Malware Analysis Report

2025-04-13 23:01

Sample ID 250317-m6dnss1pt5
Target Mt5_Servers.exe
SHA256 02b05f38602f3f153a01bc5585e7a7482852bfb964cc8865905b584e62eb71b6
Tags
xenorat discovery rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

02b05f38602f3f153a01bc5585e7a7482852bfb964cc8865905b584e62eb71b6

Threat Level: Known bad

The file Mt5_Servers.exe was found to be: Known bad.

Malicious Activity Summary

xenorat discovery rat trojan

Xenorat family

XenorRat

Detect XenoRat Payload

Checks computer location settings

Executes dropped EXE

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Scheduled Task/Job: Scheduled Task

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-17 11:04

Signatures

Detect XenoRat Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xenorat family

xenorat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-17 11:04

Reported

2025-03-17 11:14

Platform

win10ltsc2021-20250314-en

Max time kernel

587s

Max time network

599s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe"

Signatures

Detect XenoRat Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XenorRat

trojan rat xenorat

Xenorat family

xenorat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133866834501162093" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1900 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
PID 1900 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
PID 1900 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
PID 3312 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 3312 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 3312 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 952 wrote to memory of 6056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 6056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 5812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 5812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 952 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe

"C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe"

C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe

"C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "Mt5 Servers" /XML "C:\Users\Admin\AppData\Local\Temp\tmp6169.tmp" /F

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\GrantMount.mid"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffc659ddcf8,0x7ffc659ddd04,0x7ffc659ddd10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1716,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1960 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2216,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2512 /prefetch:8

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4244,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4220 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4584,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4436 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4800,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4616 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4804,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4796 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5016,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5148 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5224,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5280 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5628,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=504,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3252 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5728,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1764 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3476,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3832 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5960,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4392,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6100 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3360,i,7034022106153817566,15641339376000171672,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5772 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.140.244.186:443 checkappexec.microsoft.com tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
NL 20.31.169.57:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.35:80 c.pki.goog tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.140.244.186:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.187.202:443 ogads-pa.googleapis.com udp
GB 142.250.187.202:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 216.58.204.78:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.179.238:443 consent.google.com tcp
US 8.8.8.8:53 www.pornhub.com udp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 ei.phncdn.com udp
GB 64.210.156.20:443 ei.phncdn.com tcp
GB 64.210.156.20:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
US 8.8.8.8:53 media.trafficjunky.net udp
US 8.8.8.8:53 cdn1-smallimg.phncdn.com udp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.20:443 media.trafficjunky.net tcp
GB 64.210.156.23:443 media.trafficjunky.net tcp
US 8.8.8.8:53 ss.phncdn.com udp
US 8.8.8.8:53 a.adtng.com udp
US 66.254.114.171:443 a.adtng.com tcp
US 66.254.114.171:443 a.adtng.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 ht-cdn2.adtng.com udp
US 8.8.8.8:53 hw-cdn2.adtng.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
GB 64.210.156.18:443 ht-cdn2.adtng.com tcp
GB 64.210.156.18:443 ht-cdn2.adtng.com tcp
GB 64.210.156.18:443 ht-cdn2.adtng.com tcp
US 151.101.3.52:443 hw-cdn2.adtng.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 172.217.16.251:443 storage.googleapis.com tcp
GB 172.217.16.251:443 storage.googleapis.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 td.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 74.125.133.154:443 stats.g.doubleclick.net tcp
GB 172.217.16.226:443 td.doubleclick.net tcp
GB 216.58.201.99:443 www.google.co.uk tcp
ES 83.50.225.25:4892 tcp

Files

memory/1900-0-0x00000000743BE000-0x00000000743BF000-memory.dmp

memory/1900-1-0x0000000000410000-0x0000000000448000-memory.dmp

C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe

MD5 5d2230f9507200accc5a6defc551bdf3
SHA1 d502142597ff51da2124c3688ec677a81206f3ea
SHA256 02b05f38602f3f153a01bc5585e7a7482852bfb964cc8865905b584e62eb71b6
SHA512 31e9be6b7f98f2723ef8dc3e7863ccb0b9220368f013fa7735c4404d859a139753172758302b1844b9a9d8072ac0d734fa67d9d7bdb67ea41b1a20f98c9edd9e

