Malware Analysis Report

2025-06-16 00:52

Sample ID 241105-r85mhsvrhp
Target https://downloads.exodus.com/releases/exodus-windows-x64-24.41.6.exe
Tags
credential_access discovery spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://downloads.exodus.com/releases/exodus-windows-x64-24.41.6.exe was found to be: Likely malicious.

Malicious Activity Summary

credential_access discovery spyware stealer

Downloads MZ/PE file

Checks computer location settings

Unsecured Credentials: Credentials In Files

Executes dropped EXE

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies registry class

Uses Volume Shadow Copy WMI provider

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Uses Volume Shadow Copy service COM API

Uses Task Scheduler COM API

Checks processor information in registry

NTFS ADS

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-05 14:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-05 14:52

Reported

2024-11-05 14:54

Platform

win10ltsc2021-20241023-en

Max time kernel

85s

Max time network

87s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://downloads.exodus.com/releases/exodus-windows-x64-24.41.6.exe

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\exodus-windows-x64-24.41.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Squirrel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A

Unsecured Credentials: Credentials In Files

credential_access stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\be0b2b30-8fd7-4d74-ab10-21d974bb0362.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241105145259.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\exodus\Update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\exodus\Exodus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\exodus-windows-x64-24.41.6.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Squirrel.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\exodus C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\exodus\URL Protocol C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\exodus\ = "URL:exodus" C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\exodus\shell\open\command C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\exodus\shell C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\exodus\shell\open C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\exodus\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\exodus\\app-24.41.6\\Exodus.exe\" \"--\" \"%1\"" C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 729093.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2516 wrote to memory of 4660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://downloads.exodus.com/releases/exodus-windows-x64-24.41.6.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fffa0a646f8,0x7fffa0a64708,0x7fffa0a64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff702365460,0x7ff702365470,0x7ff702365480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6248 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6604 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,3764808173081969834,8983457199991405905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7084 /prefetch:8

C:\Users\Admin\Downloads\exodus-windows-x64-24.41.6.exe

"C:\Users\Admin\Downloads\exodus-windows-x64-24.41.6.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Squirrel.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --squirrel-install 24.41.6

C:\Users\Admin\AppData\Local\exodus\Update.exe

C:\Users\Admin\AppData\Local\exodus\Update.exe --createShortcut=Exodus.exe

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,15220299380433213891,15197731496888835081,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1988 /prefetch:2

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --field-trial-handle=2156,i,15220299380433213891,15197731496888835081,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2036 /prefetch:3

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --squirrel-firstrun

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,14077129461422072934,392851325466299504,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1976 /prefetch:2

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --field-trial-handle=2164,i,14077129461422072934,392851325466299504,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:3

C:\Users\Admin\AppData\Local\exodus\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\Exodus.exe"

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe"

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,6999366912671067155,10425075216320759700,262144 --disable-features=Reporting,SpareRendererForSitePerProcess,WebAuthentication,WebGPUService,WebNFC,WebOTP,WebUSB,WebXR,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1788 /prefetch:2

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --secure-schemes=exodus-nfts-api --bypasscsp-schemes=exodus-nfts-api --fetch-schemes=exodus-nfts-api --field-trial-handle=2036,i,6999366912671067155,10425075216320759700,262144 --disable-features=Reporting,SpareRendererForSitePerProcess,WebAuthentication,WebGPUService,WebNFC,WebOTP,WebUSB,WebXR,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1836 /prefetch:3

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --secure-schemes=exodus-nfts-api --bypasscsp-schemes=exodus-nfts-api --fetch-schemes=exodus-nfts-api --app-user-model-id=com.squirrel.exodus.Exodus --app-path="C:\Users\Admin\AppData\Local\exodus\app-24.41.6\resources\app.asar" --enable-sandbox --autoplay-policy=no-user-gesture-required --disable-file-system --disable-notifications --disable-permissions-api --disable-presentation-api --disable-shared-workers --disable-speech-api --disable-databases --disable-blink-features=FileSystem,MediaSession,Serial,WebAuth,WebBluetooth,WebHID,WebNFC,WebOTP,WebUSB,WebXR,WebScheduler,WindowPlacement,WindowSegments --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2448,i,6999366912671067155,10425075216320759700,262144 --disable-features=Reporting,SpareRendererForSitePerProcess,WebAuthentication,WebGPUService,WebNFC,WebOTP,WebUSB,WebXR,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2440 /prefetch:1

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --secure-schemes=exodus-nfts-api --bypasscsp-schemes=exodus-nfts-api --fetch-schemes=exodus-nfts-api --app-user-model-id=com.squirrel.exodus.Exodus --app-path="C:\Users\Admin\AppData\Local\exodus\app-24.41.6\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --disable-file-system --disable-notifications --disable-permissions-api --disable-presentation-api --disable-shared-workers --disable-speech-api --disable-databases --disable-blink-features=FileSystem,MediaSession,Serial,WebAuth,WebBluetooth,WebHID,WebNFC,WebOTP,WebUSB,WebXR,WebScheduler,WindowPlacement,WindowSegments --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2800,i,6999366912671067155,10425075216320759700,262144 --disable-features=Reporting,SpareRendererForSitePerProcess,WebAuthentication,WebGPUService,WebNFC,WebOTP,WebUSB,WebXR,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2808 /prefetch:1

