Malware Analysis Report

2025-04-13 23:01

Sample ID 250317-ncz6da1qx9
Target Mt5_Servers.exe
SHA256 02b05f38602f3f153a01bc5585e7a7482852bfb964cc8865905b584e62eb71b6
Tags
xenorat discovery rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

02b05f38602f3f153a01bc5585e7a7482852bfb964cc8865905b584e62eb71b6

Threat Level: Known bad

The file Mt5_Servers.exe was found to be: Known bad.

Malicious Activity Summary

xenorat discovery rat spyware stealer trojan

Detect XenoRat Payload

XenorRat

Xenorat family

Reads user/profile data of web browsers

Checks computer location settings

Executes dropped EXE

Enumerates connected drives

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious use of SetWindowsHookEx

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Scheduled Task/Job: Scheduled Task

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Checks processor information in registry

Kills process with taskkill

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-17 11:15

Signatures

Detect XenoRat Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xenorat family

xenorat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-17 11:15

Reported

2025-03-17 11:28

Platform

win10ltsc2021-20250314-en

Max time kernel

725s

Max time network

727s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe"

Signatures

Detect XenoRat Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XenorRat

trojan rat xenorat

Xenorat family

xenorat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\shutdown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\SysWOW64\cmstp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133866842261109577" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "75" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell\Open C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell\Open\command C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell\Open\command\DelegateExecute C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell\Open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\XenoManager\\Mt5_Servers.exe\"" C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell\Open\command C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell\Open C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3360 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
PID 3360 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
PID 3360 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
PID 1488 wrote to memory of 5644 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 1488 wrote to memory of 5644 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 1488 wrote to memory of 5644 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 1488 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SYSTEM32\cmd.exe
PID 1488 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SYSTEM32\cmd.exe
PID 2796 wrote to memory of 1572 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\fodhelper.exe
PID 2796 wrote to memory of 1572 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\fodhelper.exe
PID 1572 wrote to memory of 2020 N/A C:\Windows\system32\fodhelper.exe C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
PID 1572 wrote to memory of 2020 N/A C:\Windows\system32\fodhelper.exe C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
PID 1572 wrote to memory of 2020 N/A C:\Windows\system32\fodhelper.exe C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
PID 2020 wrote to memory of 5952 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 2020 wrote to memory of 5952 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 2020 wrote to memory of 5952 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 1488 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe \??\c:\windows\SysWOW64\cmstp.exe
PID 1488 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe \??\c:\windows\SysWOW64\cmstp.exe
PID 1488 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe \??\c:\windows\SysWOW64\cmstp.exe
PID 728 wrote to memory of 4484 N/A C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWOW64\cmd.exe
PID 728 wrote to memory of 4484 N/A C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWOW64\cmd.exe
PID 728 wrote to memory of 4484 N/A C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWOW64\cmd.exe
PID 4484 wrote to memory of 964 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
PID 4484 wrote to memory of 964 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
PID 4484 wrote to memory of 964 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
PID 728 wrote to memory of 1840 N/A C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWOW64\taskkill.exe
PID 728 wrote to memory of 1840 N/A C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWOW64\taskkill.exe
PID 728 wrote to memory of 1840 N/A C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWOW64\taskkill.exe
PID 964 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 964 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 964 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 5900 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 5900 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 5900 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Windows\SysWOW64\schtasks.exe
PID 1488 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 2264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 2264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 6108 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 6108 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 2388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 2388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 5244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 5244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 5580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 5580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4276 wrote to memory of 3784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4276 wrote to memory of 3784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe

"C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe"

C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe

"C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "Mt5 Servers" /XML "C:\Users\Admin\AppData\Local\Temp\tmpA1CE.tmp" /F

C:\Windows\SYSTEM32\cmd.exe

cmd /c start "" "%windir%\system32\fodhelper.exe"

C:\Windows\system32\fodhelper.exe

"C:\Windows\system32\fodhelper.exe"

C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe

"C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "Mt5 Servers" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2264.tmp" /F

\??\c:\windows\SysWOW64\cmstp.exe

"c:\windows\system32\cmstp.exe" /au C:\windows\temp\cd3vo5s0.inf

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}

C:\Windows\SysWOW64\cmd.exe

cmd /c start "" "C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe"

C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe

"C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM cmstp.exe /F

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "Mt5 Servers" /XML "C:\Users\Admin\AppData\Local\Temp\tmp6624.tmp" /F

C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe

"C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "Mt5 Servers" /XML "C:\Users\Admin\AppData\Local\Temp\tmp8D53.tmp" /F

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --no-sandbox --allow-no-sandbox-job --disable-gpu --user-data-dir=C:\ChromeAutomationData

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\ChromeAutomationData /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ChromeAutomationData\Crashpad --metrics-dir=C:\ChromeAutomationData --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffb83c5dcf8,0x7ffb83c5dd04,0x7ffb83c5dd10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=1880,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=508 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=1604,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1920 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=2124,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2144 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2896,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2908 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2912,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2920 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --extension-process --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3432,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3712 /prefetch:2