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Mt5_Servers.exe.log

MD5 66aea5e724c4a224d092067c3381783b
SHA1 ee3cc64c4370a255391bdfeef2883d5b7a6e6230
SHA256 04b17cab961f973464bba8924f764edef6451d1774f2405d27ef33d164296923
SHA512 5d719e303f491d1443cb7c7e8946481e90532522a422c98f82466e1eddcd1ef24a4505dcbf75f2191fbb66825d3550566d7f408a3854edeb4c1a192c8c9a6d06

memory/3312-5-0x00000000743B0000-0x0000000074B61000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp6169.tmp

MD5 c37d1bd58f29daae6573ed1ab1b00763
SHA1 3ade010a47d3f9fd5964c3990ebca5f568bc4001
SHA256 52b097cec40ccdb94fae545fe77de2a3e5f4fd0d1935aa069bac20fd3ca515ea
SHA512 6beb0ee089a9d044233634771de0a895bf87e2f040f663f348199cd3682885d3dc05f53182a9eca578cbc13c8ae5395cd94ffb2268b9c04d923d6f3d36e0e72b

memory/3312-8-0x0000000005870000-0x00000000058D6000-memory.dmp

memory/3312-11-0x00000000743B0000-0x0000000074B61000-memory.dmp

memory/3312-12-0x00000000743B0000-0x0000000074B61000-memory.dmp

memory/792-13-0x00007FF71B610000-0x00007FF71B708000-memory.dmp

memory/792-14-0x00007FFC658F0000-0x00007FFC65924000-memory.dmp

memory/792-19-0x00007FFC653D0000-0x00007FFC653E7000-memory.dmp

memory/792-22-0x00007FFC65000000-0x00007FFC65011000-memory.dmp

memory/792-21-0x00007FFC65390000-0x00007FFC653AD000-memory.dmp

memory/792-20-0x00007FFC653B0000-0x00007FFC653C1000-memory.dmp

memory/792-23-0x00007FFC56560000-0x00007FFC5676B000-memory.dmp

memory/792-24-0x00007FFC64FB0000-0x00007FFC64FF1000-memory.dmp

memory/792-15-0x00007FFC570D0000-0x00007FFC57386000-memory.dmp

memory/792-16-0x00007FFC65C70000-0x00007FFC65C88000-memory.dmp

memory/792-18-0x00007FFC653F0000-0x00007FFC65401000-memory.dmp

memory/792-17-0x00007FFC657D0000-0x00007FFC657E7000-memory.dmp

memory/792-30-0x00007FFC64F00000-0x00007FFC64F11000-memory.dmp

memory/792-29-0x00007FFC64F20000-0x00007FFC64F31000-memory.dmp

memory/792-28-0x00007FFC64F40000-0x00007FFC64F51000-memory.dmp

memory/792-27-0x00007FFC64F60000-0x00007FFC64F78000-memory.dmp

memory/792-26-0x00007FFC64F80000-0x00007FFC64FA1000-memory.dmp

memory/792-25-0x00007FFC554B0000-0x00007FFC56560000-memory.dmp

memory/3312-31-0x0000000005840000-0x000000000584A000-memory.dmp

memory/3312-32-0x00000000061D0000-0x0000000006776000-memory.dmp

memory/3312-33-0x0000000005D10000-0x0000000005DA2000-memory.dmp

memory/3312-34-0x0000000005D00000-0x0000000005D0A000-memory.dmp

memory/792-47-0x00007FFC554B0000-0x00007FFC56560000-memory.dmp

memory/792-65-0x00007FFC554B0000-0x00007FFC56560000-memory.dmp

memory/3312-593-0x0000000000A70000-0x0000000000A7A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ec33af3151fa3641dc3a0072d99195fe
SHA1 7c038bdf48e9e651c75683ddb7311fe2e346b11c
SHA256 fa12570513514edcb9933826217725845a9fd588c8d7a3c7304498b3fdc9f55a
SHA512 57e32c4731c8fb33e7c97f324d2d89381b616826a06486dcffc0ed4867bf3b341455f4f26d566d48f2fe17e698a45e56cd82c37a5b2466cf5cdef5755ba82d50

