hxxps://igg-games[.]cc/3388-command-conquer-renegade-free-download[.]html

Analysis

max time kernel
148s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
21/02/2024, 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://igg-games.cc/3388-command-conquer-renegade-free-download.html

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2408	Game.exe

Loads dropped DLL 3 IoCs

pid	Process
2408	Game.exe
2408	Game.exe
2408	Game.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3594324687-1993884830-4019639329-1000\{0C5D23C8-3DD3-4300-A7F9-13C6CF87DB44}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
1180	msedge.exe
1180	msedge.exe
4680	msedge.exe
4680	msedge.exe
1832	identity_helper.exe
1832	identity_helper.exe
1556	msedge.exe
3236	msedge.exe
3236	msedge.exe
1460	msedge.exe
1460	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	4940	7zG.exe
Token: 35	4940	7zG.exe
Token: SeSecurityPrivilege	4940	7zG.exe
Token: SeSecurityPrivilege	4940	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 2456	1180	msedge.exe	78
PID 1180 wrote to memory of 2456	1180	msedge.exe	78
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 5028	1180	msedge.exe	79
PID 1180 wrote to memory of 3040	1180	msedge.exe	80
PID 1180 wrote to memory of 3040	1180	msedge.exe	80
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81
PID 1180 wrote to memory of 2616	1180	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://igg-games.cc/3388-command-conquer-renegade-free-download.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd71663cb8,0x7ffd71663cc8,0x7ffd71663cd8
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6912 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6744 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,9825343580674371410,10770491455372815529,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1040

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\" -spe -an -ai#7zMap9254:132:7zEvent7219
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4940

C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\Game.exe
"C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\Game.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2408

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x0000000000000468
1⤵
PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c65e704fc47bc3d9d2c45a244bb74d76

SHA1
3e7917feebea866e0909e089e0b976b4a0947a6e

SHA256
2e5d6a5eeb72575f974d5fa3cdff7ad4d87a361399ffdd4b03f93cdbdec3a110

SHA512
36c3be0e5fbc23c5c0ad2e14cfb1cf7913bea9a5aeb83f9f6fcf5dbc52a94d8ccb370cef723b0cda82b5fba1941b6a9ff57f77ff0076a2c5cf4250711e3dd909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c3ea95e17becd26086dd59ba83b8e84

SHA1
7943b2a84dcf26240afc77459ffaaf269bfef29f

SHA256
a241c88bb86182b5998d9818e6e054d29b201b53f4f1a6b9b2ee8ba22dd238dc

SHA512
64c905e923298528783dc64450c96390dc5edbda51f553c04d88ee944b0c660b05392dc0c823d7fb47f604b04061390b285f982dfcc767c8168ccb00d7e94e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
33KB

MD5
fd2b58574f9637ba7ef639267349d848

SHA1
6eda5ea93f549ceb5693f6f1c038893fa56a510d

SHA256
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec

SHA512
9de7eb0ddaea236cbf912f4b87fa94c424cdea041e756200926c7e28bac860f69e0d9104a790678d1858cdd7101b25d1e25164a89f81a758f35bada3765c6893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
38KB

MD5
f208b7dd4c3e234e0f854f804d6b364e

SHA1
921b82204cb51d7c012838fc324fa9b0a9a0fe12

SHA256
ce5b45bea1fccf89400bd0c0961d19381ee84e4bd40a9eafe2aec1f5fc88b561

SHA512
110826b703d276d1972d7e55110752f321730445e38036fea320488e0817549a8f720c43c8e5040b4d55c2e3a179fcda9509d90a60829c3f304424fdab424562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
26KB

MD5
191cd87d59bcfbb734fca7bb92bbc245

SHA1
30514c4b000361fe9319ebbb84d5cf93b9b0a82f

SHA256
cf07e157a37761abad2d2ccf9385f5023fca4dad5a3594c6832274a1b5823c9b

SHA512
a72b2bfe8e6ba1fb307f4d89c1a38070261d315d36f12726c22b77fa90171fb28d6f62b112dcaad521aa09e89990ff810c363fa79e2e75b48329ddded879dc4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\66bcdb61a33350de_0