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --secure-schemes=exodus-nfts-api --bypasscsp-schemes=exodus-nfts-api --fetch-schemes=exodus-nfts-api --app-user-model-id=com.squirrel.exodus.Exodus --app-path="C:\Users\Admin\AppData\Local\exodus\app-24.41.6\resources\app.asar" --autoplay-policy=no-user-gesture-required --disable-file-system --disable-notifications --disable-permissions-api --disable-presentation-api --disable-shared-workers --disable-speech-api --disable-databases --disable-blink-features=FileSystem,MediaSession,Serial,WebAuth,WebBluetooth,WebHID,WebNFC,WebOTP,WebUSB,WebXR,WebScheduler,WindowPlacement,WindowSegments --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2820,i,6999366912671067155,10425075216320759700,262144 --disable-features=Reporting,SpareRendererForSitePerProcess,WebAuthentication,WebGPUService,WebNFC,WebOTP,WebUSB,WebXR,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2812 /prefetch:1

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --secure-schemes=exodus-nfts-api --bypasscsp-schemes=exodus-nfts-api --fetch-schemes=exodus-nfts-api --app-user-model-id=com.squirrel.exodus.Exodus --app-path="C:\Users\Admin\AppData\Local\exodus\app-24.41.6\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --disable-file-system --disable-notifications --disable-permissions-api --disable-presentation-api --disable-shared-workers --disable-speech-api --disable-blink-features=FileSystem,MediaSession,Serial,WebAuth,WebBluetooth,WebHID,WebNFC,WebOTP,WebUSB,WebXR,WebScheduler,WindowPlacement,WindowSegments --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3508,i,6999366912671067155,10425075216320759700,262144 --disable-features=Reporting,SpareRendererForSitePerProcess,WebAuthentication,WebGPUService,WebNFC,WebOTP,WebUSB,WebXR,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --secure-schemes=exodus-nfts-api --bypasscsp-schemes=exodus-nfts-api --fetch-schemes=exodus-nfts-api --app-user-model-id=com.squirrel.exodus.Exodus --app-path="C:\Users\Admin\AppData\Local\exodus\app-24.41.6\resources\app.asar" --autoplay-policy=no-user-gesture-required --disable-file-system --disable-notifications --disable-permissions-api --disable-presentation-api --disable-shared-workers --disable-speech-api --disable-blink-features=FileSystem,MediaSession,Serial,WebAuth,WebBluetooth,WebHID,WebNFC,WebOTP,WebUSB,WebXR,WebScheduler,WindowPlacement,WindowSegments --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3512,i,6999366912671067155,10425075216320759700,262144 --disable-features=Reporting,SpareRendererForSitePerProcess,WebAuthentication,WebGPUService,WebNFC,WebOTP,WebUSB,WebXR,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --secure-schemes=exodus-nfts-api --bypasscsp-schemes=exodus-nfts-api --fetch-schemes=exodus-nfts-api --app-user-model-id=com.squirrel.exodus.Exodus --app-path="C:\Users\Admin\AppData\Local\exodus\app-24.41.6\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --disable-file-system --disable-notifications --disable-permissions-api --disable-presentation-api --disable-shared-workers --disable-speech-api --disable-blink-features=FileSystem,MediaSession,Serial,WebAuth,WebBluetooth,WebHID,WebNFC,WebOTP,WebUSB,WebXR,WebScheduler,WindowPlacement,WindowSegments --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3648,i,6999366912671067155,10425075216320759700,262144 --disable-features=Reporting,SpareRendererForSitePerProcess,WebAuthentication,WebGPUService,WebNFC,WebOTP,WebUSB,WebXR,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --secure-schemes=exodus-nfts-api --bypasscsp-schemes=exodus-nfts-api --fetch-schemes=exodus-nfts-api --app-user-model-id=com.squirrel.exodus.Exodus --app-path="C:\Users\Admin\AppData\Local\exodus\app-24.41.6\resources\app.asar" --enable-sandbox --autoplay-policy=no-user-gesture-required --disable-file-system --disable-notifications --disable-permissions-api --disable-presentation-api --disable-shared-workers --disable-speech-api --disable-blink-features=FileSystem,MediaSession,Serial,WebAuth,WebBluetooth,WebHID,WebNFC,WebOTP,WebUSB,WebXR,WebScheduler,WindowPlacement,WindowSegments --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3748,i,6999366912671067155,10425075216320759700,262144 --disable-features=Reporting,SpareRendererForSitePerProcess,WebAuthentication,WebGPUService,WebNFC,WebOTP,WebUSB,WebXR,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3728 /prefetch:1

