d1b9e3a7e548eedbbe122287b8589f1eb42023f77e8f7d6856dc1644f038f617

Analysis

max time kernel
86s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-11-2024 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tcmd1103x64.exe
Size

6.2MB
MD5

2bc1009b18915f773803aa5ce0c8c5aa
SHA1

e7ce87c81da0ed4eda263c0bc1a6e87ea2f5b6ec
SHA256

d1b9e3a7e548eedbbe122287b8589f1eb42023f77e8f7d6856dc1644f038f617
SHA512

cecff47bc915b4ca56ca6e524a78835adbe1d14d822f4e1fb7746fc9f5aeaa6ec50a4f2607b7b9a587165d30bce025395421a70832dfd08514fe44531d8d997c
SSDEEP

196608:fuoi4HImqMBbtrrxzf04DC4CycKkPpOMLvo:Gcz3uZlxOMk

Score

6^/10

discovery evasion trojan

Malware Config

Signatures

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\h:	TOTALCMD64.EXE
File opened (read-only)	\??\n:	TOTALCMD64.EXE
File opened (read-only)	\??\p:	TOTALCMD64.EXE
File opened (read-only)	\??\y:	TOTALCMD64.EXE
File opened (read-only)	\??\o:	TOTALCMD64.EXE
File opened (read-only)	\??\r:	TOTALCMD64.EXE
File opened (read-only)	\??\l:	TOTALCMD64.EXE
File opened (read-only)	\??\g:	TOTALCMD64.EXE
File opened (read-only)	\??\o:	TOTALCMD64.EXE
File opened (read-only)	\??\s:	TOTALCMD64.EXE
File opened (read-only)	\??\t:	TOTALCMD64.EXE
File opened (read-only)	\??\f:	TOTALCMD64.EXE
File opened (read-only)	\??\n:	TOTALCMD64.EXE
File opened (read-only)	\??\y:	TOTALCMD64.EXE
File opened (read-only)	\??\z:	TOTALCMD64.EXE
File opened (read-only)	\??\b:	TOTALCMD64.EXE
File opened (read-only)	\??\b:	TOTALCMD64.EXE
File opened (read-only)	\??\e:	TOTALCMD64.EXE
File opened (read-only)	\??\f:	TOTALCMD64.EXE
File opened (read-only)	\??\j:	TOTALCMD64.EXE
File opened (read-only)	\??\h:	TOTALCMD64.EXE
File opened (read-only)	\??\l:	TOTALCMD64.EXE
File opened (read-only)	\??\p:	TOTALCMD64.EXE
File opened (read-only)	\??\u:	TOTALCMD64.EXE
File opened (read-only)	\??\k:	TOTALCMD64.EXE
File opened (read-only)	\??\u:	TOTALCMD64.EXE
File opened (read-only)	\??\j:	TOTALCMD64.EXE
File opened (read-only)	\??\v:	TOTALCMD64.EXE
File opened (read-only)	\??\x:	TOTALCMD64.EXE
File opened (read-only)	\??\z:	TOTALCMD64.EXE
File opened (read-only)	\??\q:	TOTALCMD64.EXE
File opened (read-only)	\??\r:	TOTALCMD64.EXE
File opened (read-only)	\??\i:	TOTALCMD64.EXE
File opened (read-only)	\??\q:	TOTALCMD64.EXE
File opened (read-only)	\??\x:	TOTALCMD64.EXE
File opened (read-only)	\??\m:	TOTALCMD64.EXE
File opened (read-only)	\??\a:	TOTALCMD64.EXE
File opened (read-only)	\??\s:	TOTALCMD64.EXE
File opened (read-only)	\??\v:	TOTALCMD64.EXE
File opened (read-only)	\??\w:	TOTALCMD64.EXE
File opened (read-only)	\??\a:	TOTALCMD64.EXE
File opened (read-only)	\??\t:	TOTALCMD64.EXE
File opened (read-only)	\??\i:	TOTALCMD64.EXE
File opened (read-only)	\??\w:	TOTALCMD64.EXE
File opened (read-only)	\??\e:	TOTALCMD64.EXE
File opened (read-only)	\??\g:	TOTALCMD64.EXE
File opened (read-only)	\??\k:	TOTALCMD64.EXE
File opened (read-only)	\??\m:	TOTALCMD64.EXE

