644005919100b501e0c1430c987bfeb343917b155a42d15faa1bfa40b9fd3f96

Analysis

max time kernel
146s
max time network
176s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-09-2024 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

i4Tools8_v8.28_Setup_x64.exe
Size

326.7MB
MD5

4a5e338aaa8ca0057ccb196bdf12c89c
SHA1

1345ae4b716ca70b941e629c0f035d0f9d7dcd52
SHA256

644005919100b501e0c1430c987bfeb343917b155a42d15faa1bfa40b9fd3f96
SHA512

0c31c58f4e16d00d6ddb5c3ab6a60a78440b34d76412f884cc14e9f63a9dd8305ad0db58415c9f26c6acf09e9e02ecbe0d95fa57ad7459afa8266345b36a3ca5
SSDEEP

6291456:UKHHLxhHqMBuXa+doOL7TQzg1z818mgHm/iewd+oujbGj3jWZruPWURC:zHrxhHqM0XTaUSYATQQwd+oujbGj3jMT

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
344	i4Tools8_v8.28_Setup_x64.tmp
2984	InsfInnsttallserx.exe
2872	i4Tools.exe

Loads dropped DLL 64 IoCs

pid	Process
1640	i4Tools8_v8.28_Setup_x64.exe
344	i4Tools8_v8.28_Setup_x64.tmp
344	i4Tools8_v8.28_Setup_x64.tmp
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2984	InsfInnsttallserx.exe
2984	InsfInnsttallserx.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\i4Tools8\x64\translations\qtwebengine_locales\is-GT3BP.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\Qt5Xml.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\Qt5Multimedia.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\files\patchtools\7z-32\7z.exe	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\files\tutorial\ios9trustapp\imgs\is-AVQNM.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\Qt5Qml.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\api-ms-win-core-localization-l1-2-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\files\inf\InsfInnsttallserx.exe	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\SQLite3.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\resources\is-P8VJJ.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\is-BILBL.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\cache\is-2OVD3.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\is-8E7SD.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\qtwebengine_locales\is-CJOOA.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\qtwebengine_locales\is-I6IIO.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\is-KU208.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\setting.cfg.iRJIve	i4Tools.exe
File created	C:\Program Files (x86)\i4Tools8\x64\is-11807.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\is-OIJUS.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\is-5VVHQ.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\cache\hometmp\1727574951073.jpg.tmp	i4Tools.exe
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\api-ms-win-crt-conio-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\is-F0Q2U.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\files\Openhiddenncm\ncmdriver_win10\is-S4V6U.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\is-ESUI2.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\is-SI8U8.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\avformat-58.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\api-ms-win-core-debug-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\plugins\position\qtposition_positionpoll.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\is-F4NKS.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\api-ms-win-core-file-l2-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\is-T28IK.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\is-TUNK5.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\is-MB8A7.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\qtwebengine_locales\is-IPIG9.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\api-ms-win-crt-math-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\idm_jb90.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\api-ms-win-crt-private-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\MediaInfo.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\objc.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\cache\devices_table\is-K8DT6.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\is-TRI93.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\is-MPHJT.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\idm_jb71x.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\api-ms-win-core-console-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\is-EA15P.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\files\WeChat\silk_v3_decoder.exe	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\api-ms-win-core-rtlsupport-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\api-ms-win-core-file-l2-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\files\WeChat\images\is-RKFEM.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\qtwebengine_locales\is-8DH87.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\idm_813.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\libp12loader.exe	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\is-LOG8I.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\is-99QBB.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\qtwebengine_locales\is-SJGT6.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\download.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\is-O4R98.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\cache\is-TCOV6.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\files\WeChat\css\is-LLLC6.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\api-ms-win-core-file-l1-2-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\is-LJ1FU.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\is-020LA.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\plugins\imageformats\qicns.dll	i4Tools8_v8.28_Setup_x64.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	i4Tools8_v8.28_Setup_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	i4Tools8_v8.28_Setup_x64.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InsfInnsttallserx.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\DefaultIcon	i4Tools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\DefaultIcon\ = "C:\\Program Files (x86)\\i4Tools8\\x64\\i4Tools.exe, 1"	i4Tools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\shell\open\command	i4Tools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools	i4Tools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\ = "URL:PCi4Tools"	i4Tools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\URL Protocol	i4Tools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\shell	i4Tools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\shell\open	i4Tools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\shell\open\command\ = "\"C:\\Program Files (x86)\\i4Tools8\\x64\\i4Tools.exe\" /open \"%1\""	i4Tools.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2872	i4Tools.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
344	i4Tools8_v8.28_Setup_x64.tmp
344	i4Tools8_v8.28_Setup_x64.tmp
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2872	i4Tools.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2872	i4Tools.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
344	i4Tools8_v8.28_Setup_x64.tmp
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe
2872	i4Tools.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 344	1640	i4Tools8_v8.28_Setup_x64.exe	29
PID 1640 wrote to memory of 344	1640	i4Tools8_v8.28_Setup_x64.exe	29
PID 1640 wrote to memory of 344	1640	i4Tools8_v8.28_Setup_x64.exe	29
PID 1640 wrote to memory of 344	1640	i4Tools8_v8.28_Setup_x64.exe	29
PID 1640 wrote to memory of 344	1640	i4Tools8_v8.28_Setup_x64.exe	29
PID 1640 wrote to memory of 344	1640	i4Tools8_v8.28_Setup_x64.exe	29
PID 1640 wrote to memory of 344	1640	i4Tools8_v8.28_Setup_x64.exe	29
PID 344 wrote to memory of 2984	344	i4Tools8_v8.28_Setup_x64.tmp	30
PID 344 wrote to memory of 2984	344	i4Tools8_v8.28_Setup_x64.tmp	30
PID 344 wrote to memory of 2984	344	i4Tools8_v8.28_Setup_x64.tmp	30
PID 344 wrote to memory of 2984	344	i4Tools8_v8.28_Setup_x64.tmp	30
PID 344 wrote to memory of 2872	344	i4Tools8_v8.28_Setup_x64.tmp	31
PID 344 wrote to memory of 2872	344	i4Tools8_v8.28_Setup_x64.tmp	31
PID 344 wrote to memory of 2872	344	i4Tools8_v8.28_Setup_x64.tmp	31
PID 344 wrote to memory of 2872	344	i4Tools8_v8.28_Setup_x64.tmp	31