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --secure-schemes=exodus-nfts-api --bypasscsp-schemes=exodus-nfts-api --fetch-schemes=exodus-nfts-api --app-user-model-id=com.squirrel.exodus.Exodus --app-path="C:\Users\Admin\AppData\Local\exodus\app-24.41.6\resources\app.asar" --autoplay-policy=no-user-gesture-required --disable-file-system --disable-notifications --disable-permissions-api --disable-presentation-api --disable-shared-workers --disable-speech-api --disable-blink-features=FileSystem,MediaSession,Serial,WebAuth,WebBluetooth,WebHID,WebNFC,WebOTP,WebUSB,WebXR,WebScheduler,WindowPlacement,WindowSegments --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3884,i,6999366912671067155,10425075216320759700,262144 --disable-features=Reporting,SpareRendererForSitePerProcess,WebAuthentication,WebGPUService,WebNFC,WebOTP,WebUSB,WebXR,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3784 /prefetch:1

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --secure-schemes=exodus-nfts-api --bypasscsp-schemes=exodus-nfts-api --fetch-schemes=exodus-nfts-api --app-user-model-id=com.squirrel.exodus.Exodus --app-path="C:\Users\Admin\AppData\Local\exodus\app-24.41.6\resources\app.asar" --enable-sandbox --autoplay-policy=no-user-gesture-required --disable-file-system --disable-notifications --disable-permissions-api --disable-presentation-api --disable-shared-workers --disable-speech-api --disable-databases --disable-blink-features=FileSystem,MediaSession,Serial,WebAuth,WebBluetooth,WebHID,WebNFC,WebOTP,WebUSB,WebXR,WebScheduler,WindowPlacement,WindowSegments --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4896,i,6999366912671067155,10425075216320759700,262144 --disable-features=Reporting,SpareRendererForSitePerProcess,WebAuthentication,WebGPUService,WebNFC,WebOTP,WebUSB,WebXR,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4900 /prefetch:1

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --secure-schemes=exodus-nfts-api --bypasscsp-schemes=exodus-nfts-api --fetch-schemes=exodus-nfts-api --app-user-model-id=com.squirrel.exodus.Exodus --app-path="C:\Users\Admin\AppData\Local\exodus\app-24.41.6\resources\app.asar" --enable-sandbox --autoplay-policy=no-user-gesture-required --disable-file-system --disable-notifications --disable-permissions-api --disable-presentation-api --disable-shared-workers --disable-speech-api --disable-blink-features=FileSystem,MediaSession,Serial,WebAuth,WebBluetooth,WebHID,WebNFC,WebOTP,WebUSB,WebXR,WebScheduler,WindowPlacement,WindowSegments --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5148,i,6999366912671067155,10425075216320759700,262144 --disable-features=Reporting,SpareRendererForSitePerProcess,WebAuthentication,WebGPUService,WebNFC,WebOTP,WebUSB,WebXR,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:1

