Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: f64816e3d720fe790f522ad7b458fa53 --

Hashes
MD5: f64816e3d720fe790f522ad7b458fa53
SHA1: 7434a4d62256439a4985122916b70beab06d7948
SHA256: 34b76b9f49c488ea4618c02caf2046e2df4d87308fc4f2debb5a94b089e46e5f
SSDEEP: 3072:kEqQU5+dWfx5wFoTg/eKKKUrz+YCcVCQ+IWGbLG:kEfqSuT1XH+3cVCcy
Details
File Type: data
Yara Hits
CuckooSandbox/embedded_win_api | YRP/domain | YRP/contentis_base64 | YRP/keylogger |
Parent Files
70693cb87f047b3837c5fe24906d3676
Strings
		(c) Forex.com
Overrides
NonHedgingMode
ConfirmQuickOrders
ConfirmCloseAll
Mini terminal
\T=== Default settings ===
=== S/L and T/P lines===
=== Advanced settings ===
GBPUSD
EURUSD
USDCHF
USDJPY
AUDUSD
Please enable Expert Advisers in order to use the trade terminal.
Please turn on 'Allow DLL Imports' to enable the trade terminal.
Connect1
Wingdings
Connect2
Loading terminal...
Connect3
______________________________________
Connect4
The terminal will load on the next chart tick
The terminal cannot load
Please turn on "Allow DLL Imports"
Connect
BrokerServer
IsDemo
MiniMode
EAVersion
NonHedging
ConfirmQuickOrders
ConfirmCloseAll
HasSLTPLineSupportV3
SupportsInstantExecution
Terminal running
Terminal will close if the EA or chart is closed
({account: {
accountNumber: 
,currency: "
,isDemo: 
,accountServer: "
,balance: 
,equity: 
,floatingPL: 
,credit: 
,marginInUse: 
,freeMargin: 
,openOrders: 
,closedOrders: 
,brokerTime: 
,orders: [
ticket: 
,type: 
,symbol: "
,openPrice: 
,closePrice: 
,profit: 
,swap: 
,commission: 
,netProfit: 
,volume: 
,magic: 
,openTime: 
,closeTime: 
,duration: 
,expiry: 
,comment: ""
,comment: "
,symbolDigits: 
,symbolPoint: 
,symbols:[
!file:
\experts\files\
accountdata
symbol: "
,ask: 
,bid: 
,tickSize: 
,tickValue: 
,digits: 
,point: 
,spread: 
,minLot: 
,maxLot: 
,lotStep: 
,stopLevel: 
,lotSize: 
SlaveData
MetaTrader4_Internal_Message
MT4i - Trade terminal worker
symbols.sel
WindowDimensions
ACTION
news.wav
datEMAIL
CLOSEBY
PARTIALCLOSE
  QUICKSELL
 QUICKBUY
  CLOSEALL
CLOSEPOSITIONS
;CLOSEPENDING
stPCLOSEWINNERS
 UsCLOSELOSERS
BEEXIT
ORDERSL
ORDERENTRY
;ORDERENTRY2
ORDERTP
PUBLISH
OKAY:Published
ERROR:%L3000%
SLTPLINEREFRESH
OKAY:Refreshed
ERROR:%L3001%: 
OKAY:closed
ERROR:%L3002%. 
ERROR:%L3003%: #
ERROR:%L3004%. 
ERROR:%L3005%: #
OKAY:0
ERROR:%L3006%: #
ERROR:%L3009%. 
UseInstantExecution
ERROR:%L3012%. 
ERROR:%L3010%: #
ERROR:%L3011%. 
ERROR:%L3013%. 
ERROR:%L3010% :#
ERROR:%L3014%. 
ERROR:%L3015%. 
ERROR: %L3016%: #
ERROR:%L3017%: #
ERROR:%L3016: #
ERROR:%L3018%: #
OKAY:No action needed
ERROR:%L3019%: #
ERROR:%L3020%: #
ERROR:%L3021%
ERROR:%L3005%L #
ERROR:%L3016%: #
ngLERROR:%L3022%: #
= SERROR:%L3023%: #
 foERROR:%L3024%: #
SymERROR:%L3025%. 
MaxDeviation
ate%L3100%.
, s%L3101%.
   %L3102%.
iPe%L3103%.
s);%L3104%.
int%L3105%.
%L3106%.
/ D%L3107%.
his%L3108%.
nt %L3109%.
 0;%L3110%.
   %L3111%.
arS%L3112%.
Tim%L3113%.
640%L3114%.
ep(%L3115%.
  %L3116%.
  P%L3117%.
e("%L3118%.
ric%L3119%.
Sym%L3120%.
   %L3121%.
tim%L3122%.
ray%L3123%: #
==== Frequency of publication ====
==== Information to show about each order ====
@==== Orders to include ====
==== Advanced settings ====
publish-username
publish-password
Publishing...
Building data for publication
Sending data to MTI Live
RSOPublication successful at 
Manual opening deposit
(Successful)
Invalid settings
Failed to create temp file
Failed to compress temp file
Failed to read compressed file
Failed to create XmlHttp
Failed to connect to server
Failed to send to server
Server error
Failed to get response from server
Failed to contact server
Microsoft XML Parser not installed
Bad username or password
Server-side error
Please get a new version of the EA
Unknown error
\experts\libraries\
EURGBP
USDCAD
GBPCHF
AUDNZD
EURJPY
GBPJPY
EURCHF
publish-status
01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
icmarkets-demo
50,0,50,50
50,0,25,50
icmarkets-live
OptShowSLTPLines
OptConfirmSLTPLines
OptShowSLTPLabels
WIOptSLTPAllowTrendLines
1CTMLine-trend
1CTMLine-
1CTMText-
1CTMLine-sl-
ION1CTMText-sl-
1CTMLine-tp-
IC_1CTMText-tp-
Move of s/l on ticket #
. Adjusting line marker
Ticket #
: order s/l of 
 does not match line price of 
Working...