C:\Users\Admin\AppData\Local\Temp\i4Tools8_v8.28_Setup_x64.exe
"C:\Users\Admin\AppData\Local\Temp\i4Tools8_v8.28_Setup_x64.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Users\Admin\AppData\Local\Temp\is-L1PBM.tmp\i4Tools8_v8.28_Setup_x64.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-L1PBM.tmp\i4Tools8_v8.28_Setup_x64.tmp" /SL5="$401AE,341696849,914944,C:\Users\Admin\AppData\Local\Temp\i4Tools8_v8.28_Setup_x64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:344
- - C:\Program Files (x86)\i4Tools8\x64\files\inf\InsfInnsttallserx.exe
    "C:\Program Files (x86)\i4Tools8\x64\files\inf\InsfInnsttallserx.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2984
- - C:\Program Files (x86)\i4Tools8\x64\i4Tools.exe
    "C:\Program Files (x86)\i4Tools8\x64\i4Tools.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\i4Tools8\x64\MSVCP140_1.dll

Filesize
23KB

MD5
00bcbb58255d6cbd712e89a3dd0d1810

SHA1
f93d00a573a880e67c9f5c3d9530d4a1d2165e70

SHA256
e10fb192620193cb721516c30533f71ca6b2a4396b48f3858b571143e94aba31

SHA512
6c56fcbb229c4fb0e6f49219bd698f6720804a455b4dec5309706858491122628e6d1ab9e5f6f32004bd06faeb48aaf5ed434e8f87d113d3c984b8d00fba4013

Download Submit
C:\Program Files (x86)\i4Tools8\x64\cache\devices_table\is-H7N17.tmp