Filesize
272B

MD5
731a0255745fdcd840cf63c1e38d7831

SHA1
e8850b3817aeefdd86f4097c13e02460b21311af

SHA256
aab667c2c02f832f158ae45c353d925418dc5df844460757a1ab19265d564689

SHA512
28facce9a6b1b838a0d0d53888f3f5adcbba769073f7d25258d1024619b4262e1223a168684a1e9c5f37b7304fd855c2831e8419fd1a73b448b46651dec82ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78999619c12baa63_0

Filesize
96KB

MD5
51b6ddcabe891eacef559325302570d3

SHA1
871bb9ea85ec8dc96a78d36843c87b06258235ed

SHA256
0cce24490a839bf3918ee33792a0badc25c6fb682b574fb5c4ffd48c8929038a

SHA512
ce2accc81e173178a76e4584216a504b78a446dc9bafd3d459dcdb6187afef0f3585f42d7f86176482122d07ea3fd364cd6651fa6a196c0fc6bf1e32320ed413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4469b40538c1a8dfabb3020ae7ece386

SHA1
180026486ca04d310c1bd033ddbf27f6988dc3d9

SHA256
7ff873e6d6539f8f17ef2635d798a82cb92d81b7d0984edc33c27181116ca037

SHA512
c7ff4a3d35b52e3151cf0033db7e6c010eec9c66dd6b4b3f30b1212ba1f80f9bb78c07a1d773d2d2378b629c09fb17fc4c9d878ae5b9d8d11db1aac16b081605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2627d82889fc29475b90554e1d0b4523

SHA1
a855b5a904c58e244ea36c35d3d608ec99b672ef

SHA256
3b235a6040f90d94bcf031b20b127b456da6dd3060168e46dcc5977dc03f4d2a

SHA512
404c4bfebf2b0079e6b5a3e253395de011d7227052b1fc2eee87e72cba01eda8abfcbef4b9938199e5d2d97e85166530b0475414011be2b02b395ec2c244b06f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c87ba641b80cc41d24914ef9cd561676

SHA1
32913203a53d47a9eb085f85c66615ad37dc9cbb

SHA256
8f537d237df3a7a68dab17473c2a3d3c603c33ef44f44c87ca3ca89d3f4140bd

SHA512
751cb669fb4427d73d30348f63abb3919ff0c5c249952265d056f1393c6ea00583fc0dc55bac977c03af338b25c4dd2f59d4bf2cd5d6eb16227cee4704d2bee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
d490e925afa9d4c4245d41d76ccd948c

SHA1
66bc6717786f249b102f79ed1c680f7016f7fd43

SHA256
f7f39d271abb2853353663f42c82d3a22516f56da0a05c5e978c5973943d415b

SHA512
3faf9458164c37fe29b9de0d43cbceb2d37f836ad579f46bfc2ee11d5ead960af2574c5142979f43baf1d12ad69445112a4a9810d0bf72748221794f5bd76545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
987247260e015830a88e913c0a2006f6

SHA1
f842f040f71702d73da4cc4470b6cddd0214c062

SHA256
4faf3f4c015906b75162270b9ed540c110255cff33203a81eac17242ea9fea56

SHA512
86dde8e3de8be2bc1a5142cd96c31f30b99124c34e35e19adc829c184fc27cdc359ca65b3b0ee13b9392d7004bd59ad5988ff0a124d9e9d264e95ecd43a1fae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ff57e7148814996c75e5c70b88243f8

SHA1
14cada2a7623021e9d28781def2d26b1e9d3d138

SHA256
fbc6535afdfa87ec5d2a5977b931e88186263c479495eab2029b0a771a775dae

SHA512
058cd8113d15ab897d9f9818a74fa4ad11123c0fde2c586e3050f67c683b937b0b27c6d6a661948f0f302f000022f84261d0ae870c29c400bba7619bd0f28c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91ee4fdc92249f980443b53454272ef8