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4032,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4056 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4132,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4140 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4172,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4184 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4144,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4328 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4672,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4684 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --no-sandbox --allow-no-sandbox-job --disable-gpu --user-data-dir=C:\ChromeAutomationData

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\ChromeAutomationData /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ChromeAutomationData\Crashpad --metrics-dir=C:\ChromeAutomationData --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffb83c5dcf8,0x7ffb83c5dd04,0x7ffb83c5dd10

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2356,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2352 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=1872,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2388 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=2016,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2424 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2844,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2856 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2860,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2888 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=3900,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=3884 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3936,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=3956 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4008,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=3992 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4384,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=4396 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4568,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=4608 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4900,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --no-sandbox --allow-no-sandbox-job --disable-gpu --user-data-dir=C:\ChromeAutomationData

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\ChromeAutomationData /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ChromeAutomationData\Crashpad --metrics-dir=C:\ChromeAutomationData --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffb83c5dcf8,0x7ffb83c5dd04,0x7ffb83c5dd10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2108,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=1900,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2540 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=2112,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1880 /prefetch:8

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2868,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2924 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2876,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2936 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=3964,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=3976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=2836,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=4032 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=3960,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2860 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=3988,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=3984 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4608,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=4620 /prefetch:8

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\OptimizeClear.docx" /o ""

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2fc 0x2ec

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe"

C:\Windows\SysWOW64\shutdown.exe

"C:\Windows\System32\shutdown.exe" /s /t 0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39fc855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
NL 20.31.169.57:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.35:80 c.pki.goog tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.140.244.186:443 checkappexec.microsoft.com tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 216.58.204.78:443 clients2.google.com udp
GB 142.250.187.206:443 play.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 216.58.204.78:443 clients2.google.com udp
GB 216.58.204.78:443 clients2.google.com tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 172.217.16.234:443 ogads-pa.googleapis.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 216.58.204.78:443 clients2.google.com udp
GB 216.58.204.78:443 clients2.google.com tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp
ES 83.50.225.25:4892 tcp

Files

memory/3360-0-0x0000000074A7E000-0x0000000074A7F000-memory.dmp

memory/3360-1-0x0000000000F10000-0x0000000000F48000-memory.dmp

C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe

MD5 5d2230f9507200accc5a6defc551bdf3
SHA1 d502142597ff51da2124c3688ec677a81206f3ea
SHA256 02b05f38602f3f153a01bc5585e7a7482852bfb964cc8865905b584e62eb71b6
SHA512 31e9be6b7f98f2723ef8dc3e7863ccb0b9220368f013fa7735c4404d859a139753172758302b1844b9a9d8072ac0d734fa67d9d7bdb67ea41b1a20f98c9edd9e

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Mt5_Servers.exe.log

MD5 66aea5e724c4a224d092067c3381783b
SHA1 ee3cc64c4370a255391bdfeef2883d5b7a6e6230
SHA256 04b17cab961f973464bba8924f764edef6451d1774f2405d27ef33d164296923
SHA512 5d719e303f491d1443cb7c7e8946481e90532522a422c98f82466e1eddcd1ef24a4505dcbf75f2191fbb66825d3550566d7f408a3854edeb4c1a192c8c9a6d06

memory/1488-5-0x0000000074A70000-0x0000000075221000-memory.dmp

memory/1488-6-0x0000000074A70000-0x0000000075221000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpA1CE.tmp

MD5 c37d1bd58f29daae6573ed1ab1b00763
SHA1 3ade010a47d3f9fd5964c3990ebca5f568bc4001
SHA256 52b097cec40ccdb94fae545fe77de2a3e5f4fd0d1935aa069bac20fd3ca515ea
SHA512 6beb0ee089a9d044233634771de0a895bf87e2f040f663f348199cd3682885d3dc05f53182a9eca578cbc13c8ae5395cd94ffb2268b9c04d923d6f3d36e0e72b

memory/1488-9-0x0000000005DF0000-0x0000000005E56000-memory.dmp

memory/1488-10-0x0000000074A70000-0x0000000075221000-memory.dmp

memory/1488-11-0x0000000074A70000-0x0000000075221000-memory.dmp

memory/1488-12-0x00000000056F0000-0x00000000056FC000-memory.dmp

memory/1488-16-0x0000000006850000-0x0000000006DF6000-memory.dmp

memory/1488-17-0x0000000006340000-0x00000000063D2000-memory.dmp

C:\windows\temp\cd3vo5s0.inf

MD5 b16c886f906327b92eaa65a1e6083f0d
SHA1 ce2bbbad0b9e90c57bdb341ffd177665f164322e
SHA256 38a863d84497ec9a824bfaf5182796403fec02977c5b0138d94f28ee4658f04c
SHA512 f9b89078cd9ba0b1251b1bbe3d896f7a3d34faefbd4cc4fbd5c0a34b5a85d052dea3d9e55cdcf20e94de20bf6a47b5ddd7f5a38f678f267279e5295ba23e26fd