Filesize
25KB

MD5
c620224de82cfff68c96f7b16e4e91de

SHA1
82d2ca6f0e54c8468f543b57a302abee602c1f20

SHA256
baee673cb16257c076c884bc0314eb5e3eb31b6d799d78cb47310adfbe114c46

SHA512
593afcda4a7275357c39749e7cb8f9f1ad868797e1423a30f79fb982009be9900bbcaaa8277cbd16ba57cb81d48c236acc83a74e5d0a4a1b869d17f2457628ee

Download Submit
C:\Program Files (x86)\i4Tools8\x64\cache\hometmp\1727574373789.jpg

Filesize
163KB

MD5
5a6e2fa8a7d9f1d84a6b7910e9c80b90

SHA1
ad2449fa201d64b6274d64707c9a2c9d7eb50e8f

SHA256
4a65879b1f09c2e83955179a86bb197d52763ae445a263a23946c7da53598b80

SHA512
677945b845af935e89f5f6a4ef6cf86c687de84591c8ed36d004857ef0e1c3dbac1639ca8e9cca20183b62ed1156c3873dbf325b46792180da05020566a5f9ab

Download Submit
C:\Program Files (x86)\i4Tools8\x64\i4Tools.exe

Filesize
13.4MB

MD5
5736f450d9591a7d45fa1d6c5059b910

SHA1
8a628053b70fa250a87a43bc6d3933f586ac9530

SHA256
27fdd8b1bc9fa685d243129234e5e161e3bb45737e68dd6cef90258aa8617c59

SHA512
975353c84606f191f8f1267e2ffac62baa81f88a54a98c011d05bb1b9b226023a4c71cf5a60f22f7b111b8ff592c59d6ce9aac462ad4404448c62eac7576aab9

Download Submit
C:\Program Files (x86)\i4Tools8\x64\setting.cfg

Filesize
305B

MD5
96e1adac188dcb75b19e6c1bc2ef8ffa

SHA1
5a5ec225028489440bbcea09ab5c5db8d7d67b67

SHA256
ff63635229bf97c66d38955eedec961c6a26efee7e10a85f26901244110d9f4b

SHA512
f30be96c3c9a87f686efe6b1f31e29f97ed3d9f77198b1c421dcebe2f9edcb1d76315fdaf0c70ba4a207daa5363159d20e2faf0235bc74fd9b0c8ae1e20e21c5

Download Submit
C:\Program Files (x86)\i4Tools8\x64\setting.cfg.lock

Filesize
60B

MD5
d0d8fcdf94ec55311c3ac23c1199f0f6

SHA1
f0832aae59bd1995e402e1983ca3e238e93a05d3

SHA256
9f39f8d183283c9dfd557ca8fe7afa59e31631e1598fa46a4c25a0a9476387fc

SHA512
d32d012779b1ff38f23de90f0fa5bf78cdf7a95c87985c1a262ac52f9fe7148a84c2c485be874c81537dda34bdb13e23e3dcb3a9e2876b17c44fc78b4a141428

Download Submit
C:\Program Files (x86)\i4Tools8\x64\translations\is-G1OQB.tmp

Filesize
16B

MD5
bcebcf42735c6849bdecbb77451021dd

SHA1
4884fd9af6890647b7af1aefa57f38cca49ad899

SHA256
9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85

SHA512
f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-L1PBM.tmp\i4Tools8_v8.28_Setup_x64.tmp

Filesize
2.6MB

MD5
90731cb2e8ea483cce3bf7eb2f1ef5b8

SHA1
6894582c1bd8603248f6780b15f537ee400af7f0

SHA256
5393fc612e69e55bce34d48d419777d9b0b0a7220440a3444e4ac4a0ad9c8727

SHA512
86a497f4bac1d8eb9ba1eff526f1e51eb90db83f128546651d16b3a17c054c62ca1c2f33b0fcb30915b069acdee9dc64c53320d55ab73372708008d89e0def70