SHA1
0e5e0a03fab9c8624791cd5a2c43f1904ef63ce2

SHA256
6701c59c86af1ddf9c66f5fed8a764bd746f252b5dedadf5c5274b7ca8402345

SHA512
9f52134eb5391a8509fe564e5fdbe9b8829ac0953df767e7c94da94ff473aeb718d5357699f2f144b8dbdf1fe728ecc498c46ce2c863a4a7e0bfe63affedf684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5adf48f411fe655640377c3a298ae27a

SHA1
f1f38b8be1e41542a02cd839e9d9ee23ecb11833

SHA256
e806dc1aa43bdb1110366bb6e480390d8670278a58ce0d83f0d7dd91a16c5db9

SHA512
fac0373b3555e467142e5c1c4fe08ddeb5057fab7bd91279ec2c273f113868c8277c2d6d3c47ed9ea6e090996b5dbd22048a3c52069aa4cc66c5bf70798b5adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fc39f9f15d320ca6764f1d19e8ce114f

SHA1
041405b46ba0ddf8d7cf568084642a580d184f9f

SHA256
519230ff253bbf01f5cf5f760684629e3f2733ba4f3f3a9db7711a8f380fa96e

SHA512
813839ac304fdefb6c1f861e9ebe7e72a499b8f9f12ea5b351ec9d420ec78ae76060e4e8683ddd099ea0175ee4e1dadfb1af635c9cfd031b28818d352a6d3e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bfd6fdb3dbf7c4fcd33af40ac674fe52

SHA1
00b2f50d1ad2c875d473c163f6e7d9e0aa9a4f51

SHA256
50a7108f2b084c14364dc25bdb1c0cb4c30d5b733500e336221a4f1ce6e96f1e

SHA512
e59ad96f94f48a50c529b57492394069c83d38c49707cbb3d8b914dd0f84e2cde9f3489248e97b5517b69dad824a417d43731a70458b87920a4125e5b0158f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
27c2c1521cd6c414c2e48713b473486e

SHA1
674f350a2539ec054845c8fc7dd34ff90dce79b4

SHA256
def19af5809d7aad4a98577bfb80da5b77ce40dc3675159575d2a1b5c668736e

SHA512
6e06ce25d849875754041f6a8bf986e070b90afc9cfb451d9eec55313038ecdbec383b6b4c3c0e28411c52cf91fa2a6993cdcf2474ef6f055c8ef452fa2aee20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
31fbbc230f97d37d30fed1be32575483

SHA1
97713cb48949e089ff72cf37a5d64d249765b741

SHA256
47cce92c67edd79985045ea9e70dd8d0b2f175d1beae5fa18b039889812a3011

SHA512
5a80ecd324a2d3dd2ec69f4daafeaf194ef2cede6a533cc3485133c2399ab3da93da16cf142fd883dd0d72c0b7c7abcd6c1a37cbfdad83a9a456388a0a804b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
38ce6f1cfec96600f4d1db6be2227226

SHA1
91845c2584da22d710dacf667db5d3e78604e7ed

SHA256
b75514de348d9c2ee5d692271d2f0e80317d424d3ae69b28695dd1134c968ff7

SHA512
2787b19ec1a6d0a389de4f72cf7a9a8a93a6e88e8c595e3c6c729e366fcc06c05d19dfe2e75f6a70bb0dade0a13f5b4b29cd80fd9a7c8314fd14378bea2d396f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f00d.TMP

Filesize
48B

MD5
c204d3209a4774b1869bc9adfb98d626

SHA1
4087fb3b99745b8ae31a6ff9648b17a98665b4c6

SHA256
aad2072d483b73617eb0937edcdb02666abef25e6a32021c496977637bd2c031

SHA512
50575655366a406b7490e78563884ef47d7559a46dd9f90cc9ec5dd79e19370dee2c8eed37cca5fa98ed3f328f18f230c7924b529b50c37b41f4e7e8e9c5ea3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
abde217064678cc41b4a53c3f881959d