\??\pipe\crashpad_952_LZEIRIAWIJUSPJMO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 744f6c484393727f256bb925c2f27eda
SHA1 2cab0180f3c638992a4dbf1e74292e03b2d33643
SHA256 0c0a9805afa2d6e889669b063177dc14e4dd06d84a3fb5b6eb9661c60e6d1727
SHA512 43289ec07022b223fa156252a67e77a5a9a8e9865db5607bd9d99065d3b14ee60c8276e52eabeaeafd72260856fcad020d2774fc7caa53ee9bef293e05ad444d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b8b17a6fe610bac5a1b6f67fb7462406
SHA1 7dacc859a7afb16212f75b68f6b8e18b6a0acd37
SHA256 f4a9809671a9ba69b834514c0465ff7c15d7ff3d004f611614be821de266ba02
SHA512 cac3b8a25896bf348b3435e62d25d9ab60c153022abb6564b30ca9c2376511ed38186107550c95f40b07c55cd8c4ead5bd59a1c9e8c675ab39be0d5a9ffb5d72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66f48a55a7c59145f6ecc42042e9e299
SHA1 099818c49d3ef791e3e2173db7ee837a4d23a145
SHA256 7048b5cb8f12404e011dba03c7f930bde23b7a76aff18de0dba4ed2d9ce1d1ba
SHA512 3630582b1725a845285d9ea99cf80ef0339e0443450199cb5fc720868dbec4928ffa0a7e9883e9cb2d47e6125ed0422f764d58a81f930031955f82a3f8ad386a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 c7f0d5f3e7d494f2ae9e65f980394313
SHA1 bb3faf350be8bc171ff746d8253766390f72e3f8
SHA256 f7b9858f904374a28b0b07ef6df241b371a806bfe4661d9f1e01a970e22e8be8
SHA512 17c008e8da4dfdb2c3461d69b276d4217a913725b5131dc5b41dc3a830b140596cb093ee31648c399d012abe0c02c794b48fc90b69541404d8e883ce791198b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 d8899b1c0aa7c8e5836708fa76dfb119
SHA1 3ac6fbb49e7350221da7ee4d658efa239f2985eb
SHA256 106b6d9e8fab32613ec95b387848efc1a8b411ae4609237004009bd330e1a67f
SHA512 9f97e9187e145377992ecce519189fac8a3d13ee1c8fcef31b7aa1b2e5d1aacf0275fa031fddd40ab1bdfc855d549053f4dc43b65e6baf985924cad146d2bd2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 18d34a6b87d7f3baee8527e36ad1a6e0
SHA1 ae12fbafb6bcc3f3f6e5e372094e283c1d49cae3
SHA256 af94274c182c2b21367e57a11df16cb0d64ea8df598fed78966cb70ed0d07a99
SHA512 6e30e0b133d8a18ef609819c9496f06a2b596e9e1faed82134aea4c069a8b839c073f4a2ec438246cd154e18b1a12f17435d485f3f9c07781e9a83f82f5f4a4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f25c987b65e4b10f326412d7ff073119
SHA1 01c33a24e5c4182fe25f5e19db90aad21f1ee6e1
SHA256 0e49d5d4580e04cd5b16d61734666c671797651a9e8c6dd66f25e6b3a1b3f172
SHA512 19e5c5ed806b80c6e7ab50ea2e4f920252719b87d5f3972d8b2c820923389b7a1c1c9be41585cf7ff87a50fecce89195bd8232cbb41ac29e1d0500a00076f258

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d1c26.TMP

MD5 d822ff46d59433abc110a95155e382eb
SHA1 325701610d9679cc4556bc3e459b5848c8db0ebe
SHA256 2d2bb5782264e800c83191d196eff80354a498503add4e48607e347166fb1f60
SHA512 5bd456baf122fd3d720cccb1e4156a60acbd087f7557bf2dd5b650809b2c456a4d1cf61bb2fa30f7ba10b67eddd52d0a7c06f7a755d3c4c8e53a874433bcdd38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26c9b46e073038024054dd77b78c775b
SHA1 4641ba7a68e81299bcbb3c4ea3a1de36ea9df692
SHA256 835258d017185311129d2a87938947ef7dd7fb35b8283a1404cdcb22d8e5796d
SHA512 f06bfaf13f441cf23f169d178b6099623af621c77b3565366134fc2d6a2f87a6ee1256d02b6aa381a0de630c1cb63bf0decf52f9ebeb55c0ca06504a761b7274