Download Submit
\Program Files (x86)\i4Tools8\x64\Qt5Core.dll

Filesize
5.4MB

MD5
97314786a675b0d6865f2a051655dda8

SHA1
f2917109d31e40bf4149812d43362908ed902957

SHA256
1f32c5cf6f94d713fbcb2951d5cca53a8243f2a55e21e0d9ff7345c41d0b5b27

SHA512
859290d82416ddbabf701d2a4b86800f6ad6dc5caf0e71efdc12ac80ad513e75d1b016f52230a282dee469af0ab78085403481582d93a9ccaec4cc855e3fcd1a

Download Submit
\Program Files (x86)\i4Tools8\x64\Qt5Gui.dll

Filesize
6.5MB

MD5
5f906f20cb96ff6051f18ffe2b1eaec8

SHA1
04c6e66336240882ed8f374714309ad55284a013

SHA256
bef361410e670810cad185e900573ca2135632e8dd94b5cbebc1aa4c43d41f58

SHA512
053a6e06cc8db08880c137ed61844a8f4622cea6529e52d4108102b086233842b6bb58660e552ace8bf2e5e122461ba0dde7d9364ee799f659b1489700a7da43

Download Submit
\Program Files (x86)\i4Tools8\x64\Qt5Svg.dll

Filesize
341KB

MD5
e12e5408569d1b0b1cf7a40ce2e82488

SHA1
965127ddea66aa4fcfc3ce25ae19b7ab191040c9

SHA256
0bff053f9d667cca85b629f51de4878366927471263c66bd8cba63c17ec0646b

SHA512
51a75c262ac38a124d4890984020df8f47ee9da14cd9b2389f2eb4502c1c5580dcd52ae75c9fc97859550d47dcfa22bb3822f0dd4c3f3850dce2decd2b1f976e

Download Submit
\Program Files (x86)\i4Tools8\x64\Qt5Widgets.dll

Filesize
5.2MB

MD5
9851d7c86caade06f5f8091a3d836fdb

SHA1
d1b448255bc8060fec2b1c80d5c68f76e8a4ddf3

SHA256
b8ea57c9ba4f9b2652d5fce08feb910cc2887f4586b50b3382964d63c008c477

SHA512
0112e8d1a97b30a7a075ab257321620eebb7f80f20a221db87a42c3d2bc1b23eb92405d0183e7d929c5345e33cb9e7b17a50330c5268b2c2151197283a5a9d2a

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
07aa9916d3383d7e040a88665a6df67f

SHA1
549c5cd800dc3b51ffb552333777d92cddfb299d

SHA256
650555a4c89bfa77054e453ea61f2fe9f095f15a13629f964b903ec7fc07dd12

SHA512
d4c70acb84004d27cfe5db22dddccd90217f95d6d2425bbe4359f318056817b669c98907e2679111c49ccf0321011a60cac88c7156566e825b1ea9b1a12e2189

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
966f1686b72929b452c7c0999791d42f

SHA1
20961fd566d789b5657f65595c3a39622c569a22

SHA256
2f7553fc7b0e511813ef7639cab9b2466348eeb78ffc534a12e2e271af8e7ce8

SHA512
b427eea99d197889e4a4b8801a45baebd20824983f38794ef0e81723c9592c28d75f39744691f650e220208e5f072d61470add4fc99221383e0a89369de5ab93

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
3c40a9d1ae0b5e72b2f90761a0fd49cf

SHA1
567282eedcb721a7137dde2f135704a50f3cd883

SHA256
91c4f107fe8e8c902728e131672bd6953d94964b7a0f1edcc004ae5f471a2a42

SHA512
d8f69f1c6ea2837e56c98a2591dbd3a336c40e2ad0af45550406cd00c70fbbc3d7c7594509bef4418aa45e0faf0cb7ce739e6e986ab505b4cd32ce595c236243

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
25cd5a26ea59e6f4c082b8945b16fc3a

SHA1
851ea9bfebbbc901edc98f928d59fb03d15a0037

SHA256
093b7168f6b64c655464d9bbf51bbc29456772ff747763c112ed206e023c69cf

SHA512
dc001828c40e4a85791644d100eea7132951b2644b59f7f147f17feac515d405313289d5aafbf147ffb1913ce855a501ae79acf832c32ed08d348352c80e9cf3