SHA1
b71630557251942ce7ca2d926c0c8f64f8312cd5

SHA256
c75f842564dc2e2e7e60af6f4df9f314c0515b73bdd8f7963132b2649002579b

SHA512
d50de9eeb41c7bb09b168b9e17342ded89e5b2e5d478f0c33520713aab5e1341350f0a43b767f39ec44c8e8bc966cf176781521901ce0011f6416728edf6513c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb7eae9b2303c34f6db1133e0ae52c3f

SHA1
bf22eff667ee6def0870a71d792bb92ead43ee6b

SHA256
0c6976d77694ff85cb7633b6c88702620c6146b9d786d6c5a5ecac5cc08b13b0

SHA512
17395b0749693b1d4c8932110ce99fe0cf3f3df2034a913fd7b3a48a0e0dd194d26908298bb1bb828a28388c7842f921cc0d965e33354092ed0d82c117650a3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6f9d36ea727c41cf394185d6442e1883

SHA1
957bfaf5a24f96c69e63c68e259e5f909f401cd7

SHA256
f8e92a158d633a5fee7d260c5ef745f7831a3145316e77b0594a66bed6401f3c

SHA512
8f9d72f7bb4421d1faa5146a881369427c69e9f3623ec4660c0bc5d355a51285b56fe18861095f1d99c0be7812b5b4a3f8e4e009f930bb1e1f7657b724a8d057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d2cee8daa55459826387ecb0c303dfba

SHA1
071e44a5d289936c2dd2e516cd71678a6095e120

SHA256
b4140f4e929ef97446da5b4febb9bce191c9d081b42ce1c2265bdd65728e9a46

SHA512
74e416a83f52cd87fe12360168cbe634cfe3b0fb119f0055e1ab2ee4d1570445bcdebca99301943b403175ecc1798ee4280e27e0c06ebf7e1ad71602840a4162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c544.TMP

Filesize
868B

MD5
ef4874c5d8ba90e0787dfa9896942ea0

SHA1
e8cfd4023d1e4756d3613a9cd5e41e9792f7bc38

SHA256
a4bb6b13d64115723195aec28a4f289f905ab563dac847837d69a4bee6f59df0

SHA512
d00d733fae3a0fbd7591da4e8cae7b38bb8fd272eba9348866251620aa65ebd633180c7b3d2cc0a569f4b6dd33dc3b57bf24de13693d5909da485604959f0544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
69219f707137b47402d668a51b790ad6

SHA1
6ea9f3d855446f63a7ac7b1dd121fe59c9b208d0

SHA256
1da0b8d098d139c1e91744c85733cc0aa26c0aa8e127f5c679d8f9d957e64832

SHA512
1cec71a45d9753fefe6229ab64e3cab8203db2d67442096c9574f98baebee72c5335a12da32f7bb0c19b4dd897b4b3cd481c411f059086578af6d441f7f0ca2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
19f8e95f5ed8dddbe886c63a22ec14c6

SHA1
3e1d0b2b6b69b77a7bfc590a984d81bfe3dd8101

SHA256
8120ad80a128111c714075d3abadbd05f7d93bcafa13fd9b70b64db8f73226d4

SHA512
340cf4b281aa908626d6acc0b15113a7d43ab63c9c8f0fa120e9e7b9e31adca957b72e75e033c6f0a017f81094064fb6874e6a8921e98959412ac4eff47a2ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
14047b339e96d515ebd0d72cc99b343b

SHA1
5ad919e193146b328db8171b849f2dffa480daf4

SHA256
8de25041f98ce747a05a76cb27c7b3b25194d932c355750e6256f71c90103d27

SHA512
3332c6a0c6d31a1ecb4f5122f5ed527e672c9b32831c7ea1eb233b2c57675b62fa03079afb0c8dbfbfe2f15751f648af83a9ef03b98a9eb2e8be09233dc66ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7c06f3da4de20bacf719e3eeb3635a35