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe

"C:\Users\Admin\AppData\Local\exodus\app-24.41.6\Exodus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Exodus" --secure-schemes=exodus-nfts-api --bypasscsp-schemes=exodus-nfts-api --fetch-schemes=exodus-nfts-api --app-user-model-id=com.squirrel.exodus.Exodus --app-path="C:\Users\Admin\AppData\Local\exodus\app-24.41.6\resources\app.asar" --autoplay-policy=no-user-gesture-required --disable-file-system --disable-notifications --disable-permissions-api --disable-presentation-api --disable-shared-workers --disable-speech-api --disable-blink-features=FileSystem,MediaSession,Serial,WebAuth,WebBluetooth,WebHID,WebNFC,WebOTP,WebUSB,WebXR,WebScheduler,WindowPlacement,WindowSegments --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5268,i,6999366912671067155,10425075216320759700,262144 --disable-features=Reporting,SpareRendererForSitePerProcess,WebAuthentication,WebGPUService,WebNFC,WebOTP,WebUSB,WebXR,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=5172 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 downloads.exodus.com udp
US 104.18.36.212:443 downloads.exodus.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 212.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 www.exodus.com udp
US 104.18.36.212:443 www.exodus.com tcp
US 8.8.8.8:53 uk.exodus.com udp
US 172.64.151.44:443 uk.exodus.com tcp
US 8.8.8.8:53 44.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 13.87.96.169:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 remote-config.exodus.io udp
US 8.8.8.8:53 remote-config.exodus.io udp
US 8.8.8.8:53 exchange.exodus.io udp
US 8.8.8.8:53 exchange.exodus.io udp
US 8.8.8.8:53 api.segment.io udp
US 8.8.8.8:53 api.segment.io udp
US 104.19.232.100:443 exchange.exodus.io tcp
US 104.19.231.100:443 exchange.exodus.io tcp
US 104.19.232.100:443 exchange.exodus.io tcp
US 104.19.231.100:443 exchange.exodus.io tcp
US 34.223.74.168:443 api.segment.io tcp
US 8.8.8.8:53 ctr.a.exodus.io udp
US 8.8.8.8:53 ctr.a.exodus.io udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 pricing.a.exodus.io udp
US 8.8.8.8:53 pricing.a.exodus.io udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 100.231.19.104.in-addr.arpa udp
US 8.8.8.8:53 168.74.223.34.in-addr.arpa udp
US 8.8.8.8:53 100.232.19.104.in-addr.arpa udp
US 34.223.74.168:443 api.segment.io tcp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 updates.exodus.io udp
US 8.8.8.8:53 updates.exodus.io udp
US 8.8.8.8:53 ctr.a.exodus.io udp
US 8.8.8.8:53 ctr.a.exodus.io udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 pricing.a.exodus.io udp
US 8.8.8.8:53 pricing.a.exodus.io udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 104.18.38.189:443 pricing.a.exodus.io tcp
US 104.18.38.189:443 pricing.a.exodus.io tcp
US 104.18.38.189:443 pricing.a.exodus.io tcp
US 104.18.38.189:443 pricing.a.exodus.io tcp
US 104.18.38.189:443 pricing.a.exodus.io tcp
US 104.18.38.189:443 pricing.a.exodus.io tcp
US 8.8.4.4:443 dns.google udp
US 104.19.232.100:443 updates.exodus.io tcp
US 172.64.151.44:443 uk.exodus.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 189.38.18.104.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
N/A 127.0.0.1:21325 tcp
N/A 127.0.0.1:21325 tcp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 ctr.a.exodus.io udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
GB 142.250.178.10:443 tcp
GB 142.250.178.10:443 udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 marley-p.exodus.io udp
US 8.8.8.8:53 marley-p.exodus.io udp
US 8.8.8.8:53 marley-p.exodus.io udp
DE 108.157.4.90:443 tcp
US 8.8.8.8:53 marley-p.exodus.io udp
US 8.8.8.8:53 marley-p.exodus.io udp
US 104.18.38.189:443 ctr.a.exodus.io tcp
US 8.8.8.8:53 avax-c.a.exodus.io udp
US 172.64.149.67:443 avax-c.a.exodus.io tcp
US 8.8.8.8:53 geth.a.exodus.io udp
DE 18.173.233.113:443 tcp
US 104.18.38.189:443 geth.a.exodus.io tcp
US 172.64.149.67:443 geth.a.exodus.io tcp
US 104.18.38.189:443 geth.a.exodus.io tcp
US 172.64.149.67:443 geth.a.exodus.io tcp
US 8.8.8.8:53 90.4.157.108.in-addr.arpa udp
US 8.8.8.8:53 67.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 113.233.173.18.in-addr.arpa udp
US 104.16.237.243:443 tcp
US 8.8.8.8:53 marley-p.exodus.io udp
US 8.8.8.8:53 marley-p.exodus.io udp
US 34.98.104.45:443 tcp
US 104.18.33.205:443 tcp
US 34.98.104.45:443 udp
US 104.18.38.189:443 geth.a.exodus.io tcp
US 8.8.8.8:53 243.237.16.104.in-addr.arpa udp
US 8.8.8.8:53 45.104.98.34.in-addr.arpa udp
US 8.8.8.8:53 205.33.18.104.in-addr.arpa udp
US 104.18.38.189:443 geth.a.exodus.io tcp
US 104.18.38.189:443 geth.a.exodus.io tcp
US 104.18.38.189:443 geth.a.exodus.io tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d9a93ee5221bd6f61ae818935430ccac
SHA1 f35db7fca9a0204cefc2aef07558802de13f9424
SHA256 a756ec37aec7cd908ea1338159800fd302481acfddad3b1701c399a765b7c968
SHA512 b47250fdd1dd86ad16843c3df5bed88146c29279143e20f51af51f5a8d9481ae655db675ca31801e98ab1b82b01cb87ae3c83b6e68af3f7835d3cfa83100ad44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

\??\pipe\LOCAL\crashpad_2516_BLBSONQOVZACYVJI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b9fc751d5fa08ca574eba851a781b900
SHA1 963c71087bd9360fa4aa1f12e84128cd26597af4
SHA256 360b095e7721603c82e03afa392eb3c3df58e91a831195fc9683e528c2363bbb
SHA512 ecb8d509380f5e7fe96f14966a4d83305cd9a2292bf42dec349269f51176a293bda3273dfe5fba5a32a6209f411e28a7c2ab0d36454b75e155fc053974980757

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f9055ea0f42cb1609ff65d5be99750dc
SHA1 6f3a884d348e9f58271ddb0cdf4ee0e29becadd4
SHA256 1cacba6574ba8cc5278c387d6465ff72ef63df4c29cfbec5c76fbaf285d92348
SHA512 b1937bc9598d584a02c5c7ac42b96ed6121f16fe2de2623b74bb9b2ca3559fc7aff11464f83a9e9e3002a1c74d4bb0ee8136b0746a5773f8f12f857a7b2b3cb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 37685d1a23d03ef7dbcd34f0565d09b9
SHA1 f0b48ba211ec5a17e8e5b33fb1b90ec709b92510
SHA256 b7aa72b45047f7eaf69683d063f16f883ec98998160527e090ab850be2324bdf
SHA512 2fb16b1f6bb02fe61c40025b6fab497078d13d269d426fd9979e4cca422ba2aa7f52dfe73b92e1b40260e2749f92fbfdb45f603ac01f14e1eaf7a134b346eed2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 5c7321568b83fb0c26ecd6c438db7fc3
SHA1 7f299008398ba350523ddf251935c6d3b7be01b9
SHA256 4c882fa3178ac856dbd7ef89945d79260eb4de91b54aa9fa2424620dfb5e0f01
SHA512 8d3c1229d1ad7f4d5da1ed233781478f531eac72b8578830eb24aac36f311f68ed7f4a532b7b73de5a56d306f17aaf226da33fcfa36f1965ebeb295f734ccbb9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 bc163d477a5835e20f6889aee32ed918
SHA1 5262f6225484b81f1e6b022a15ee6cb532cd85b2
SHA256 d2a18f7e57c3ed453f66302671a63a70bb84f4c882c95c952050b6b898326caa
SHA512 efeaa26a532a6ab886ec9c8d3b871b871c61b4a8f4ff226852a1fea08b5ce4ed1abc70a571a25cdc1e7e495886e2c6a01fb8b8f3933c7fe060752e7e69f7acb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8977f640-37c2-4095-a8a8-79eaecfb76f8.tmp