memory/1488-20-0x00000000011A0000-0x00000000011AA000-memory.dmp

memory/1488-27-0x0000000005B40000-0x0000000005B4A000-memory.dmp

memory/1488-28-0x0000000007900000-0x00000000079FA000-memory.dmp

memory/1488-29-0x0000000007BD0000-0x0000000007D92000-memory.dmp

memory/1488-30-0x0000000006530000-0x0000000006580000-memory.dmp

memory/1488-31-0x0000000007A00000-0x0000000007A76000-memory.dmp

memory/1488-32-0x00000000082D0000-0x00000000087FC000-memory.dmp

memory/1488-33-0x0000000007EC0000-0x0000000007EDE000-memory.dmp

memory/1488-34-0x0000000007F80000-0x000000000801C000-memory.dmp

memory/1488-35-0x0000000008020000-0x00000000082A0000-memory.dmp

memory/1488-36-0x0000000005630000-0x000000000563A000-memory.dmp

memory/1488-37-0x00000000055F0000-0x0000000005602000-memory.dmp

\??\pipe\crashpad_2912_IIVUMOROUTRFOMJB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\ChromeAutomationData\Local State

MD5 bf0dd5f4b7857a4fb6ae9ee4b513b5c7
SHA1 2c1b0769e2ece6be95dd58aebe6dc7e24df4ce33
SHA256 3791c07be2c5ec66008e2351869eca1e1ee86a32ac44990c29278e94b2b5dc00
SHA512 62cc2211923b93bf0af0726e06b4e3140e7a9251d2605fbbe5b6daaa01c645dc72d423313f54645c0dbdc8d5a9d87000c878b52a34af38017457c7385f55cf3f

C:\ChromeAutomationData\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\ChromeAutomationData\Default\BrowsingTopicsState

MD5 744f6c484393727f256bb925c2f27eda
SHA1 2cab0180f3c638992a4dbf1e74292e03b2d33643
SHA256 0c0a9805afa2d6e889669b063177dc14e4dd06d84a3fb5b6eb9661c60e6d1727
SHA512 43289ec07022b223fa156252a67e77a5a9a8e9865db5607bd9d99065d3b14ee60c8276e52eabeaeafd72260856fcad020d2774fc7caa53ee9bef293e05ad444d

C:\ChromeAutomationData\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 16c0033fd74093dd043d47d1d5c53020
SHA1 575f5fa53cfb6db49230af50f7e1dc17f9c61a51
SHA256 77dada8818138cfdf6d6dd699c25b0f39a200d09fcee180bdd01801a1a2ed0ca
SHA512 47803750db8d5f4102d031444d9fc99d550d75bef9609a5d1d9ec8e25819167f29b0ebf954823a0b6c6b02f49812252f4952b533f4dd53ae3484cf5205332f5e

C:\ChromeAutomationData\Local State

MD5 485e42af369d714d4ce4a5b6021ab11a
SHA1 50ee4a2e7db41416ab51809a4ae48abf25787988
SHA256 146ea698538f7a0bcdb6f2debd640dab6bf6c4c5f5ac39bfad9ba93f546ed69c
SHA512 4b7a43c4af205a0b0f1f3e6bfce42b36aed4229a6e9013e5d6caf166e0b8cb5366b6a13421ed7e3f4c519fe6c5d47b2c364d4acdd027e489d30e5f8dc1b98bc4

C:\ChromeAutomationData\Default\Secure Preferences

MD5 371befadf0edc1ee90c90599fe460d35
SHA1 9e19526143c97d5eee0af5f02aee210cf8d3f705
SHA256 0e7511cb39de92f07374e417633050b676442ce1961853d764c2a356f004041b
SHA512 9c8846415d1771d3e6f217e02c8c3dc75b19f858f2634e446cf229f304acd1968e856676b9cd686a9d7fd75283240f42b896cbb141b82440069bb8e02cfa99e5

C:\ChromeAutomationData\Default\Preferences

MD5 5994b9662100064c941aeaa43f332e4c
SHA1 8f6a5b1950d0628fb7a2a4d66a44871de28295d3
SHA256 12a7bdf6b5142f42dfd6079aa22c40b18842d324b6207b9a743cb38a1994154e
SHA512 722c894d6d71e541298eafe898236740604928b04a58906eeeb061b19d184be8e7afa79002a65fb340412f5d97dc2c5ea8fab932f12d17beaf35b4b0291b2dd4

C:\ChromeAutomationData\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e8da7.TMP

MD5 8e87a52afe60f1ce03b287d6e672248d
SHA1 c867999a1e5fcd74871a1f9ac21b78a120a2fe75
SHA256 41e9a0e438943e0f44b863e2949a3912c8c63e83dd80671752f973aa5ffb8d30
SHA512 f11a3eced1de794ed9dc9af3ef1b19b48e89a90561b6ff64882b29bcd6dda5b7548ad623266e8241019f16222a3003a50a7a23678950d4c757755aec94d98ddd