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
6b9e8a0da794b28096305c1a081b5a97

SHA1
880271c1424e8b6e003e7339adab6a4211b6001b

SHA256
ca9f1319ba004b82b4445f8bbee2ef67b74be6c39fe4e043f14b12c42a62f705

SHA512
1198638501a22b6519da634b8698e5a08d167b69a15cea7ceed53a06266b261792560eb3f04be82e47e234a45c53c8754e6f1663af2c6903a8cbce6d9ae28b59

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
cf403b7b90696ab2ded707ffdea27112

SHA1
8d25084c7d24143cf95303bfa0654a42d9cb0ca2

SHA256
f5f5e3cfa9237bb04bd485f28cecd07892212335648d32e9e3e1b248784baeb6

SHA512
0004a31e0982fc4007c7fdaf0d06b6d3a19dc35ca00feeb8f161b62695b063bb07fb409c0926a1f95a4698ca57c22f773d9a431eee586633b075366de0cbacca

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
1908861649e67cdc20c563c234a89914

SHA1
471ae3b9a3b40e63c880362892865ecf8bd80f67

SHA256
4aea1cedd976ef15a47a3433f3a2e176b1c5e495a54497dba27247b35a1b8449

SHA512
dec24d5c3f31c90cbec3810290506309a1db5677022c600d3bdd2e92b73078dc6353023f2aeefa408aceac7c9f7ed5a2ff07a399b446e177ff93e5fa1b3f9353

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
af851dfd0d9fecb76ff2b403f3c30f5b

SHA1
30f79fb4d4c91af847963c46882d095d1f42efbe

SHA256
6a3fd4b050f19ec5c53c15544b1f1b1540ac84f6061c0ec353983eb891330fda

SHA512
04509b02115ec9b5bc4ee2f90e49e799ccf85884fe1f11f762f0614a96764b8f2b08f96895c467c5b11f20273183096b2bcceb0b769df9d65b56c378cb32b0f5

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
0f143310fade4de116070a3917a79c18

SHA1
b9a092e885c73cb6d33c9e17d429ede950cf3a26

SHA256
2def5140c289b89c9a27a2112a2cc01ad1a902944c597d6204bed4efbc09ff7a

SHA512
f87104272aa2326641e46450a0333626567ab3fa85a89b81f7a7c0b1f90a47a70ea189ce3f6bf5db6bb5cccda6d190fb2276edeb44334245b210e7faca05fc60

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
f97e7878a2b372291b1269d80327bbf6

SHA1
cee6f776fe0aa5a6d4854058f20f675253f48998

SHA256
c4e195d297d163a49514847ef166da614499404d28bc9419e3e6a28a8e03e9b6

SHA512
475898e60ffc291362fda45ab710b9ddaf1cf5e82f66dfcc04998ded583c54692ecfcac6cc4fe21b32bdd0e4dce8ac32fd9aecca2b0b60f129415180350d7825

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
761ddd8669a661d57d9cf9c335949c06

SHA1
251bbcad15771d80492f1deb001491a7abb6c563

SHA256
fe51064e0728d553d0f3e96967671f7e6ae4ebd35d821679292014dd4c3bb8e3

SHA512
5ad590a5f81532f8bf21fb4f62bc248e71bbf657dfb1720b2d9f1628033afe39426a1c27a89d9a06e50849bd0ed2242afa93e4cf2bc83f03a922b8204f0f4f2a

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-math-l1-1-0.dll

Filesize
20KB

MD5
56556659c691dd043dbe24b0a195d64c

SHA1
117b9a201d1e8bb9e5fadeae808141d3fa41fb60

SHA256
2e1664e05c238d529393162f23640a51def436279184d2e2c16cfbf92ab736c1

SHA512
a8d4c4a24e126c62b387120bae0edd5cbce6d33b026590ff7470d72eb171ffe62b8b2b01e745079c9a06cf1eb78a166707514715e17bbd512981792a1d2127e0