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_ROM.MNU	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_ITA.MNU	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_NOR.MNU	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\HISTORY.TXT	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\TCUNINST.WUL	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_CZ.MNU	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_DEU.INC	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_ESP.LNG	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\TCMADM64.EXE	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\TOTALCMD.foo	TOTALCMD64.EXE
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_POL.INC	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_SWE.MNU	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\TCLZMA64.DLL	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\vertical.bar	TOTALCMD64.EXE
File opened for modification	C:\Program Files\totalcmd\vertical.bar	TOTALCMD64.EXE
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_FRA.LNG	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_HUN.MNU	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_HUN.INC	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_ROM.INC	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_SK.LNG	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_SK.MNU	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\FILTER64\vmr9rotator.dll	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\TOTALCMD.foo	TOTALCMD64.EXE
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_DUT.INC	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_ENG.MNU	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_FRA.MNU	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\FILTER64\AutoPitch.dll	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\TCUNIN64.EXE	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\CGLPT64.SYS	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\KEYBOARD.TXT	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_SVN.MNU	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_SWE.MNU	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_CHN.INC	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\FILTER64\SoundTouchDLL_x64.dll	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_DEU.MNU	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_POL.MNU	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_KOR.LNG	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_CHN.LNG	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\NO.BAR	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\NO.BAR	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\TCUNINST.WUL	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\TCZSTD64.DLL	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_ITA.LNG	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_NOR.LNG	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_SVN.INC	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LIBDEFLATE64.DLL	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\UNRAR64.DLL	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\WCMZIP64.DLL	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\TCMADM64.EXE	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\TCMDX32.EXE	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\TOTALCMD.chw	TOTALCMD64.EXE
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_POL.INC	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_KOR.INC	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_RUS.MNU	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_SWE.LNG	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_SWE.INC	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\TCUNIN64.WUL	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\WCUNINST.WUL	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\BLAKEX64.DLL	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\TOTALCMD.CHM	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_DAN.MNU	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_ESP.INC	tcmd1103x64.exe
File created	C:\Program Files\totalcmd\LANGUAGE\WCMD_SK.LNG	tcmd1103x64.exe
File opened for modification	C:\Program Files\totalcmd\LANGUAGE\WCMD_KOR.LNG	tcmd1103x64.exe

Executes dropped EXE 2 IoCs

pid	Process
2540	TOTALCMD64.EXE
1816	TOTALCMD64.EXE

Loads dropped DLL 25 IoCs

pid	Process
340	tcmd1103x64.exe
340	tcmd1103x64.exe
340	tcmd1103x64.exe
1200	Process not Found
1200	Process not Found
1200	Process not Found
1200	Process not Found
2540	TOTALCMD64.EXE
2540	TOTALCMD64.EXE
2540	TOTALCMD64.EXE
2540	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	TOTALCMD64.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	TOTALCMD64.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	TOTALCMD64.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	TOTALCMD64.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
340	tcmd1103x64.exe
340	tcmd1103x64.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	340	tcmd1103x64.exe
Token: SeDebugPrivilege	340	tcmd1103x64.exe
Token: SeDebugPrivilege	340	tcmd1103x64.exe
Token: SeDebugPrivilege	340	tcmd1103x64.exe
Token: SeDebugPrivilege	340	tcmd1103x64.exe
Token: SeDebugPrivilege	340	tcmd1103x64.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
340	tcmd1103x64.exe
2540	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2540	TOTALCMD64.EXE
2540	TOTALCMD64.EXE
2540	TOTALCMD64.EXE
2540	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE
1816	TOTALCMD64.EXE