C:\ChromeAutomationData\Default\Network\Network Persistent State

MD5 cea8385e0d9393f3e72d898345b4bd63
SHA1 c2f6f1470c99bedbf70d0e1f3d92f9a032d7e10a
SHA256 88af61aa3d646bb24210c90c9fd28057d1c0d673d9c32d2d0c86743783bf70d6
SHA512 ec15fb1caf4c863ec29c8704c4595a8721a7fd9b7569bac88792ac4f6711d2305b94ee975e65ff3a78524dd44412ccd4c8eb84c066efc29a20a882a5dc3b2739

C:\ChromeAutomationData\Default\Network\TransportSecurity

MD5 7bd184e68a3a37159733c8593a7d617f
SHA1 a764f2582d5453dadd77499fb3bc398e2208b80c
SHA256 7a2a303f0106933a9198ac3562114c1050848a588527a76df63ac1750842e5cc
SHA512 42a6316ed90d0e5f25ec01726910490e6597e8f1efc8a7091731277d61e400539aef3958e6b6fb72fc87d28aa7060deb2171307d6fb25472fec933d19dd73737

C:\ChromeAutomationData\GrShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\ChromeAutomationData\CrashpadMetrics-active.pma

MD5 b0366599d64b0fc1adb2a712dcd02ee1
SHA1 b7a1c09ccd2846664cab5f76bd80b8e9f107acb0
SHA256 ae1bddb9e2cc97b0c9cd78ef3cd17553be6e5204677bd67e0b8f7fa27007f189
SHA512 d7de6d48285018f8b709c81ca01688126db7893ce9f48829524ee3122aa6f2200c7f78186b5a558d0b1ecf8157ee78a20064b63b45ab89f7aa0835b8409435d0

C:\ChromeAutomationData\Crashpad\settings.dat

MD5 877e1831bd7bef755e7954242558a2d7
SHA1 e4909c282432b5f3690004d582bfeee70cfc1417
SHA256 7e20c83558de0b01fc56cd81408362bbab99dfafea1fd76a9532647a637d75d1
SHA512 c1cac7411448b9fef011035624b43e512e8c7feb85660482e756beea38a96463e556700239e22ea43bc3ef58d2054fec07c44ac2f565164b9cf7ad4400d5bed2

C:\ChromeAutomationData\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\ChromeAutomationData\Default\Cache\Cache_Data\f_000005

MD5 3ae3bf0d2862a48df337b337cd9e40da
SHA1 12decab866f7c4296640aa3c7c0ef39c5d0dd87d
SHA256 e6e322fd36c865540479809ced2c00bfe41edb1a7db9425a0e455b727f4845fa
SHA512 eb61df0e3eee79bfa35058b44bf6e34b8a587b5b62756551aba484d7d60d27551dc6ce08d008b1fad35152e2afc658685fef14fd495db427f3d705b0e76cc334

C:\ChromeAutomationData\Default\Code Cache\js\index-dir\the-real-index

MD5 d7a2076312443818af7aaff888deafda
SHA1 e37bdce34e3d9d4b58cf3d1b35838be2ec602fcf
SHA256 e7af7aa2cf26507d234a2e609b404b2b397457bf375d4b72531f53266a4cee2f
SHA512 fb83afd2964c15b6d88e7608ec5c8509c9de8fa065bdb872e6451522c413e794533fde9ac04eaa9ee2e0b66c92e32ceb1dfeaa52b5f1e6ea2fb233cc6401fb02

C:\ChromeAutomationData\Default\Network\Reporting and NEL

MD5 47130b1690571336417c88634469c548
SHA1 dc952b5e7e9457b078e33ec09cbfb31ed0a75222
SHA256 27bc77d1477a23f0d004b2bcf5be8bdc3791dcb11aa5d400043ff4c557417587
SHA512 a7ccc2ce4ebafb42dbec3e6a1cc8bdb029061693f5bb4b9eb5df2242243b50f632ecfda3b31c77e2e29e2f157dd61de1bc7c8190ad3f6d21df79501120e904c4

C:\ChromeAutomationData\Default\Service Worker\Database\000003.log

MD5 9f1a0446e6aa1ebb7ef31a9ac4b37d0f
SHA1 addd25b08a96832e81a8e1cce6e1a5d87b786402
SHA256 a0e640f6727332dc5433c31be17e1ccbb17ef6d274ce7e47083bfcedd51590fd
SHA512 6af461979bfd3cd368bcf50bb72754398a98cb3dcec2423d1ea71e7eb9f4727d7eadfc4cb8aa5334f8c8b1360802d1eaecd8d90661ac6d4d33d6c75370c3edea