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fbd5c82460bcdb0cd2f214a541191820
SHA1 8c0f3dde3b430b0c04fe534b89d33919663212bd
SHA256 8565493fec288804f81c751855fe2ee23dd984a5d2c2fe358944cf8b28709ecb
SHA512 10e268fbb9ae650d7338d47b573b46b6b58527043cb3d53874fc4caa0e53b3d3fcc2f6e5e9494dafa0be112afed0971957afebd83623a36b6630952e521176ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 12f463b1f3dc1f902d5f56f13389c2b7
SHA1 42b8fa1c44ed46c6d8b6e68979a0934f1e496226
SHA256 92849bdecc82ecb40518b739a956357341370584f8e5a26266417d285f534bb9
SHA512 df57e537f1bb99baefcdd49f311e6e78fa19a03b1ac50f8b0a1869b79a06b016bb8e8b6178b372d927586d38b29c91ee17778829308291cfddd40ae144150726

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c8c3c4aca879d3abaa5bcf8854c9d6c4
SHA1 2f2e2a5bc136361ab518acd952e9f5a591e9b296
SHA256 aa7a9f8fd9dc6d2573e89666f8150fdca794d36e2aecbe205196ac3a2b0309b6
SHA512 c5c0955f594eb6b62ae1a22841688308fb9b573d003ac26d0bf735989a5c3567cecda1a8a8388e748740a882439431193a5e823ab7150706439547ca65e50886

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6d549ece9522c0122d7ee5121d7245fa
SHA1 881661c98bcffe5c3c2b5a38e217997a3295ec8e
SHA256 45b2ffe0bc72f2cd9e12187220bd08a5f2ea23187fd8347336d3cb89e3d2eff6
SHA512 7c50f27d11cab54b6bec85bf59b560ceba8537663c8e6def4bce7703a9c67ff2abb84fe80ebba4d20188c4ef22a195cc515f7e84edc909f41bd0cfac226dccf6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 59ae15fb6fc1dcc3417093464c457622
SHA1 5295096e315590b4efcbf09d967122ea61116790
SHA256 a3731e88858657a5bedec5d05010fe0a8e310fc9f72898dbc6962c07cc9b5587
SHA512 43b4e8ac89df141ad6d7f798c9a93971ed2e5c2133ef36f260f8b6ef82eb25ce49f94bdfc0f41fc6f9f1121a9812efabfea22b2d5ec2e2d28123ee148f83a16b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e719e6877d39246b62c25d598587fdb4
SHA1 aa32a1f8015879293453c91e1e6b53bb0c339c94
SHA256 a22b1abbf04fbe890d235887de51089391d43ba06637251b79426899212a5f06
SHA512 90d5a19d6fbeda60822b72e35175460ca7dccbfafb56a7e392bc3dc8f61652bd299b6890e4def73cfe49a535b4bbac0ea75394522cb17b27aaa8a15efca7fb40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

MD5 0c0d5a2f88c6da63ffc451b8ac4df465
SHA1 a2cf5ab0ff7015d3877b45a97e2d7a9aa130451e
SHA256 24a03f76feea54f661141a5877c304428e9f866af237747006bf06d4c48bf914
SHA512 0c56ebc9caed771d7bc27c26ecd96fab3f0c3127fa5b340e60325cf2df88d6cfc75e17e0ae18591e047f8a04ad6f75c28002f634be5101ca84831f65018001e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 991f88728ca74a686079684a17916e67
SHA1 04b6c03a8c545cb6c0453c29701c865b21da958b
SHA256 821b28c84b3c262b85ffa2f40675a139e32a097cba44ba4015eb2503158f24cd
SHA512 6f920ceab11516a2c650d3e948177e63ed1635b97e830e7b35dfe92ddf73bb9d38b91f9ab696e9a48066c14c45fe2b0536b027321ac4cd5f50cba0b99b0cd68d

memory/3312-1068-0x0000000000A80000-0x0000000000A8A000-memory.dmp