C:\Users\Admin\AppData\Local\Temp\tcmd1103x64.exe
"C:\Users\Admin\AppData\Local\Temp\tcmd1103x64.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:340

C:\Program Files\totalcmd\TOTALCMD64.EXE
"C:\Program Files\totalcmd\TOTALCMD64.EXE"
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Program Files\totalcmd\TOTALCMD64.EXE
"C:\Program Files\totalcmd\TOTALCMD64.EXE"
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\totalcmd\TOTALCMD.CHM

Filesize
572KB

MD5
15e5a2a061c8fa36a8c583f1635182b2

SHA1
72b1b169557f88a6e5f87309437445fb063200f9

SHA256
916c790a30d9ea59b41759218f71a87dde78bdd4179ed29c2f17792cc7773053

SHA512
649e97868bd7699178211f8bf55e891fbc2b77d1a66851510e68f4ed58df418243adfe2bf2e86109ddf34fdf78a75fa9ea218c646b569c6fadcd291ae8a4bc54

Download Submit
C:\Program Files\totalcmd\TOTALCMD.chw

Filesize
44KB

MD5
0732cc8ddc069637ec92bc785df38cb8

SHA1
b285650cf77a80e10d652a0c4e1089450a91b956

SHA256
5447363f0b39a2dbad291608352729c54bb4c43a5b4668f3d2c1a5fdaf4e895e

SHA512
421642e4333d2325c8cb55276b45d2266ceb967e7fd16542b8fb4f4b1bc8a79990fe4569b23a85b40ed00fbed198177a834a66f88c63e7a89bc0b639bf4c17f3

Download Submit
C:\Program Files\totalcmd\default.bar

Filesize
977B

MD5
f103b23c658d801d5c31cb056bafdc16

SHA1
8de136fc1dd6372b4eb357304c73eb55393bba13

SHA256
8159c946398eec59d8065342c06b957ae38165e664850fb57f5d9971cffb7c21

SHA512
a4edb8541eea5fcb6411c59ee604304324aea37e7d0cfc271faf0f8bd044f93282d14c54168e355f59ccd81ad679c2f3cf4cd65dc5b22c6ed4ce6f160beb1cd3

Download Submit
C:\Program Files\totalcmd\default.br2

Filesize
20KB

MD5
3a6b27edadab326bbe5d47e0eb6dcaae

SHA1
6dcbd84131375612b13503e3b65e17f04bceb0ef

SHA256
6842ab1e7e498e3eb015e92acdf09daf95b480d48f6f3b5f3256dfb277690ed6

SHA512
062c6aaccba2dec42da3c1e89011aae25a16b2a1e28c2518fd38bf64e2a8d682761006e6e085d3f34a6d3500841cb347586699f9e1c1fb9eb3dd2ee3cda7bb99

Download Submit
C:\Program Files\totalcmd\totalcmd.inc

Filesize
29KB

MD5
0e5650341b163a9bd1986a300e3a550b

SHA1
1c322886379e0c11d748d9ae7d2a341144fc4946

SHA256
dd47559564aacce38a055631ad34ee0000f6b10241917d403cf00dd432d2d616

SHA512
dd7de3f4f9ffac489c6f369ccdad3e57f6bb31282f98cbd54c25cc46a464f9a658cc3aa59252eeb1028da6311cce9948c251a2273aa8c2070a07f1f220ac09d5

Download Submit
C:\Program Files\totalcmd\vertical.bar

Filesize
417B

MD5
359a5959600405bafe7f527698403fd5

SHA1
4024b741ec3a894123436c20d92e742d2c5549e8

SHA256
2269161181abceb488f93ed7a52e81900d3217d0da4cd3fe7cd405b7658d814a

SHA512
04af487a7c3a680effdad2ac34881312863a8c1fd5f02d651440a749672972e081b63bc715f0048639618c323377295201195c2b893f5748fe936568282f8ac6