MD5 a3ad561fdbb8336a308560148911ce8f
SHA1 e7609f98f48c7166e4b3399118cf486792575c61
SHA256 5c6e269de0bdb4173f2086c445bf4f3d23074bd6ad1078dd2328cfeb898c399e
SHA512 8d4412be6fc71f900e55ae8c9cb8d580033b44a6541bc7c3789df6253ea520d8e70c843c970e65be0f9429d1c95372b50f5834abca076c05e455b4e23bf3fa94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cd2e697d1731525775f80d49259b1950
SHA1 3ddac254b02adf3881c09d892e4dab2c63daa7d5
SHA256 2bdaa5ce6a5848f917ea7f42f04b5e2c29929e90179536f8506a6f97412552d4
SHA512 60ac2955aba7f14b7963e2c1877b6be11b2b47aa75f0475859cabbc0fca44defe242048d9fec3f26c316875c44f52363c82a602749995e097a68fbdc0e612e43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 d3412a01d4c3df1df43f94ecd14a889a
SHA1 2900a987c87791c4b64d80e9ce8c8bd26b679c2f
SHA256 dd1511db0f7bf3dc835c2588c1fdd1976b6977ad7babe06380c21c63540919be
SHA512 7d216a9db336322310d7a6191ebac7d80fd4fa084413d0474f42b6eff3feb1baf3e1fb24172ea8abcb67d577f4e3aea2bc68fdb112205fc7592a311a18952f7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1ff4d82f22e4beb40c863f7fe34625cf
SHA1 f926631a2b120b7e83b53c79287af2f08082e486
SHA256 c48464b2ef5920b74aab9337d60e4ffe0c870ecfeeb258d41812233c04b6be77
SHA512 7f6a86dfd7b6ded2da5ec899bd87b8fc20778a133cc35de244f7939047efa727f2834486cd5fa78a45735e2ac3f685b90739e9de1e2b99d2adbee5ec1e9c87f0

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 c5f6cda4976ae38cd9fba3d1e5ebd244
SHA1 2006c37f01d010963a4331c42e579b87a2d16039
SHA256 dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4
SHA512 a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

memory/5856-238-0x0000000000460000-0x0000000000624000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

MD5 ba4d2c0d55d28082c95347a03a32bf10
SHA1 95542439419df2b947fe24731c3770aef9fb1d06
SHA256 8cfa173fa0465716c161baadefb04b8fd6492cd9aa511b38598411e12ea05ea8
SHA512 6ef767f2cdc30d5d40bdaac8e442aac88862a670aa5fb98eb5d88c2de7d6e6589156001b67b919facd200d682e5eeb69fbc3e9141cf948887eebd2cf55464223

C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

MD5 9b01c5eab2c0bbf63c29944e485c062d
SHA1 a8182f1d6363817757d9a4c652ca78591826c803
SHA256 eb59903ac99cd42ace0b9204c6f2696c61ced7ff9c94e4da1334b3b5356655fc
SHA512 edd950fc94e1c06960541527fda50f2da2f6c99206b691ab465eef69fdae491ca9e3d9b29c3e322f3590a64c73e59c0f24028e873557037a9807e83d946a383b

C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

MD5 f4fd06cc518f26026049ccce65a4ec81
SHA1 6298ba68c06b31f1ec19e7ce757c26ff3e6df3f7
SHA256 381905c1421a53741029db9ac3b9544bc39daabc8e14a8883ab0b64c5c0d2ca3
SHA512 e53583d6a33b8f4b8d9d71aa19b1027b2152e35bc1595ee62916be3f1eb95015b4b1ca70d6bdeaa54742c11a374ccd663062229ce22410dc3d2b96bf8d6538d2

memory/5856-312-0x000000000AC90000-0x000000000AC9E000-memory.dmp

memory/5856-311-0x000000000ACD0000-0x000000000AD08000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6594ae970e92395119dbbb448ac97c52
SHA1 2cab7374585019a7d9ae014e038b90dfc0d5c1a0
SHA256 e8917a08b4159ed93351ffac5f3274bc9f3365f0b33b6348c74ab8f7e72ada32
SHA512 4f90533267cfe8fb551aa86afee0b0468ab2f868e31b687e7f22a7012cd19e10ea98e99a39cf58b5ead6c31d5705dedcbbccd4cc346d0abc752f43f7916a3bb6