Closing ticket #
 because s/l line moved beyond current price
Deleting ticket #
Altering s/l on ticket #
2029/12/31
Move of t/p on ticket #
: order t/p of 
 because t/p line moved beyond current price
Altering t/p on ticket #
Trend s/l: 
Trend t/p: 
Trend entry: 
Buy-limit
Sell-limit
Buy-stop
Sell-stop
OptSLTPLineSLColour
OptSLTPLineTPColour
OptSLTPLineTrendColour
SLTPQueryResponse
Got query response from user
Asking for confirmation of cmd #
 on ticket #
SLTPQuery
User has confirmed SLTP command #
User has rejected SLTP command #
1CTMLine-p-
Price has breached trend-line stop on ticket #
Trend-line stop on ticket #
 has breached pending entry price
OptSLTPUpdateMarker
1CTMText-trend
1CTMText-p-
Move of entry price on ticket #
: order entry of 
 because entry line moved beyond current price
Altering entry on ticket #
OptSLTPLinePendingColour
1CTMLine-trendsl-
1CTMText-trendsl-
1CTMLine-trendtp-
1CTMText-trendtp-
1CTMLine-trendentry-
1CTMText-trendentry-
Deleting trendline s/l for ticket #
 because order no longer exists
 because order is closed
 because s/l has been set to zero
Trendline s/l for ticket #
 has been dragged to an invalid position
fffSetting trend-stop on ticket #
Failed to set s/l. Will do virtual stop.
Virtual stop: ticket #
 is below trendline s/l value of 
ON is above trendline s/l value of 
Virtual stop: pending entry for ticket #
1CTMTrendTemp
HAUser has cancelled ticket selection for trendline. Response: 
User has selected ticket #
A for trendline
Trendline added, but no orders. Removing trendline.
Already in user query. Can't ask for selection for trendline.
Deleting t/p trendline for ticket #
Deleting trendline t/p for ticket #
 because t/p has been set to zero
Trendline t/p for ticket #
Setting trend-profit on ticket #
Failed to set t/p. Will do virtual t/p.
Virtual t/p: ticket #
_S is above trendline t/p value of 
 is below trendline t/p value of 
Virtual t/p: pending entry for ticket #
 is above trendline s/p value of 
Deleting trendline for ticket #
Deleting entry trendline for ticket #
_A because order is filled
Trendline entry for ticket #
Setting trend-entry on ticket #
Failed to set entry
1CTMTemp
g5{6:4
;y'@,D
(UwwAc
F(ed}t
Q)W2S~O
U7Q=SN
U7Q!SF
O2]jQt
0yEhq 
>B(?nD
O@xjF-
P5O+Qf
R>_3]f
I3XVWp
M]?Q9Sn
I-o;(@
S9W5P~G/
sd_]!Eg
#pd_	!
S)W:Qn
`xJ5#s
`Smr`j
\2k>f4
(X?e5b
?CJhNg
YK6g5X
[}6=5H
T\Mkr_
rlQoOo
`R**sd
HL+15zK
(+1"yk
ew&H)Q
L2]vQL
Gh-"uF9 f
O"bR!S
td_A!Mo
b2{.F4
aJ`@,]
_H(;1U
_X,+5"
h45?>{M
+F4`d}t
s`WE,Oe
bbIr!y+
'vXYM#
oR2]DLp
"|N[ fM
t)"xN{
-h|g-,
10jMi[^
k3y6y(
cv0y66
rVE-[(
#bR/MgE
{0we_B
"bR*SiC
+h*q>S
CT+M2_VWt
CX?H2YJUp
UzSWDr"D
]\)G2UNQt
{ AboWfb
q5k6S(
)C%3y6
qQ6nc}m
'FlYU1
al9+1fy
45/}D]
a,H97R
,0:7Bj
30^WkIgF
`Smyg{
t2{6"8
WkM{%Yh
5-z6}5
1)z6\4
0pVC2X8
]eKz%]l
tE30sLkEeF
QgAG3M
$}i_H;
54<[eKt
(-+5ne
dr`]G/Oe
U7Q5A~
O::;5VE[
qQ6nc}m
E6:5?VK]
D:j\k%
>acee13
WzQUDfA\
T<;5 y
a81i+7
X'.\EI'
a645?T
6D`ee0
k3u>R4
}!5z7jc
Bus^c[
r,u>n,
_0<;57zKx
a,8)7Fo	
M45/Hz
JtuU6aego
O2YTP|
55u+xS
O,(+1+J[
XM!XYU(VU
Sd		\d
bAB88b
.qVC6X8
l2{6r4
3{.u4X
3}6w8T
b^|ET8
)63UZQl
e845?uE[
DisplayBrowser2
GetQueue2
SetQueue2
GetProperty
SetProperty
RemoveBrowser
RegisterWindowMessageA
PostMessageA
SendReport4
LoadLibraryA
FreeLibrary
ReadFile
SetFilePointer
MulDiv
GetParent
SetWindowPos
GetClientRect
ShowWindow
IsIconic
IsZoomed
GetAsyncKeyState
CFXTools32.dll
user32.dll
MTILive.dll
kernel32.dll
O[+[	^F2w
;YO5_N^P><:
dbYm=5O
1 `7znA
8"cP:M{
{Ed.x#