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
bbae7b5436d6d1b0fc967ff67e35415f

SHA1
f67bc165cefb119ad767b6bec27a1102c0fd2bac

SHA256
8150a238851d7da74bc8f6f13262a8d6568373dc509f67544ab6a62398f20c4f

SHA512
4201a8edfe303057545d04de683bbdf0acb68cf4d2e894192f899a70398df18299432c0f6caee72d917a986882bbc0585035a9b934d4579f67a1c98cc894dee2

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
53e9526af1fdce39f799bfe9217397a8

SHA1
f4a7fbd2d9384873f708f1eeaeb041a3fbe2c144

SHA256
de44561e4587c588bc140502fd6cd52e5955abeec63d415be38a6d03f35f808f

SHA512
8167ee463506fe0e9d145cc4e0dc8a86f1837ae87bc9efe61632fb39ef996303e2f2a889b6b02ff4a201faf73f3e76e52b1b9af0263c6fcfdac9e6ea32b0859f

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
eccf5973b80d771a79643732017cea9a

SHA1
e7a28aa17e81965ca2d43f906ed5ab51ac34ee7c

SHA256
038b93e611704cc5b9f70a91ebf06e9db62ef40180ec536d9e5ab68eb4bb1333

SHA512
b95f5efc083716cb9daba160b8fa7b94f80d93ab5de65a9fb0356c7fb32c0d45fe8d5d551e625a4d6d8e96b314bae2d38df58b457b6ced17a95d11f6f2f5370e

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
090dd0bb2bddee3eaae5b6ff15fae209

SHA1
ddc5ac01227970a4925a08f29ba65eb10344edb1

SHA256
957177c4fe21ae182dfe3a2a13a1ff020f143048fc14499ae9856e523605083e

SHA512
2e0b8567231e320b2e52af3b86047cfab16824e2db1d1bb17bafe7a1c6c5f0bf62d76656206a3d7ef1d3849b479bf5e09db1f0f4e4cd0aa2df09838d35c877f3

Download Submit
\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
cc337898e64d9078cb697ac19f995c7f

SHA1
2ebcfa0cdf865fe40cbaf4ffce6d3903aea47e3c

SHA256
e7ef5d714fc21dd1aa9db0c4eefe634463eefbd5aa4454a568bfc52e04fddf18

SHA512
6960fa9617514ca223b9abda9a3a6c69cf05474b3c5fec2be6c6d5f65580c7a18e129b6d207f21eb136b0737481107e09c20b0398826284ce5f9a65a3cf8a1ca

Download Submit
\Program Files (x86)\i4Tools8\x64\files\inf\InsfInnsttallserx.exe

Filesize
95KB

MD5
d0f23e47419a7f1b22197fc1ffb03e39

SHA1
19f60304ceeee3302bc8e4cf755ecffa8ef97056

SHA256
a6402ac7b177d0947396e1aef8b39377e07b65f8cc510e6d137725fe723e32e6

SHA512
3768e163fa02e6e27defeb7cf520a8e7f6386d5f4b93dddb08d870da8a6b289d3e25f184904bbf7b92059d2aef6061f501a503e5752f13678ededada07212023

Download Submit
\Program Files (x86)\i4Tools8\x64\icudt72.dll

Filesize
29.0MB

MD5
fd431028dbd440099bae236f549e6b51

SHA1
654813a90962bf8c3103c472388130c5b54b1a21

SHA256
7ed300e55ad05f82b4c3d9d5abbe70ab53a9a9edd97308519e29c2fe8e6f1db7

SHA512
1c39f535028dbff605266e6e52d4796ce57f735fc0efd1d840fe4c02c78de2faa5164b96689235add623fa3a58ce08133954f0317f039253a9455057231ac3a6