Download Submit
C:\Program Files\totalcmd\vertical.br2

Filesize
6KB

MD5
708da336eca1f69565cb10092e6b654f

SHA1
4e7b674dd94e69b9d6dc2d9f703f68363b22fbe0

SHA256
5b838143eb9ebd92177e583fd6e247730c06606fe75cbe93751b51e33b1c3495

SHA512
86748c8eb868ecb7f0a66c5762574a19c8f8ac82f8502d547dfdb4533ec2127779ebad3256f1a289aeb2b1f6d6d8e88a334998995d01426ca554a6a839041c32

Download Submit
C:\Program Files\totalcmd\wcmicon2.dll

Filesize
1.5MB

MD5
e27082b0866a67ce44e1b87cf49a59a5

SHA1
9307b91833f8234c34d797c0feb4538e3be497f7

SHA256
9f1ee34b38da173f59bdf6172198ff2ec872fb75bc09ffa55cc3847ecda14cba

SHA512
8ee78da80693d5eaa49db85e1c3c0c3b94d70e17f6a8390f35c4a89aa08bc65c6aca05100c05ae32d789f1dc8e4cf23585abba1b6193a647c891daffaffc9fe6

Download Submit
C:\Program Files\totalcmd\wcmicons.inc

Filesize
1KB

MD5
7413491be06e421a6d8b0e64a1f54b13

SHA1
ba2637885daec4685a8c9983626d92820b8fc00d

SHA256
4d74f2df5eef181bb65d66648afacc61391fd2213312d0b0929e6c3850f27be9

SHA512
8db9fa4dab27870ceea978f6b16293b94f8a1f424ba2042a791b9cfd2ce122c6c6af2c4bfae665d5ba3853a5cfe1f94b84e178880a773fbea596b9db7cef5e52

Download Submit
C:\Users\Admin\AppData\Local\GHISLER\tcDirFrq.txt

Filesize
22B

MD5
8a431219f25051bc93d2d18d8d404c5e

SHA1
88c646419896f5f0fd1ede107f97533f0b46040d

SHA256
8ccf3256009799bcf091adc04b77523524da7d9ee9bc0074aa85bd25f6542a51

SHA512
61f46edc55a43e87c125c984ebd3abe0f933c1eee6b6f16a807975e5fd92610290394545015166637d18def4f9e5782a47994b2c4673d353bd4a6e0f13059e26

Download Submit
C:\Users\Admin\AppData\Roaming\GHISLER\wincmd.ini

Filesize
55B

MD5
8d158ff6c3d1872a17896ca8a116c9b1

SHA1
f8e57560a4fd5f9c47c7fd9c1cad773f58cba6d5

SHA256
6f54122f094088382bacecfee05210769ea957f5cdd35b6f4e1e69ea6851ebe8

SHA512
9df88ce729a12dab4d750a1012f53c2d064b677cd31c901c22a0090e873f7600843db3db42a3478f914d821141393c5a5cd14068cb9ed4bb9b6f958600e14109

Download Submit
C:\Users\Admin\AppData\Roaming\GHISLER\wincmd.ini

Filesize
72B

MD5
7125e35228f66938f369a50011a2df6d

SHA1
ffe74e057cde68d7fc2378b7eb830e3d59030bc5

SHA256
df0a35a35ed074325726d5e927fe2013bd47ca4d898039d23a4a062d675bfd23

SHA512
223b579b1ebdf308541cc10cb2fa01fd887c931f4b413ec15b18adb1efcb16b6a429eb83b7c59888b0208f7b568da34d3e2f12f9ef6170552c7ddd42408224fa