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\squirrel.exe

MD5 5341b31761b38bb6a42cb155aaea8661
SHA1 46a98e293a2596d51c8d4171b39fa2549def9d96
SHA256 55f4fdbd5fc93ded3565dd1af4d16479be3a27dab565243464107d8a1b114685
SHA512 906583cd16ef56dfe13c44fbb4556a0d7d9160e63ab0e6d798d526f5cb7466812a6bbabe95448d339bf8a7ef740229ce39964d2502880ad996dba418d0da6080

memory/2116-344-0x0000000000800000-0x0000000000A1C000-memory.dmp

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\ffmpeg.dll

MD5 1fdc2a1aa5a0b1f91ce58d7512552d83
SHA1 fe3e1ea910af454b87f2d6f285fbcd4fff945e91
SHA256 61bafa4f5c14ea6a923dd6dde550071b11959a9f05c8b0c9760d6224cb7714c9
SHA512 6f646a75005e02912f285e83a948e188b2ef868cd1cb73b01fc68de27aafc44e039141c7787c124490e38d8774091376a77b80d68039ab5816146aa81b363317

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 78861ea7bd4da5f004aaa6d0a8040e65
SHA1 79cfc2850824283d03a1b241c1c07e2f88fc9282
SHA256 abb150658acb567b0be7ed4795a76173a734730f52eca125989643fc8dae40d2
SHA512 81cee5e20ca416a5957efc7953df6ea692895c95fdb476b0503e4167167e1dde9392e8471f1dbd7ca7a3c3ed4b2b4bc2cf65836eac4235116b5df657ba754357

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\v8_context_snapshot.bin

MD5 a62fbbb671bf975ed46b42d9cf437bcd
SHA1 408b595b1dc6658533e0db1d35f509ab9ee70525
SHA256 a8bd22478c4f85afa836c89d3a7f52c606b17872fbbefce268b499bedede10ae
SHA512 87c934670df70afcced0ea5c73449a17ad27d5b6a25cedad9eb61634aaff8a42b713f578e861c2efbc77593793bba240a1495822b69c99a8ecaef64b07b6a62c

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\icudtl.dat

MD5 ffd67c1e24cb35dc109a24024b1ba7ec
SHA1 99f545bc396878c7a53e98a79017d9531af7c1f5
SHA256 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
SHA512 e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\resources.pak

MD5 756ffdd90a3e7837cb1d086e9d2a02a2
SHA1 594224dff9bc1b35368ece832e3ca43776e76743
SHA256 f299b8d2e59b047f8473e86d88a9ef20b447627c40b5d5a2ebb77c7144faca94
SHA512 198423de82a2f0747b722f1c965ede7760e4b2b5b1039c18fbadda2fa12f21013aa90b11521d16f94a04a74c2239ab5a82690d5bffbd0aeedb2b8ebece88e514

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\locales\en-US.pak

MD5 5c52a86b21633b55b383c20f16859b2f
SHA1 126585e68cb17f241351004e21c1d30e65de1cf6
SHA256 41123d72bd8e289e85bd35227aabb4cc61fe1de02b5cd7a7834e5ec200bc2078
SHA512 2a1b6a4becfb97d470cd7de74857edf2cc9cd4a77f377ccd9bf60c30539862ff1ac3ed6cc849632a3ed4ea0e5b92679f3cc5b4cb26cc7eaaa2bb2f4ae9974a6a

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\chrome_200_percent.pak

MD5 e9c1423fe5d139a4c88ba8b107573536
SHA1 46d3efe892044761f19844c4c4b8f9576f9ca43e
SHA256 2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa
SHA512 abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\chrome_100_percent.pak

MD5 cb4f128469cd84711ed1c9c02212c7a8
SHA1 8ae60303be80b74163d5c4132de4a465a1eafc52
SHA256 7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3
SHA512 0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\vk_swiftshader.dll

MD5 bc2527af8bb5f30b1e61865b79c2a1e0
SHA1 98c425a874ebd1571a1dbdb5036bb3dbf1c7bcea
SHA256 6c7ee879700f0fa43e22d09e79a1210513404e58fe08a2f743277586228c2155
SHA512 3c495b4d9b90382f0ee20d8e00779da5004b9f9474302771481c6e728266a6ed412263bd2b2b21a2ae369d825ebffe3b0af6e90a410a4835cf5111f3ab24fe55

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\libEGL.dll

MD5 2555648812ffb7254cb63e4825f1cdd2
SHA1 852686446b4118597c2133be2cf6f9bf58bbcf30
SHA256 b5a452481bb9996893b9cd3e5751b6605916d667260fc2bf7a4a9ff3ccea2828
SHA512 be253e47d8da14773ca690af1e7018726c35af526411bcb0d7f2633be7d327a1996f08d3d26b304d18fd267decda37e13a4d4fd31a337939e9df2419c00391cd