Download Submit
\Program Files (x86)\i4Tools8\x64\icuin72.dll

Filesize
3.1MB

MD5
aaf3d52bf399bd1ec2409de24c2d319e

SHA1
913fc611a33e4dc452673fa88b275b11d4aec877

SHA256
999917df669090282bf019b8f7bdf95da8b733863b650362420b46f8c370026b

SHA512
b313db9696f14dfd3e78192cb68f264263135330e61fb59c952c5f05d8254d4105a068312a2fedfa30ad4b4f55f621cb79e9f575f7278d0ff641376944bc4640

Download Submit
\Program Files (x86)\i4Tools8\x64\icuuc72.dll

Filesize
2.1MB

MD5
690877952c121bb87842ae882281f0bb

SHA1
1e58da5c22f08bc42139688c8537933488c6cb58

SHA256
d75b72d499cdce24a7e19a35f1bed2ef3673f5217fda4aa66c4e942eded83b31

SHA512
db6b13e507a9b93c76eec03f15e43ae9857eb510967d8bcec8b55c371d951da36dfb09dde32ac6f04bbf2d79fd8687237b05c2586ada7cdc815ce49f092741bb

Download Submit
\Program Files (x86)\i4Tools8\x64\msvcp140.dll

Filesize
571KB

MD5
5cde3aed10412762e83b7fe43694a22b

SHA1
4ffcdf063eafc901105836c27a634530ea614755

SHA256
10ddff48d704c6007e4c2d53fb4856b5e5e79479503366236246a323aaa76e9d

SHA512
fcd7bc262e7bbcbbac9258e31b8d62efb2e601ac1fffac4c86819c8f2aed26fc19403d992a57d48ec92752b2a0a8b04e8204423d6077c7800ea4015f016faa23

Download Submit
\Program Files (x86)\i4Tools8\x64\ucrtbase.dll

Filesize
961KB

MD5
2381e189321ead521ff71e72d08a6b17

SHA1
0db7fea07b4bc14f0f9d71ecfa6ddf3097229875

SHA256
4918f2e631ef1ae34c7863fa4f3bd7663b2fdf0fa160c0de507ed343484ac806

SHA512
2d51d1de627deb852d5ce48315654dfb34115ea9f546f640bb2304cd763d4576eadff5cd7fd184a9b17bac8bf37309a0409034d6303662edfa1a6db69366b9e5

Download Submit
\Program Files (x86)\i4Tools8\x64\vcruntime140.dll

Filesize
91KB

MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
\Program Files (x86)\i4Tools8\x64\vcruntime140_1.dll

Filesize
35KB

MD5
ab03551e4ef279abed2d8c4b25f35bb8

SHA1
09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e

SHA256
f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44

SHA512
0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

Download Submit
memory/344-163-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/344-1267-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/344-56-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/344-391-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/344-677-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/344-1195-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/344-359-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/344-1278-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/344-55-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/344-8-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/1640-0-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1640-2-0x0000000000401000-0x00000000004A8000-memory.dmp

Filesize
668KB

Download
memory/1640-54-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1640-1279-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/2872-1268-0x000000013FE20000-0x0000000140B89000-memory.dmp

Filesize
13.4MB

Download
memory/2872-1273-0x0000000002280000-0x000000000228A000-memory.dmp

Filesize
40KB

Download
memory/2872-1275-0x00000000021E0000-0x00000000021EA000-memory.dmp

Filesize
40KB

Download
memory/2872-1276-0x00000000021E0000-0x00000000021EA000-memory.dmp

Filesize
40KB

Download
memory/2872-1274-0x0000000002280000-0x000000000228A000-memory.dmp

Filesize
40KB

Download
memory/2872-1269-0x00000000021E0000-0x00000000021EA000-memory.dmp

Filesize
40KB

Download
memory/2872-1280-0x0000000002280000-0x000000000228A000-memory.dmp

Filesize
40KB

Download
memory/2872-1270-0x00000000021E0000-0x00000000021EA000-memory.dmp

Filesize
40KB

Download
memory/2872-1265-0x000007FEF36A0000-0x000007FEF3A90000-memory.dmp

Filesize
3.9MB

Download
memory/2872-1264-0x000007FEF66B0000-0x000007FEF6BED000-memory.dmp

Filesize
5.2MB

Download