C:\ChromeAutomationData\Default\Network\Cookies

MD5 7a602cfae1c105f7bbbd92bfd6df519f
SHA1 d052a2c5417cf059c5e4a5d485a746443035a8d1
SHA256 21a7c4d26f4e194165fc22de4da5a5de52ab888a3c35810f6233bc9d2d1fce3f
SHA512 6144e1d939a0a76f2d68f63e56a0942f53b37ebce98699c47494dec3acbd2c155b2a054b6b13c6298a6570e5f06295b858e0ae683764eb4beb05d9ad397b78bc

C:\ChromeAutomationData\Default\Service Worker\Database\LOG

MD5 f9c6313cb02917f71283a75ca8ef2751
SHA1 9c6cf8ca1243e1dcda01298f416af9c4491b6442
SHA256 a99bfeccf018ab966e5012080609b80f4e53ad444f452d29169dfdf3ea177281
SHA512 61b53b8e09d13837fa6ef49f7a487f50b7d9a8b1b37864c31b49845221eb0f566e20ff3a12a2f31abaaf1e54b08693d5d33140fcd051bc1f6787de5c62918f80

C:\ChromeAutomationData\Default\Site Characteristics Database\LOG

MD5 e5b48e2df1f21e48581f6fdb1fefc8c2
SHA1 d5c036ea833e903cdc1737c94a972a17da9069b1
SHA256 c1f038c65fb43674f7df1a6c0a890f94ae0692c59954956ef4ade402029f2b86
SHA512 75f335490dd1396c0c4eb3d81be0f425ba8f18695e58910df1ca5dbc2d1602aba5b9c1a7f311cd139c34a95df104fe9e257960332d8116c3b5af3e0e1d371564

C:\ChromeAutomationData\Default\Shared Dictionary\cache\index-dir\the-real-index

MD5 43152d457bc29ffb8b8aee62cdf911a3
SHA1 66eba778cd63b4f507777ae020969f5b50d2f037
SHA256 17127dfbc33838a5ea58219587948b38faff2cf59cf391d243133d911533c5f0
SHA512 14da73e24cccac3577cb51be50c721e353fa10e516d0c29e5df1dbdd0ce8985446aa7292be5ba3bb7871abc95895660d31e41426b03b9f632521df5517b0cc52

C:\ChromeAutomationData\Default\Sync Data\LevelDB\LOG

MD5 6b8135a00966bc4a6a3a7712a9b54469
SHA1 4844a61401da103bcd6cd8c3159db6aa56da015f
SHA256 fb51c523b50058faabe98b4d581ef710c7e9cded56ae6a62cb596e6c38841f9e
SHA512 24c298ba775384112a14b6dcb85f411383e9fee31767c458287246cf203e1365b0b85ab9b6ac0c918e63a010e7e218661d25290ff560530833c7eb8a51a3ea22

C:\ChromeAutomationData\Default\Cache\Cache_Data\f_000006

MD5 9fe7c2b4a9f6544f0a728739b7de1b3b
SHA1 4c65cce42054956839c0643110da633955ee2e5d
SHA256 923648bd8061e605a81c0b8add9ee441fd9620cf57b8e1ba8d1f655aced8abce
SHA512 362256848ba6aa0388244a87eaaa78fa9f162c2145cc53f10ec4f206f669c939af5db690bf7cb81e3e1fabd2b11c73bba4ab8c7f30fdc3ab8993a85fd88fbfc6

C:\ChromeAutomationData\Default\Cache\Cache_Data\data_3

MD5 c2e1b4b97b29403e9623a54c404c7a02
SHA1 2d58b778e087520fd6c313a718692fa562d93990
SHA256 851f065cf83bff317edb22d4bd43046295c5f47c40f7cb82b30a14d5ec78f670
SHA512 76adf4854a12063597f413474f4f39c9cc48dec8d0f639bf98ee86ccf57856fc37353d49061bdaedd46cfbaf675fe6681d4245ff549695302ec726c086fdb35e

C:\ChromeAutomationData\Default\Code Cache\wasm\index-dir\the-real-index

MD5 94482eec5d93f0083925b12b69d12796
SHA1 ffc46b7310b23245ebd0930840fc3599f20bfb02
SHA256 1212f05112950d6fec60a6f3e9de08d87627ad8fb888c3f3395d138f7d5d19fc
SHA512 ad2bc6da4567a9926de6d3eb773527808c65a48b554778078c536a0c506048e34033572356a451e6249c78dc8c1e1b9a655d1f39544be010147889d90141845f

C:\ChromeAutomationData\Default\Cache\Cache_Data\data_1

MD5 501984b853089ed94a3d586f0ffb3966
SHA1 9031c7fbf2a68c4db2bd863c4ec667703029e450
SHA256 fac74942c512203d291671817bba5a8fafa8a54e0609d5e456a27bc26c72b965
SHA512 4f928fb3a805aa42d76f094c1b19211bbbe75f1df1c8ef960c7e678e344cbf5e628a56bbd6f8f216b4689583f8bfcfe1cc2634e8391173e62f479cea69fddbe7