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\libGLESv2.dll

MD5 deeaa1b60afb22f2a328a799ff3f1d94
SHA1 6526a21a00d0ca61c6e3c5fb0edf1d936c190e30
SHA256 7378c79f8e2d296b03d7b1674a8265f57080653d97ec58c62862abce74076fc8
SHA512 3ea8c14b2a6213f3b3252b53a0751c5a9c73975b2540b5de39e35c069208bbef562f6bf699207928c11f7efbdb5fb8d802174bd87c946d82fa3249276ff33d38

memory/5672-399-0x00000000028E0000-0x0000000002900000-memory.dmp

C:\Users\Admin\AppData\Local\exodus\app-24.41.6\d3dcompiler_47.dll

MD5 c5c298d5e701758a0571f2224c8a1fb7
SHA1 b312458479a997ebce365541db3a01e073fbcf10
SHA256 3b562719c9257958c47d41161332ecc696980b9ea41e4a6472cc4791128f62af
SHA512 e660db863ee8ad0c31071f371ebcd9bd396aee9d4db66d2fadfc2cac0c3b9aec13d5f0ba89e5b4e7088f71111c835671fcc2e71ae4bd2d85ee91056aeb89da7b

C:\Users\Admin\AppData\Local\exodus\Exodus.exe

MD5 1fa34ec8fcd718406ca7e4581c1cf47b
SHA1 3a457a829f941f93501934133586cdaff42e027b
SHA256 c04cab3455b2675d9285770a3f8b5663d6992d3ddfc461c34913d8e8447f07c7
SHA512 313da2c45669553718b809899533ea7d902af7350b162d7258bbda54ff9944ae5e65c473ee75ca14118885779b9e1f9678ea6f70fad90d11ab668413399fabbb

C:\Users\Admin\AppData\Roaming\Exodus\Local State

MD5 dfff565766153091bf8a48328207d416
SHA1 b2383089d48bdca0e818a9780ded1e8939ec5868
SHA256 a6ae9fca3667eca78363ed0042f00102134c3a9623f2ea6a95205aacf9123de5
SHA512 a07150005eeae9ab80719fc62a65a0777bf384c6c4e9306801b67a125fb2e2c207b80ad62245fc46118d1c26112ca9d919ffb80042f77ce1cef169cdefac31c8

memory/5856-425-0x000000000A200000-0x000000000A292000-memory.dmp

C:\Users\Admin\AppData\Roaming\Exodus\Network\Trust Tokens

MD5 ba18bf06e5b76061522cdef07791ab8d
SHA1 3a237d7dc0ce618f9dadd49d9841548e3dd1302a
SHA256 9e73b896c702a73bc8cc8b2d8f9b8ffa303581802ebb26f95c34793a4cd12fca
SHA512 382012db8ae451368ad429c60cb7cd8e21842dfbbe8c7e8d43ede29cdfb06fb76774365d07e7eb1ec37874f4f99f75299d0629c4ca2583683a573919c026fd1c

C:\Users\Admin\AppData\Roaming\Exodus\Network\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Roaming\Exodus\Shared Dictionary\db

MD5 358d089087aa109e41f38ddda1ff8368
SHA1 42f68e8e7c6806485aab068ad2ef9d8992fe3867
SHA256 e1ea1994a9c238120944c0009b25c9b75c3b8acb5cc137a78cd4a8450c809130
SHA512 4630eba964ce1dccfbb8663f04141c91ff0a3cee399621637bdef17c696735316da23a5bf6f7235b9616005652d175e276e83c8aca5f99f9f3b4d9c713818553

C:\Users\Admin\AppData\Roaming\Exodus\Local Storage\leveldb\LOG

MD5 7fa6e54ad4eceff00ba94b542fc203ce
SHA1 5dd6eeb3c16e63ecb56611f2ba9b73bbd90ad656
SHA256 c71c9dc1fe212d7086749786bf765fb4f737951d2e29a90f81e2b1f1169cd666
SHA512 e6d088ac2a5dcf923959a8908ba9b79794ab549185c156422d598976be146ee357c88a2d00aab3b3027f8c2bcb1a915bdc609ccab192e8d8f3698b1ad0028ec0

C:\Users\Admin\AppData\Roaming\Exodus\Shared Dictionary\cache\index-dir\the-real-index

MD5 5fe15aa68fe4eb332141540ab4155627
SHA1 1c92141fbf4218fce4dbc5f92b499af2270e492d
SHA256 7119959985f7ba8926d0cb353e5ce2be42959fd5f017864ff922ce82dcd81460
SHA512 25ee85e6c80536f1594eb02e65be0be0dffe7f1b6b62688e302c37957b65119bbede84dcb4788f12957acfef39e6cee1d8421eebbd6cb4b65e5ce60dd5e14271

C:\Users\Admin\AppData\Roaming\Exodus\Shared Dictionary\cache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Roaming\Exodus\Preferences

MD5 3af821011542ab3d7cf76115354071fa
SHA1 f192f162f5ca0ebc05789b0a06cdcb17bf3e1035
SHA256 40cd2b78adad9f9fe68c02e0936bd81f0845da1b3550a40c299373187597f689
SHA512 e212e929424d2a4d08eabc1a9278f75563cf0a1edc6c511b41587a7475fd4db558526a770bb5580f00090352da86433329353d6eec726579f5a257b2c03b5090

