tmp" /F
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\GrantMount.mid"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffc659ddcf8,0x7ffc659ddd04,0x7ffc659ddd10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1716,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2216,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2512 /prefetch:8
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4244,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4220 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4584,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4436 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4800,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4616 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4804,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4796 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5016,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5224,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5280 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5628,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=504,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3252 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5728,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1764 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3476,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3832 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5960,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5972 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4392,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3360,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5772 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.140.244.186:443 | checkappexec.microsoft.com | tcp |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| NL | 20.31.169.57:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.35:80 | c.pki.goog | tcp |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.140.244.186:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 216.58.204.78:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.179.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.20:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.23:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ht-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| GB | 64.210.156.18:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.18:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.18:443 | ht-cdn2.adtng.com | tcp |
| US | 151.101.3.52:443 | hw-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 172.217.16.251:443 | storage.googleapis.com | tcp |
| GB | 172.217.16.251:443 | storage.googleapis.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | td.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 74.125.133.154:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | td.doubleclick.net | tcp |
| GB | 216.58.201.99:443 | www.google.co.uk | tcp |
| ES | 83.50.225.25:4892 | tcp |
Files
memory/1900-0-0x00000000743BE000-0x00000000743BF000-memory.dmp
memory/1900-1-0x0000000000410000-0x0000000000448000-memory.dmp
C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
| MD5 | 5d2230f9507200accc5a6defc551bdf3 |
| SHA1 | d502142597ff51da2124c3688ec677a81206f3ea |
| SHA256 | 02b05f38602f3f153a01bc5585e7a7482852bfb964cc8865905b584e62eb71b6 |
| SHA512 | 31e9be6b7f98f2723ef8dc3e7863ccb0b9220368f013fa7735c4404d859a139753172758302b1844b9a9d8072ac0d734fa67d9d7bdb67ea41b1a20f98c9edd9e |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Mt5_Servers.exe.log
| MD5 | 66aea5e724c4a224d092067c3381783b |
| SHA1 | ee3cc64c4370a255391bdfeef2883d5b7a6e6230 |
| SHA256 | 04b17cab961f973464bba8924f764edef6451d1774f2405d27ef33d164296923 |
| SHA512 | 5d719e303f491d1443cb7c7e8946481e90532522a422c98f82466e1eddcd1ef24a4505dcbf75f2191fbb66825d3550566d7f408a3854edeb4c1a192c8c9a6d06 |
memory/3312-5-0x00000000743B0000-0x0000000074B61000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp6169.tmp
| MD5 | c37d1bd58f29daae6573ed1ab1b00763 |
| SHA1 | 3ade010a47d3f9fd5964c3990ebca5f568bc4001 |
| SHA256 | 52b097cec40ccdb94fae545fe77de2a3e5f4fd0d1935aa069bac20fd3ca515ea |