C:\ChromeAutomationData\Default\Cache\Cache_Data\data_0

MD5 5d21d3d629531ca93207cdfdb759a21d
SHA1 98a1159c8fcb14ae06a33ba02ff05cfa098feae8
SHA256 2d1f32969717d376eb2f7483fa50d3fbd90a6c869c4e5f614027101f164c16c7
SHA512 d1699813adcef6033093d089ca3879824a77bc2b2b13f2a279581cbd1da7e06d85cbf56604b1cf41f79f596498af493c7c3572d4e90a1b8d3db2ae2cb239f5a3

C:\ChromeAutomationData\Last Version

MD5 a4710a30ca124ef24daf2c2462a1da92
SHA1 96958e2fe60d71e08ea922dfd5e69a50e38cc5db
SHA256 7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7
SHA512 43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

C:\ChromeAutomationData\Default\WebStorage\QuotaManager-journal

MD5 0e7cd1dfc7d2560b4190317f4cd4ac80
SHA1 94f2c00843aa0ccff73f3cece9b7f76eb475d837
SHA256 fd335710c1117703a3415bcd07fb6e06ddf5bc380179b30258a3bff0a00a0673
SHA512 3cb3e15f710b05e673c85f9b7742e4c5981aa5e1bebdfc501903d7ab82377d427d4bbdbd9774a051839628dd28c6431657d9c938c1cb8bcd46ae2b7c780dd041

C:\ChromeAutomationData\Default\Extension State\LOG

MD5 844cb20cab4999e4855b5f6da1ece2eb
SHA1 21fbf544a94c235ed3d6ba9d7d961680304d4690
SHA256 bddbe15e7dae86ead23aae785b57cb0f81d0b342d2ddb8fe569f675b68a52f46
SHA512 886b4eb081594a39787ba694bf858a4d324c70ebb78cbd4339e8674850b6d2603a711f471b43c32218df9750e0bc2ec5386f4a52229f38ebcc7c34b338a481ad

C:\ChromeAutomationData\Default\Session Storage\LOG

MD5 abd7e7e358783a3de581f0d29b1bf7ef
SHA1 cf24f2ad347c0d3748d3029f8ac6d1a502cc8bc6
SHA256 a894e51c83e75236c9d74a7a4ad6b709f02a205c2a9b749a9e6ab7752f06276e
SHA512 c84f9b0a481469d50fb2b6e91610328b6cd99658bdac6e92e6905fd2b38a171c15609447a7b62e78a66a1f8d5ee36436351b39ecd4c6d910935c051075fc4b75

C:\ChromeAutomationData\Default\Local Storage\leveldb\LOG

MD5 a2ecd4b31414f91326c5e7e331c2c040
SHA1 13a8ed6dbba5365e6a08957acd0ae2ee0eafd4dd
SHA256 21d8e4c75dfbc5bc345c99f2c4bf0fd895f31c5df3c844cbe14e57f151c7a37e
SHA512 06fc63061a5ca4157aad30a3e3c0ec57ceeafeda9770c1a87580aca7ac78204f0d1e566c5be91527158a5923ff719530bc549f0dbeef11f16b9e54c4e902ea9a

C:\ChromeAutomationData\Default\shared_proto_db\000003.log

MD5 e18c391ad084e9139bd94638efc7f8f1
SHA1 c1be85d4af510733c7a3d33df557813960638fe4
SHA256 a580436e8e14d59ca3859e00232dcdd5d2c47c81cb948bf2a5c723dbc626c9ae
SHA512 f05f3c2725c33d423b68bcbc8bc4343fc8ced5c54abba929567c93a60cc5c17f6adc66d5dcc9249867a382fd41023c2a24d5cb66716a04fe0f907a736a08bf05

C:\ChromeAutomationData\Default\shared_proto_db\LOG

MD5 22d21a333855f401b979fc2df08fba81
SHA1 d2443f4b3931a15070bdced29e5ff1b63acdfc8d
SHA256 5e87cfa91567fc2d4333c500e95022fc3e3c6c63a8f6ebc4b998145ce5238a02
SHA512 4b41cd27614717a89e8d019c50f783f5f68d8cf33b779dfcf6621eac9778dab15d2d9cb155b49a5e66ff409ae759218e163d9c020f7d6af2a19f2aa3fa2a584f

C:\ChromeAutomationData\Default\shared_proto_db\metadata\000003.log

MD5 44c565ee1b5704cc3a0a524f7b342f28
SHA1 e08e26db0a2ba208a6c5792ef1feeac5fdc80f17
SHA256 a4a0ef17b61e3e6b5ee73ba71ec1e157b47819b352ee25b39f26df7401249279
SHA512 3c2fab00ae32f2d167a00e31505334e2de976495af59499f9e8fe8400c3ec204d146efab1340cb702eb19c13629818e49e021c83dadbf8104e2b0cfec7d59e46