C:\Users\Admin\AppData\Roaming\Exodus\Network\Network Persistent State

MD5 4df4574bfbb7e0b0bc56c2c9b12b6c47
SHA1 81efcbd3e3da8221444a21f45305af6fa4b71907
SHA256 e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377
SHA512 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b9bf518863883dde1967150ad3eed99e
SHA1 23763741ba9aeb7676c588cc687d611a94e3f6ae
SHA256 fa2a4832e6f45a47b628ea4f9cd5b99177a05a0ca17d2bda675d08cf1ab24911
SHA512 a71a5c528bb2d73b16d7c45e86350fb0d9695f3f7802941e11b8bc81948197c3c0f60632fef32055602808b74bc8d517ce667f83ba037827cf004a39677684f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 35b77e97b28dd66fe473b9368e1e7833
SHA1 d4d56960591adc2ef85db818a5daa1714483b2c9
SHA256 cc98a9fb20db3819738a0c7e0245af07571124a185c0979b4c63d6bfe1677d3a
SHA512 4b3592ed6940f9aee218d12adb8a921a37c0d3728b414a5b23a906e9f3b1c263f467af71989c451ca0a8543f53305401e93450169d817bb016791a57275b6f48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5875d7.TMP

MD5 78bfcecb05ed1904edce3b60cb5c7e62
SHA1 bf77a7461de9d41d12aa88fba056ba758793d9ce
SHA256 c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572
SHA512 2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 74eb5b6a3357368a2d2c2b59ef238c5e
SHA1 666722cca5b165d4b1ad3aa92718deea4601ce6b
SHA256 0a4f73614ebae7db9b0e767e01f0b9482a53079902f0243b76b7d201c6830faf
SHA512 c0cfcdbe8975e40c3bfe6b3ec6e01316077a79513b93f97aadac8db3c94c4e6cbba1114df1c67b4a3e09ee5d21d2e34f84205980a0445d430207a225b1c9c58c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 e69c43fde09fcf069df9ce1693ca9eb5
SHA1 6a43f0f46c2678fd3a1d4ccea9871883a7a260d4
SHA256 3f42d0bc118589e7ada0a9221e392c22669ee76c6c09cef0cf2ea025864b024a
SHA512 9bd73ca3654ad4f284776527b7357e7e47508fd831874429e6c729d5fb9522fc703d1c6d840e7397367274b7d9ff1eb1a56bdb5a23f175cdf962dfc7c7423afc

memory/2552-613-0x00007FFFAED90000-0x00007FFFAED91000-memory.dmp

memory/2552-612-0x00007FFFAFD70000-0x00007FFFAFD71000-memory.dmp

C:\Users\Admin\AppData\Roaming\Exodus\Partitions\wallet\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Exodus\Partitions\monero\Shared Dictionary\cache\index-dir\temp-index

MD5 8a5c591326f5bef703c3f534b198d86f
SHA1 e4b4c53d70a0ded5a0bb555f6b46c01a519fd49b
SHA256 214dcaba5edebe35278658fcd4c2d6c3afa4c14332df90f18ef394832a198cb3
SHA512 a7d07747b34490b19671e9eaaf669f7a213baff52abf74bdfeefa2077a87d254ad9dc4b943809f8262edf12064badae56734310bba1f5034267d5f11ff9c1e39

C:\Users\Admin\AppData\Roaming\Exodus\b0508c83-10e7-4490-bc67-eee29d5dc572.tmp

MD5 38f2defe96edd991d56f79b1266c90bf
SHA1 00d5bff3145654472568c69ea749c78dd08f5fe8
SHA256 4095e68d10336b78d9f6888f7e4e6dce36ca3b8127b0e19bf220ee789e5ea147
SHA512 133028b11167aa497a46f50ff32868ee1fe7ff632ab1938e7e748b65364c05fe858c679854fac20e5fd5c1dbce3639413ac1365c1cd8d25b89cdb96bb3206897

C:\Users\Admin\AppData\Roaming\Exodus\Preferences

MD5 d3ec4d2c1b3afbee5f3018af96bae804
SHA1 2a5cbfcb054e420f39e83d169cd636e95177c17b
SHA256 fe0fa3b378db618ce3c0ee2fe4b72e9a6389d0abd919a646330b0ae024fdd0ab
SHA512 840a14c7b5830b176a7f679e25cff78dca7c2e24de4309a0d9c8fdd119d97c2c954bc31baf6abdabb2c99632c7d9ad5b9e2f1fe88576662c4e5af90c0bd03cbe

C:\Users\Admin\AppData\Roaming\Exodus\Partitions\monero\Network\4b55a1b8-9748-41c8-a600-988233e5ada8.tmp

MD5 77a807eb59f3a5452c212bdc1e83bf0d
SHA1 d9cc940449ed3e2d57c2ae0a1e2e74c73f9059bf
SHA256 315f580ff1ff3b83c875368235218991b84c5fac253acb7a9efccce7d38040a7
SHA512 cba9a6eb57f2a8be8e1cd38e8a37eb304bc2905d4786bc82d4e3d31302d87848c8b46da846e4a5e6f6be4df9f9f087347dda01eee86509412e4fde180e80ac97

C:\Users\Admin\AppData\Roaming\Exodus\Partitions\network\Network\3e5e3ca0-bf26-4c94-8a9a-7f8f2b8ddac7.tmp

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b