Download Submit
C:\Users\Admin\AppData\Roaming\GHISLER\wincmd.ini

Filesize
112B

MD5
2a59360a75a97af5811c0c17b92c90e5

SHA1
7b5f9407e715b6fddf279ff850563b3852309343

SHA256
4e367e5483c8e8640236633b47963ccb07b16133ffaefa2d7c923a2f5d704ed5

SHA512
9312e05c5b9a38261f49af4dc5ca96d6e2697201cef4d9d97bf723efb70582c184694b5efcddbacb5eb38f1ad50201767b5befb620744517ab26d7ae7c4f30e9

Download Submit
C:\Users\Admin\AppData\Roaming\GHISLER\wincmd.ini

Filesize
180B

MD5
1ac013e38533f98da5c3a948d854e6ac

SHA1
976b5153adfbb8d37ebe0637e84a231ce319360c

SHA256
3ee8bb65123347dbf23d080e00e66303cc261f40c4f7bf2b8851e33fb21a9271

SHA512
06395c01cd94419b6e3f06c28f4cf8af023e0bcd045e5288d1943490e652b978455bf150e4d324fed47824793c4be719b4aae3c23efbddb881268166075cf120

Download Submit
C:\Users\Admin\AppData\Roaming\GHISLER\wincmd.ini

Filesize
223B

MD5
af6ecebfa269ea202fa1c5a8e04bfde6

SHA1
4c0b41e892e932c42b4c7ba13838ec8104cec116

SHA256
2f681e2ebd2339c75ab929a364a50b6aa62ebe054754cfebf7312cf9380b1866

SHA512
6cfa50464e65a99bf200d0e8fa65c888ecdbdd80159f98867eef63caeec9e9109064517dae9faac8c9aa9546b34003a7033c6b84fd45b03201e00f7e90dab94b

Download Submit
C:\Users\Admin\AppData\Roaming\GHISLER\wincmd.ini

Filesize
427B

MD5
fc0dc9e9a2196cf9e0eafa4d874eb5dc

SHA1
ecbab08ba7f26f766eb2507fdda816b246d07d37

SHA256
aa6abb2f08a10a03245a279089ed0fe34ea7a902cf6ea20b32f614865f05acec

SHA512
85cd4ac8557e7dc73e8fbf750a047dbb899c32972e2d4322a5993530154d067a50253f831891397b22b98b4216377c73b56670702761bdf059bfbb415b062ba7

Download Submit
C:\Users\Admin\AppData\Roaming\GHISLER\wincmd.ini

Filesize
666B

MD5
b4a48e573b0c5af447660da9d9fd39cc

SHA1
9ff9d8c0d2ef4e0f12eb3429d259c5ab7a8e4428

SHA256
c9976f021e9f0aa3dfed68b0f711da0860a0a6f64a37c56ef81ca29d1681f9bc

SHA512
efc4ee10cbe699921a0cd6323df25da2df398064662efc6667844bbe5aa32114dab942b47f3083738aae3545c9dc3f1b407d2d8c883a7cca6cf6152ad43935a0

Download Submit
C:\Users\Admin\AppData\Roaming\GHISLER\wincmd.ini

Filesize
717B

MD5
b3eb1f7f33282a0d9328107454a93e0c

SHA1
350c83cdf436019895e31a017799405fdb3bb74f

SHA256
811b7323da640b9ae2617b8afc901822c1ce4af3c6fdc71dbe06a3931d6a6349

SHA512
2d5bcc4037385ab521e07dc1349c6af68d14327726c4baf735449ccc6edbe526817cab8a311760ae0390682ab2f607053e29493c1499d3a34c2b358f94f32102

Download Submit
C:\Users\Admin\AppData\Roaming\GHISLER\wincmd.ini

Filesize
717B

MD5
da476704eb237d893cebbf408271677a

SHA1
c8b95aee60e2a1b9106269b2accd72716ee51ead

SHA256
51c76e55d15fd263cd6f2f8e22c5800bd5651d04022a21b248ebb84e4a39ab07

SHA512
ab2e9354d20da8969bdd335b9e79e40216aff0a4e648146d485bcc9c4fd41fbad7f63e1746adb6b9e0f886a8e4f953d3b8981ffa9f9351655612e721b2c636b0