C:\ChromeAutomationData\Default\shared_proto_db\metadata\LOG

MD5 0db8f69b65d2ad71fc5f22214c18f215
SHA1 c6b5f6ec19de489c24df2d266f1fbb96d45d021d
SHA256 edb11007a598be94ee2042047ebf7a37e8b56e1a758a5556f487a4c703f8edb1
SHA512 50a889a9440cc7b520cc1b0869814cc15c350d872030e70f0b26e90f0014bb05009bff29fa5e6c8f7c72e7b36d29024ea9bb8950f814fe100b39965f4adbea4e

C:\ChromeAutomationData\Default\WebStorage\QuotaManager

MD5 548bd3db7df32db5794c8d969051e9fd
SHA1 e52f06105525b650f59c122a7cc6613b11ff8ee1
SHA256 8439f55472407cbcb8505f1fdd4da32a8b6ba6eb72d6123edbfd8705f1006ddc
SHA512 9c0ad65732a6dd5d4e2c623befbf3e5a6b8123a97452734aa97f9e16216b71bd2b6f4659be5f4ef4f5dbf9e50158974704b6cdfbb63f3cfe07e66d3484f4fb3c

C:\ChromeAutomationData\Local State

MD5 4fa24fbc5737792a09e920d3a41a2da1
SHA1 61cbd5402bd1814be28effa8d56a7d4c1b14e616
SHA256 55423b2cdf12f636fe4dfa256535beafa69aaafcbc7aab8b6f7838be2fcff520
SHA512 7257ca9af271923470ee7e9425af4cbc9d207d61bbdec5ade20d0a8d56364939e8ad14a377627bc9b7c850007b8a9ce8ba736285c8ad74bfde9a0e18639ed39d

C:\ChromeAutomationData\Default\Preferences

MD5 684fb8949b75fe68d8d688a86c2e648e
SHA1 99e8885e6dadce0932bedf53fc6b4a147697268a
SHA256 f17d76ae8064139f6e7c4ac11dc2d152c1a04934a72d40e7173b238ae519cc1b
SHA512 5d74b90bac7e1747737b4fd14f40c70117730ab15417926fb35acec8a7190469c1236b1dcfb7a7fab0bcfb3e153420add0d4af7e0bb8646f9a8147097af9a41f

C:\ChromeAutomationData\Local State

MD5 059898e0517d541df785b7f5f73db902
SHA1 31dc0715e6fe817a6bac8f09fc02df459c646987
SHA256 1911430bb6ef702b3387cbd42b1790ab39338f2cc45dcd669df497fcb8cdc057
SHA512 a1563f7aa0f02b8fa9d8eeac8b439999f151ead44d2df705d5c66a32e7bfe0e89228f41f3e0b27224936c5d89defb35d5595485436e63722970f6629680d9bdf

C:\ChromeAutomationData\Default\Preferences

MD5 f322c4db7b54a1f21791570689ddb6f7
SHA1 01c13150e85462f40b109d981e63466c5d9a805d
SHA256 124847c37dab8d9010777d5ff2a46949bb0bd6abf855312c9653379ab74f937c
SHA512 bcae5f1b314e265f4527ae9104d6f4686cd92966092b5459a0a01d922593da04b86052ec96fbe31e5037efe16e92283416c91067dd12b32708b8d876ae4e0706

C:\ChromeAutomationData\Default\Network\TransportSecurity

MD5 1b8f53fcc3b46a594654a7a0e6b18014
SHA1 e85c1172a5c8ba118539f9a7eda6e02bd364b465
SHA256 928dd588476e6af7630c247486e087311fe97fc2652c2657dcf3896fd2dbb3e4
SHA512 e8bdc90e43c5f6daed0cd783631122304904bf6aeb3c074ad4a909c86ac7e848697bc9ba55f3802e0a7678c6151098719af6d3d6a5b91d9005046c5ab4767982

C:\ChromeAutomationData\Default\Network\Network Persistent State

MD5 f7ab5f1823fd4ebdc943ab3778f44a3c
SHA1 00e1e436276cf7081ec2831b015d0243ad025b28
SHA256 42c648e53f9ce3d76ee6d51db8cbf6da955974cd8fff0e6ed0eae793deabf83c
SHA512 ae5b0153d7209080d4e431fc467d90dd19d48026ba0ab23b483c62cccfbd3ad9ab903cda95a8b5101922e5dbba61311e4d33244783a5a8501c1bc05267b50df1

C:\ChromeAutomationData\Default\e7ed475c-c303-4cfd-bf35-524c642a0acd.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\ChromeAutomationData\Local State

MD5 72ec919f68c8c16dcebc81566e825e5d
SHA1 21a777b367bd38c64cac92e0ea42bb178e06b9f5
SHA256 14be57e55629687d9f5fc98390b7c35da6870518ef78db48f8813b14b4f70322
SHA512 f104ce17887ef3985926d24d468cff2144a183a65b7db6f01c8faddd2899fa5761989998a06eb068d4002b8717c9fa06b3f3b25bd6c3ad09922192be483e4938