| SHA512 | 6beb0ee089a9d044233634771de0a895bf87e2f040f663f348199cd3682885d3dc05f53182a9eca578cbc13c8ae5395cd94ffb2268b9c04d923d6f3d36e0e72b |
memory/3312-8-0x0000000005870000-0x00000000058D6000-memory.dmp
memory/3312-11-0x00000000743B0000-0x0000000074B61000-memory.dmp
memory/3312-12-0x00000000743B0000-0x0000000074B61000-memory.dmp
memory/792-13-0x00007FF71B610000-0x00007FF71B708000-memory.dmp
memory/792-14-0x00007FFC658F0000-0x00007FFC65924000-memory.dmp
memory/792-19-0x00007FFC653D0000-0x00007FFC653E7000-memory.dmp
memory/792-22-0x00007FFC65000000-0x00007FFC65011000-memory.dmp
memory/792-21-0x00007FFC65390000-0x00007FFC653AD000-memory.dmp
memory/792-20-0x00007FFC653B0000-0x00007FFC653C1000-memory.dmp
memory/792-23-0x00007FFC56560000-0x00007FFC5676B000-memory.dmp
memory/792-24-0x00007FFC64FB0000-0x00007FFC64FF1000-memory.dmp
memory/792-15-0x00007FFC570D0000-0x00007FFC57386000-memory.dmp
memory/792-16-0x00007FFC65C70000-0x00007FFC65C88000-memory.dmp
memory/792-18-0x00007FFC653F0000-0x00007FFC65401000-memory.dmp
memory/792-17-0x00007FFC657D0000-0x00007FFC657E7000-memory.dmp
memory/792-30-0x00007FFC64F00000-0x00007FFC64F11000-memory.dmp
memory/792-29-0x00007FFC64F20000-0x00007FFC64F31000-memory.dmp
memory/792-28-0x00007FFC64F40000-0x00007FFC64F51000-memory.dmp
memory/792-27-0x00007FFC64F60000-0x00007FFC64F78000-memory.dmp
memory/792-26-0x00007FFC64F80000-0x00007FFC64FA1000-memory.dmp
memory/792-25-0x00007FFC554B0000-0x00007FFC56560000-memory.dmp
memory/3312-31-0x0000000005840000-0x000000000584A000-memory.dmp
memory/3312-32-0x00000000061D0000-0x0000000006776000-memory.dmp
memory/3312-33-0x0000000005D10000-0x0000000005DA2000-memory.dmp
memory/3312-34-0x0000000005D00000-0x0000000005D0A000-memory.dmp
memory/792-47-0x00007FFC554B0000-0x00007FFC56560000-memory.dmp
memory/792-65-0x00007FFC554B0000-0x00007FFC56560000-memory.dmp
memory/3312-593-0x0000000000A70000-0x0000000000A7A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ec33af3151fa3641dc3a0072d99195fe |
| SHA1 | 7c038bdf48e9e651c75683ddb7311fe2e346b11c |
| SHA256 | fa12570513514edcb9933826217725845a9fd588c8d7a3c7304498b3fdc9f55a |
| SHA512 | 57e32c4731c8fb33e7c97f324d2d89381b616826a06486dcffc0ed4867bf3b341455f4f26d566d48f2fe17e698a45e56cd82c37a5b2466cf5cdef5755ba82d50 |
\??\pipe\crashpad_952_LZEIRIAWIJUSPJMO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 744f6c484393727f256bb925c2f27eda |
| SHA1 | 2cab0180f3c638992a4dbf1e74292e03b2d33643 |
| SHA256 | 0c0a9805afa2d6e889669b063177dc14e4dd06d84a3fb5b6eb9661c60e6d1727 |
| SHA512 | 43289ec07022b223fa156252a67e77a5a9a8e9865db5607bd9d99065d3b14ee60c8276e52eabeaeafd72260856fcad020d2774fc7caa53ee9bef293e05ad444d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b8b17a6fe610bac5a1b6f67fb7462406 |
| SHA1 | 7dacc859a7afb16212f75b68f6b8e18b6a0acd37 |
| SHA256 | f4a9809671a9ba69b834514c0465ff7c15d7ff3d004f611614be821de266ba02 |
| SHA512 | cac3b8a25896bf348b3435e62d25d9ab60c153022abb6564b30ca9c2376511ed38186107550c95f40b07c55cd8c4ead5bd59a1c9e8c675ab39be0d5a9ffb5d72 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 66f48a55a7c59145f6ecc42042e9e299 |
| SHA1 | 099818c49d3ef791e3e2173db7ee837a4d23a145 |
| SHA256 | 7048b5cb8f12404e011dba03c7f930bde23b7a76aff18de0dba4ed2d9ce1d1ba |
| SHA512 | 3630582b1725a845285d9ea99cf80ef0339e0443450199cb5fc720868dbec4928ffa0a7e9883e9cb2d47e6125ed0422f764d58a81f930031955f82a3f8ad386a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | c7f0d5f3e7d494f2ae9e65f980394313 |
| SHA1 | bb3faf350be8bc171ff746d8253766390f72e3f8 |
| SHA256 | f7b9858f904374a28b0b07ef6df241b371a806bfe4661d9f1e01a970e22e8be8 |
| SHA512 | 17c008e8da4dfdb2c3461d69b276d4217a913725b5131dc5b41dc3a830b140596cb093ee31648c399d012abe0c02c794b48fc90b69541404d8e883ce791198b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | d8899b1c0aa7c8e5836708fa76dfb119 |
| SHA1 | 3ac6fbb49e7350221da7ee4d658efa239f2985eb |
| SHA256 | 106b6d9e8fab32613ec95b387848efc1a8b411ae4609237004009bd330e1a67f |
| SHA512 | 9f97e9187e145377992ecce519189fac8a3d13ee1c8fcef31b7aa1b2e5d1aacf0275fa031fddd40ab1bdfc855d549053f4dc43b65e6baf985924cad146d2bd2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 18d34a6b87d7f3baee8527e36ad1a6e0 |
| SHA1 | ae12fbafb6bcc3f3f6e5e372094e283c1d49cae3 |