Download Submit
C:\Users\Admin\AppData\Roaming\GHISLER\wincmd.ini

Filesize
750B

MD5
81e9c0a0ff1198be09d7d2f956ac2696

SHA1
cfb4910fdc98620d4e2c411bdab9fef7670c58da

SHA256
0921de55e3980c0b0596b3cfdf8733a03989f41ff65293508534db3c357b92cf

SHA512
31541cb22a655b8cd575d039411d89486ba13e4859cffb06c22c1f15c1dc21a54acbf1e5bc1787f5b9b47d7375b8b575ad6b8210c581d0cebef34cedaafdf31f

Download Submit
C:\Users\Admin\AppData\Roaming\GHISLER\wincmd.ini

Filesize
759B

MD5
afd2d6a995f405d8862956eb33273beb

SHA1
95a3e8a914c0ac78e66db44e413a124cf914d204

SHA256
96a62c5ae63d3dec01185441756175b1ab43e43ac4ec6e576958d14e7078d370

SHA512
74ea768d4328ffbb5c38b36b6b5412e7e836c17ec202d71bd29d6c5cbd3c3cc93b834acf1589419b4a8a59c6d9c80fc1bc334c0c58d5728a735370825126a457

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\HTML Help\hh.dat

Filesize
8KB

MD5
997e3151d8fe3f5c0589cee91e016ace

SHA1
91c34a6635c96fd423f5f062668d246f0968b630

SHA256
b9371a6a8fd8b1011a4fe2f2e34bd7dbc1b8dcf722d30be7805b321cc64a2b5b

SHA512
2c815b276838421f8506cc1a093c673bbe8353e1ffd96086237eaac33823dd6e67e224a71e248d8006c9870f8924a2cc9f7bf20bb27c706bb7af6c600e1cfacd

Download Submit
\Program Files\totalcmd\TCUNIN64.EXE

Filesize
97KB

MD5
c8ba1e4d21a658eb5e28132e07716374

SHA1
2a25b7fe965a9f6a393de4ddb77baf20a7c331e3

SHA256
a5fdb6a6cc5a172e4099b897e09b7eabca54e51f4ba83e6e1f604a9cda825739

SHA512
180587b701a56dbfe4a1c6c341418ea07562c11a1d6cdee35dbdf8425b78908ba5f600bc49707113f96ad3d33e9cf3fb8ef29a9d441e576cf0b9c4ca3c8338f2

Download Submit
\Program Files\totalcmd\TOTALCMD64.EXE

Filesize
9.9MB

MD5
010b1b115950c530717128a665f090ee

SHA1
bdabfdfc91f6ad541da2c6cd4a7abcb59f3e72c6

SHA256
aa7d04a9fad39fb4745804a90489ef5c283b9ec780d8f577106042c9e0ed78eb

SHA512
f52e2389dddc3d24ce64345a347813b6eed455e24d11c50fe31f0c197f36732bc0657e88bfb1f6abc3fbee60605e48cc7398d2bfb94733a5a11cbd2274779dd6

Download Submit
\Program Files\totalcmd\WCMICONS.DLL

Filesize
623KB

MD5
c6a57219c6e2c4ebb4b6e887a3895308

SHA1
80bd3a6ca1b5ae395e64ad16665099efe759856e

SHA256
23498765aeb0f74007ecd45a8eb83d64d839ad8cacfce59f1d77621583dd61ef

SHA512
0f42a0cb29cfbbc0ef988cba1876dba492759a103be55d94757d1fafde111aec225fc6384af450544df5fd027f3df8d028ba2c76c8df77271002c62812f6e0e4

Download Submit