C:\ChromeAutomationData\Default\Preferences

MD5 77d70e1bcf25ecb5b2c315b557666b54
SHA1 826e7cb9d97c4d197fb2423d8b099df6116bcfc6
SHA256 f2706d5eff51a9c024fef163fffb51fe3d00858e4a39fee707a4f2c99b028048
SHA512 cf9542238938be55e51c1f5d90588bd0d2a6715b13e4d4e29fb7c7f3ba7b2b1f3683af8bc78fef1d5c333132656fc8588af924c0c22d368b59b0434ae511db46

C:\ChromeAutomationData\Default\Network\TransportSecurity

MD5 66ed69130aba8a47bf67b0b278534c89
SHA1 ede69e7e4da7c5a38ace0a5340db6216a9bf11a9
SHA256 a63f43ae4fcf2e58d8db2500b91119e9c9ab647ba7142376476113bafe27e9f9
SHA512 036e9d4d77170adc87bc959cba91d0991f43cfc827f63ab80e54268aea5db1b27b5b5ddff14e99faa0fb30da489a8c6754f1db16253f4ea65db44a33cf5a634c

C:\ChromeAutomationData\Default\Network\Network Persistent State

MD5 e305132260eb93d1b282265c7f32fd51
SHA1 74bf39f3350781ddf335877447cd9ab6bd33a37c
SHA256 c1ee1fcf7886123fe6af9839601634378d7abf997620005bcccd09192175fb15
SHA512 34ffb6e1d179c3df64be359d52ebe4a911f4278014bb8957c5cf27e5bac7401e73a7b0e8780b94a6ca69017cee94f2bc203a35e0a56fe21b351dcbcf91e06f4a

memory/6104-502-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp

memory/6104-504-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp

memory/6104-505-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp

memory/6104-506-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp

memory/6104-503-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp

memory/6104-507-0x00007FFB506B0000-0x00007FFB506C0000-memory.dmp

memory/6104-508-0x00007FFB506B0000-0x00007FFB506C0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 51fd5f0ed3721e2ad971c262e1d25db3
SHA1 9eaf0facf8bf360ddbd1c5cbd3792d28585c21fd
SHA256 6525b59f5b05580d992e42d4c6a4bbe71e431e0bc05c293646a37fcae2638d3c
SHA512 17cd2a6b8feeb1092e47263bcadc8d65dbf6b44c22786da8be3d1311e5c7022554362322838b3ff6354b366cec58177b53c280e90f04a4d14845b6648a9f0d3d

memory/6104-543-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp

memory/6104-544-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp

memory/6104-545-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp

memory/6104-546-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp

memory/5900-547-0x0000000007C50000-0x0000000007C5A000-memory.dmp

memory/1488-548-0x0000000005610000-0x000000000561A000-memory.dmp

memory/2020-549-0x0000000005030000-0x0000000005038000-memory.dmp

memory/3316-550-0x0000000002360000-0x0000000002396000-memory.dmp

memory/3316-551-0x0000000004F10000-0x00000000055DA000-memory.dmp

memory/3316-553-0x0000000005650000-0x00000000056B6000-memory.dmp

memory/3316-552-0x0000000004EC0000-0x0000000004EE2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_esrpisf4.3ei.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3316-559-0x00000000057A0000-0x0000000005AF7000-memory.dmp

memory/3316-565-0x0000000005DF0000-0x0000000005E3C000-memory.dmp

memory/3316-564-0x0000000005D40000-0x0000000005D5E000-memory.dmp

memory/3316-566-0x0000000006310000-0x0000000006354000-memory.dmp

memory/3316-567-0x0000000007770000-0x0000000007DEA000-memory.dmp

memory/3316-568-0x0000000007110000-0x000000000712A000-memory.dmp

memory/3316-570-0x0000000007300000-0x0000000007332000-memory.dmp

memory/3316-571-0x000000006F4D0000-0x000000006F51C000-memory.dmp

memory/3316-572-0x000000006F700000-0x000000006FA57000-memory.dmp

memory/3316-582-0x00000000072E0000-0x00000000072FE000-memory.dmp

memory/3316-583-0x0000000007340000-0x00000000073E3000-memory.dmp

memory/3316-584-0x0000000007420000-0x000000000742A000-memory.dmp

memory/3316-585-0x00000000074E0000-0x0000000007576000-memory.dmp

memory/3316-586-0x0000000007460000-0x0000000007471000-memory.dmp

memory/3316-587-0x0000000007490000-0x000000000749E000-memory.dmp

memory/3316-588-0x00000000074A0000-0x00000000074B4000-memory.dmp

memory/3316-589-0x00000000075A0000-0x00000000075BA000-memory.dmp

memory/3316-590-0x0000000007580000-0x0000000007588000-memory.dmp

memory/2020-591-0x0000000007890000-0x0000000007898000-memory.dmp

memory/1488-592-0x0000000074A70000-0x0000000075221000-memory.dmp