SHA1
41ea3a8c8ec0ac5059fe0682b86a3ad8a48a9912

SHA256
d1ec45cc1fb1ed7b2192464f61bb1da3647653385b997fc0e4e88dee34beb432

SHA512
620da4b405cf7a79183e9304ceea52a3db7ca55565f39731e5e740c88317d0083380741a99286fd2f067f319996c1aa4512da5b3e7001a449f5a2a4dc566211e

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037.rar

Filesize
15.6MB

MD5
20610b643b324b8eef61bc75572af455

SHA1
81f57a99c72511f97f6fde0416db992b5e220bb2

SHA256
044960c9e75151aaa484189c519ed12d582ee2830d405175e9d4dcebffbe0305

SHA512
f5ec64f902d27697eed7e39b90e9cb863025efd4b8e0956b89d2a3261938e7467a07a41665279bd65165fd9cbe690be41a8586fcd24f8e02155b2c6fa473d7a6

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\BandTest.dll

Filesize
140KB

MD5
8c8b55d640ffcf77e04bbe3ef6a31098

SHA1
12772f7ae2f474690da07679f026d89462eee85d

SHA256
f40b962488c706a3ce7dcc7aa0d1ba0e166c1ccd6b00422e1c55bdd6698aabe6

SHA512
bc787877df1afa15e44a2eaf2de2df28f15f517329772bc8dc45e97c58ecd3132069f34c68eb407c03743aef799b26e7c5193682ef7d46e4cb8c684040973f7d

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\Always.dat

Filesize
5.2MB

MD5
3013e600b61c6a150560b1e12df9bcd7

SHA1
021d22f902052fdf8b3ed04d6c84b94545159fa8

SHA256
02049381fb58b27edc0766ffc3f3ff9e4173e643970d6eb96ff01ce22e5140e9

SHA512
285a82e9b7d86c5d8e1fac28676572a17739c452ee66f287ead26840b6d74448289b498dfc8a34e3b923b5ab7cd145531d6a11b0e89aae13a2ebc5e403e3fa38

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\Always.dbs

Filesize
5.0MB

MD5
80e9f98242246ccf76a1851e46312a9f

SHA1
396972cc3f65354a94b3e2880b8ad5c3288af344

SHA256
a28d5a3e1fbd48bdd498fae8324b496c713e2888fce2e8d5824fa8917570bac2

SHA512
74b8699d8bc1d993d39df14c5d80eaf1fa262a40fff70912089e9dbb049970d617d45cca7ccd196869ba82bafbd24e693731e1b91d244533b1450dc67f9833be

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\Always2.dat

Filesize
192KB

MD5
fa399ef4b949cd854cfa8378171e1e57

SHA1
79c9a440023edb33af65ca53098cae86feaeb284

SHA256
5db99f8a7be166a6389478b267ee3406d4c732f7f339f8055f03909276d1cb73

SHA512
a15519b175b32a66827b4a00574bb45b00b6094550b72c1ad8cdc9a4cfb54fe819a92a3eea7ff8157ab73bcfe1ec2790d9cc6199c9402871a6be24de84e66496

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\C&C_Canyon.mix

Filesize
4.9MB

MD5
c5ee370efa3e99dbad212afdd1b837d2

SHA1
a65f6b2f14a79551b54031c4c8f9ba84abf81e55

SHA256
70818364951df574eb6561a5464c65cf7c520e3435bc30ef1bdce696340926bd

SHA512
6b5b0b970375aa850438a83bb57b2c519f3cab3be0e1c1c3a5fcc40141eb187cdb5bd5cc07912024447f7c46dc057e625a1e2a3cae6c86ff5c17c139accd02a6

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\C&C_City.mix

Filesize
4.7MB

MD5
886227bd2e1b065a4533c0f49cf4fb0e

SHA1
2a05a52447c8c90059713909801e1007e5066da2

SHA256
a68b2af2ebc385ae10fa989734e2054d3d9d915825d71a90e1a707091a2c7736

SHA512
c14dc83259081e98dfe10bccc4ed81bdcfb415be58c4494be2ddd3b52999d45dae39e93aec19f50e8b4851ede6165d9038831baef12fbfe649ed2bd9019cbb9a