| SHA256 | af94274c182c2b21367e57a11df16cb0d64ea8df598fed78966cb70ed0d07a99 |
| SHA512 | 6e30e0b133d8a18ef609819c9496f06a2b596e9e1faed82134aea4c069a8b839c073f4a2ec438246cd154e18b1a12f17435d485f3f9c07781e9a83f82f5f4a4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f25c987b65e4b10f326412d7ff073119 |
| SHA1 | 01c33a24e5c4182fe25f5e19db90aad21f1ee6e1 |
| SHA256 | 0e49d5d4580e04cd5b16d61734666c671797651a9e8c6dd66f25e6b3a1b3f172 |
| SHA512 | 19e5c5ed806b80c6e7ab50ea2e4f920252719b87d5f3972d8b2c820923389b7a1c1c9be41585cf7ff87a50fecce89195bd8232cbb41ac29e1d0500a00076f258 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d1c26.TMP
| MD5 | d822ff46d59433abc110a95155e382eb |
| SHA1 | 325701610d9679cc4556bc3e459b5848c8db0ebe |
| SHA256 | 2d2bb5782264e800c83191d196eff80354a498503add4e48607e347166fb1f60 |
| SHA512 | 5bd456baf122fd3d720cccb1e4156a60acbd087f7557bf2dd5b650809b2c456a4d1cf61bb2fa30f7ba10b67eddd52d0a7c06f7a755d3c4c8e53a874433bcdd38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 26c9b46e073038024054dd77b78c775b |
| SHA1 | 4641ba7a68e81299bcbb3c4ea3a1de36ea9df692 |
| SHA256 | 835258d017185311129d2a87938947ef7dd7fb35b8283a1404cdcb22d8e5796d |
| SHA512 | f06bfaf13f441cf23f169d178b6099623af621c77b3565366134fc2d6a2f87a6ee1256d02b6aa381a0de630c1cb63bf0decf52f9ebeb55c0ca06504a761b7274 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fbd5c82460bcdb0cd2f214a541191820 |
| SHA1 | 8c0f3dde3b430b0c04fe534b89d33919663212bd |
| SHA256 | 8565493fec288804f81c751855fe2ee23dd984a5d2c2fe358944cf8b28709ecb |
| SHA512 | 10e268fbb9ae650d7338d47b573b46b6b58527043cb3d53874fc4caa0e53b3d3fcc2f6e5e9494dafa0be112afed0971957afebd83623a36b6630952e521176ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 12f463b1f3dc1f902d5f56f13389c2b7 |
| SHA1 | 42b8fa1c44ed46c6d8b6e68979a0934f1e496226 |
| SHA256 | 92849bdecc82ecb40518b739a956357341370584f8e5a26266417d285f534bb9 |
| SHA512 | df57e537f1bb99baefcdd49f311e6e78fa19a03b1ac50f8b0a1869b79a06b016bb8e8b6178b372d927586d38b29c91ee17778829308291cfddd40ae144150726 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c8c3c4aca879d3abaa5bcf8854c9d6c4 |
| SHA1 | 2f2e2a5bc136361ab518acd952e9f5a591e9b296 |
| SHA256 | aa7a9f8fd9dc6d2573e89666f8150fdca794d36e2aecbe205196ac3a2b0309b6 |
| SHA512 | c5c0955f594eb6b62ae1a22841688308fb9b573d003ac26d0bf735989a5c3567cecda1a8a8388e748740a882439431193a5e823ab7150706439547ca65e50886 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6d549ece9522c0122d7ee5121d7245fa |
| SHA1 | 881661c98bcffe5c3c2b5a38e217997a3295ec8e |
| SHA256 | 45b2ffe0bc72f2cd9e12187220bd08a5f2ea23187fd8347336d3cb89e3d2eff6 |
| SHA512 | 7c50f27d11cab54b6bec85bf59b560ceba8537663c8e6def4bce7703a9c67ff2abb84fe80ebba4d20188c4ef22a195cc515f7e84edc909f41bd0cfac226dccf6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 59ae15fb6fc1dcc3417093464c457622 |
| SHA1 | 5295096e315590b4efcbf09d967122ea61116790 |
| SHA256 | a3731e88858657a5bedec5d05010fe0a8e310fc9f72898dbc6962c07cc9b5587 |
| SHA512 | 43b4e8ac89df141ad6d7f798c9a93971ed2e5c2133ef36f260f8b6ef82eb25ce49f94bdfc0f41fc6f9f1121a9812efabfea22b2d5ec2e2d28123ee148f83a16b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e719e6877d39246b62c25d598587fdb4 |
| SHA1 | aa32a1f8015879293453c91e1e6b53bb0c339c94 |
| SHA256 | a22b1abbf04fbe890d235887de51089391d43ba06637251b79426899212a5f06 |
| SHA512 | 90d5a19d6fbeda60822b72e35175460ca7dccbfafb56a7e392bc3dc8f61652bd299b6890e4def73cfe49a535b4bbac0ea75394522cb17b27aaa8a15efca7fb40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1
| MD5 | 0c0d5a2f88c6da63ffc451b8ac4df465 |
| SHA1 | a2cf5ab0ff7015d3877b45a97e2d7a9aa130451e |
| SHA256 | 24a03f76feea54f661141a5877c304428e9f866af237747006bf06d4c48bf914 |
| SHA512 | 0c56ebc9caed771d7bc27c26ecd96fab3f0c3127fa5b340e60325cf2df88d6cfc75e17e0ae18591e047f8a04ad6f75c28002f634be5101ca84831f65018001e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 991f88728ca74a686079684a17916e67 |
| SHA1 | 04b6c03a8c545cb6c0453c29701c865b21da958b |
| SHA256 | 821b28c84b3c262b85ffa2f40675a139e32a097cba44ba4015eb2503158f24cd |
| SHA512 | 6f920ceab11516a2c650d3e948177e63ed1635b97e830e7b35dfe92ddf73bb9d38b91f9ab696e9a48066c14c45fe2b0536b027321ac4cd5f50cba0b99b0cd68d |
memory/3312-1068-0x0000000000A80000-0x0000000000A8A000-memory.dmp