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\C&C_City_Flying.mix

Filesize
4.8MB

MD5
6127f75a5006f5ebd5abbe574ba3dab9

SHA1
cd49d9db9f0581fcf107618366eb228be70e14ce

SHA256
01ce72351c7cc5fdc10e2271069cc309e69ad400c6c609f8e5a4de9fe9ec4c5d

SHA512
aebb9455baac01da550231e1190e070a01aa1a07683d9e4d0338e49e70b1c3a59e9a05bdb20f85233fcd369bb1f35080f6b9edbe3a8085f4a4b2a03eab8397c9

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\C&C_Complex.mix

Filesize
4.7MB

MD5
3cbd2dfc2d81d5088c3842e91ae2f98f

SHA1
097acc61b347e73eb028e9123f50806a76f54301

SHA256
82ee81293c4a07912f0e1a46a429327efa851eb51aa708ce40e772680ae6bff9

SHA512
91251601c91772030fe81578b63f0a4497a49f7dd7ee867e3b0e813a9585bd027669d49cb1ef6515ad352aa40814eb139771be7c75712a60745cf1e62a89930d

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\C&C_Field.mix

Filesize
4.9MB

MD5
f0e49e4e373d3293d4745e0eade608f4

SHA1
7d76c14de53ebacb619dd14e1b9cb1350ae2d5b7

SHA256
0010a41e8b965761eb99198d9985b0a4f4e37d7a253974f10e3b14242aa5ea09

SHA512
96149c42086316eaa55e1c9106551cde143729608fa8cd288f2b6d6f757149429b277f7da32e1b1601d94f233c86745b6caaba67227da3bf1a7f9390f8564a5d

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\C&C_Glacier_Flying.mix

Filesize
4.8MB

MD5
94a6412bd5b29b29ec594def4a2df41a

SHA1
a8f3ffb48bae5d26c1a80b1b011a725dae54745e

SHA256
103378da65cba1dcc184198f4a09b8a0bbbdffc909e169b6782e19bd5353b512

SHA512
efe81736290b7c12fec9beed993df4832a55a27afc50351668c0bc462df6517c3ec86c9d0a7c3fc7ea6d11a6fd36c41abe968a122b9078834baed9a2537fefef

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\C&C_Hourglass.mix

Filesize
4.3MB

MD5
c62c36615bb66078949888557bc3eb09

SHA1
2e16d950fe8625b2d385a80086c1659de1b3372b

SHA256
2a7cf73b60601192dc010384049e9be5419af968df90fff8f6174b23626c368c

SHA512
bcd85424604c456d73bb2c384c745914cc3391a6bf41e1605ab1c75b706ca33e21870b6d366d35d50201050df43342b9c2e462fca45880146b289f5eab0bb690

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\C&C_Islands.mix

Filesize
3.8MB

MD5
a78ecd613dbe330d200b10a3595770a0

SHA1
ea28e15afaa5292c043324519b2241a23fe0f12c

SHA256
f88e4d9e60c9d041b1fc1ed4af1704d5d4601b5b0927e0e196ff05dee5fe291e

SHA512
e20d879e85e379465a0bea5fbe9ff5f4007244ad26824f55099349f7e8198e55583af5164f872074b7541895999c3dfa6b420d5f91d6d706bd72ccd2bbfaea3a

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\C&C_Mesa.mix

Filesize
3.6MB

MD5
60549fdc2ebc9bf51718a1d5a44d955c

SHA1
179fa50e23c20222703bf0b42904f84eb26c1727

SHA256
dfe78d7d96af79b730982dbe61b2155965d9b517df402248d3a599d1b62fae02

SHA512
33bb3c2097e475a2e6ab765bcab683e5d50e54fc178c40365aef75ff04b7a60ff383a61357d1bba6bae21b96947cb4c38b9515773ae8a20c1901df7e2bcd7a6e

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\C&C_Under.mix

Filesize
2.3MB

MD5
e2e5316f0d7d81f2d7468fb7cd3cd7bc

SHA1
46ec9713c934825f839bbb88f6b486697760190c

SHA256
aff294db2106713d3e68f0ae46b722b8fd73f075260ad1238d3ac5168dd95b08

SHA512
97aebd608163719184870c8c66b75c8cef2d67a5c0024a461831714ac3bfb6fa42be624293d9e5584a85ba58a8ec921b068d3e5919060ea98956c643aa2e0a10

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\C&C_Volcano.mix

Filesize
3.4MB

MD5
1a338f0d8ab6a13fa8b5f8bfa15a4939

SHA1
3570eb5c7309a8e7f4fe2937f7f0e2b6954eee97

SHA256
fba9c80d79852443211c9e7ecaa516046fdc2ab21c46c56002e9755540c9a9ac

SHA512
266db2b2f6cd6ded62c02a64596ca8c19cc34ebb893cffc6cd1b5b994b2efe7d048aff0ce0ec8d561b5767699f3b8a44012d8088f7455c856a0456b986a48504

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\C&C_Walls.mix

Filesize
3.1MB

MD5
bc240f77929f87462b955d1ebd0b74b0

SHA1
5539d7f08b0455f77ad772d5f155d1d7a29206f0

SHA256
9992488c8628882e4b433f489fb4b0f0859c5479a58a50cc18e28729041fbd54

SHA512
5bf031617fd40df585c741523eae36c8608479a8ed17d4d668f4deabb272c567685ef84ca838b4976e33cdc719c6992ecc631d8c4a22792405f4c7cf41a394fb

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\DATA\C&C_Walls_Flying.mix

Filesize
2.9MB

MD5
d4558ee567e364470bc44796b1b98c57

SHA1
22136ea1cd4355d2b1686885ae6269785fde7170

SHA256
ae30b4cbfcd7ac56c5f60d9db81a5b14f649fd5c5f89f7fae83dd31bc77f01a1

SHA512
a83294b90e2bfbb8821dbc4f3b35683a519198f1fe005d1c99317566a29df045462ea071a540c49656ea2c7514007f7ef262e12e3fb3da60662ad4e16b26dede

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\Game.exe

Filesize
4.2MB

MD5
8207dfcd9b83bb4acc10737b48cf5636

SHA1
d469bd9f56127c55163e94fd6346aa35a2e58cef

SHA256
fa36db94d2ffbdf33c2198472142eaf798db83af74ec76b445f34c9107aa8d16

SHA512
e516447907c0363bbbddb7ea9c233a2d20fddedc707650da0583494a267ec022349f7228affc8ace4e9a037679a911a9e68e3aa3cd727c994a4a8fe8fa0103bb

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\binkw32.dll

Filesize
298KB

MD5
c6deff3cacf529b3174ebe6fb9669544

SHA1
d8ff51ba54566af260eb358beda1529f3cb4ec04

SHA256
8a7afe9b64ff862cf61d7051af7275ff43140c3a2fe5b2956131912a09a5f647

SHA512
06aacd1904e6d7c394eeb97954d063cb478139dc9056f0222f3e8e6465ae2bad202e3da7358a69f88f4734e6084ca9730114336fdf3f6b25503cbae87a643d8a

Download Submit
C:\Users\Admin\Downloads\Command.and.Conquer.Renegade.v1.037\Command And Conquer Renegade V1.037\mss32.dll

Filesize
342KB

MD5
a60933a3e0b68d6deb0b5833398d4d6a

SHA1
f31351b95fe1485468d1adc94d39a0b860e4b3aa

SHA256
b4adfadcd8b873cd8f1117c4f6f160e3a925688096d4d2969ff83e5dbd502360

SHA512
2ae76761dfd92bd7e8c567639d59f8e4b86a4671da6327ee341c33df520c1d958fe4f090838449c05dace4ed50ca4e9af4689068989f383b542005968c116625

Download Submit