659c54979fa4c75840e4ee9b17393be08dd86c5e7c726493b7eb58a8623bb6a7

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

imager_1.8.5.exe
Size

19.3MB
MD5

1a1620e861f0a578783260e7e915e8f8
SHA1

b311b501a9b6a3f1635ef48be8118a028612072e
SHA256

659c54979fa4c75840e4ee9b17393be08dd86c5e7c726493b7eb58a8623bb6a7
SHA512

357a587f948afb92aa495ef2ebeb67fea795dd9ae8e0e4afe2ab6422025391d0af8c321063f6f25d3528a97745080188622bf156d3b63e084b2350a29af9de0e
SSDEEP

393216:u265BEBfTbWEkxnk+O0donJ6rHQOmOWoLeE4JTmdIrnw0+Cw:u/3kLT2BO2on+8GebTUIjwQw

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\BusyIndicator.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtGraphicalEffects\Colorize.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\libEGL.dll	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Pane.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\ToolSeparator.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Fusion\Dialog.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Imagine\Menu.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtGraphicalEffects\private\FastGlow.qmlc	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\Qt5QuickTemplates2.dll	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Frame.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Material\SpinBox.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Imagine\DelayButton.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Fusion\MenuBarItem.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Fusion\ToolButton.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtGraphicalEffects\private\FastInnerShadow.qmlc	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\qmldir	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\qtquickcontrols2plugin.dll	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\TextArea.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtGraphicalEffects\private\GaussianMaskedBlur.qmlc	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\RadioButton.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Universal\CheckBox.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtGraphicalEffects\Blend.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtGraphicalEffects\HueSaturation.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtGraphicalEffects\private\GaussianDirectionalBlur.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\imageformats\qsvg.dll	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Universal\ToolButton.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\Qt5Gui.dll	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\Qt5Widgets.dll	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Dialog.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\MenuBar.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Tumbler.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Universal\DialogButtonBox.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Universal\ToolBar.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\ToolBar.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Imagine\Drawer.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Fusion\MenuItem.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Fusion\Slider.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\StackView.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Universal\Drawer.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Material\ComboBox.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Imagine\ToolSeparator.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Fusion\ItemDelegate.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\Qt5QmlWorkerScript.dll	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Window.2\windowplugin.dll	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Material\SwipeDelegate.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Material\ToolBar.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Imagine\Page.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Fusion\ComboBox.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Material\Tumbler.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Imagine\qmldir	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Imagine\StackView.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Fusion\SwipeDelegate.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtGraphicalEffects\RadialGradient.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtGraphicalEffects\private\GaussianMaskedBlur.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\bearer\qgenericbearer.dll	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\libgcc_s_dw2-1.dll	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Material\RoundButton.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Fusion\CheckIndicator.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Fusion\ToolSeparator.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Universal\plugins.qmltypes	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Material\Frame.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Material\TabBar.qml	imager_1.8.5.exe
File created	C:\Program Files (x86)\Raspberry Pi Imager\QtQuick\Controls.2\Imagine\RadioButton.qml	imager_1.8.5.exe

Executes dropped EXE 1 IoCs

pid	Process
2916	rpi-imager.exe

Loads dropped DLL 15 IoCs

pid	Process
2404	imager_1.8.5.exe
2404	imager_1.8.5.exe
2404	imager_1.8.5.exe
2404	imager_1.8.5.exe
2404	imager_1.8.5.exe
2916	rpi-imager.exe
2916	rpi-imager.exe
2916	rpi-imager.exe
2916	rpi-imager.exe
2916	rpi-imager.exe
2916	rpi-imager.exe
2916	rpi-imager.exe
2916	rpi-imager.exe
2916	rpi-imager.exe
2916	rpi-imager.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rpi-imager.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	imager_1.8.5.exe

Modifies registry class 21 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\RPI_IMAGINGUTILITY\shell\open	imager_1.8.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\RPI_IMAGINGUTILITY\shell\open\command	imager_1.8.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.zip\OpenWithProgIds	imager_1.8.5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.xz\OpenWithProgIds\RPI_IMAGINGUTILITY	imager_1.8.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.img\OpenWithProgIds	imager_1.8.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.zstd\OpenWithProgIds	imager_1.8.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.zstd	imager_1.8.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.gz\OpenWithProgIds	imager_1.8.5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.img\OpenWithProgIds\RPI_IMAGINGUTILITY	imager_1.8.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\RPI_IMAGINGUTILITY\shell	imager_1.8.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\RPI_IMAGINGUTILITY	imager_1.8.5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\RPI_IMAGINGUTILITY\shell\open\command\ = "\"C:\\Program Files (x86)\\Raspberry Pi Imager\\rpi-imager.exe\" \"%1\""	imager_1.8.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.zip	imager_1.8.5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.zip\OpenWithProgIds\RPI_IMAGINGUTILITY	imager_1.8.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.gz	imager_1.8.5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.gz\OpenWithProgIds\RPI_IMAGINGUTILITY	imager_1.8.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.xz	imager_1.8.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.xz\OpenWithProgIds	imager_1.8.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.img	imager_1.8.5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\.zstd\OpenWithProgIds\RPI_IMAGINGUTILITY	imager_1.8.5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\RPI_IMAGINGUTILITY\shell\open\FriendlyAppName = "Raspberry Pi Imager"	imager_1.8.5.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2916	2404	imager_1.8.5.exe	31
PID 2404 wrote to memory of 2916	2404	imager_1.8.5.exe	31
PID 2404 wrote to memory of 2916	2404	imager_1.8.5.exe	31
PID 2404 wrote to memory of 2916	2404	imager_1.8.5.exe	31

C:\Users\Admin\AppData\Local\Temp\imager_1.8.5.exe
"C:\Users\Admin\AppData\Local\Temp\imager_1.8.5.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files (x86)\Raspberry Pi Imager\rpi-imager.exe
  "C:\Program Files (x86)\Raspberry Pi Imager\rpi-imager.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsyB482.tmp\ioSpecial.ini

Filesize
1KB

MD5
eb928bb99690d9f855a1b4b6b1f6ce18

SHA1
ff10a0d9638b87c5cb5417197a0ff3333fed83c4

SHA256
78d8b0218cc3271380dc83c02e8b00a6324aa1c2f77138d12451a6bbe44e8852

SHA512
e7ca3411dbddc9826c4e55799ab0194309231e20cd4f34b21f7948377897dc6b00eab01a00c8664a1c40fbd3133e9417902fbc2878bd0f72bfa4b9b747820880

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB482.tmp\ioSpecial.ini

Filesize
1KB

MD5
ac8a73ab12479609fdc5cc49f63a6145

SHA1
2af9c81bd04c760818534a8244dd876b3e804584

SHA256
8faecb1272b233db5033f3f1f4aec2f384c5409646acffffe058c69eb835b96c

SHA512
a71a05256d59cca9a808de7677c3a6843eb12c8a24f03230351c8515907925c35d214486e6f328ec2e462c5e86faac4666a8507a20b15a4e41085ae3b5f59747

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB482.tmp\ioSpecial.ini

Filesize
1KB

MD5
357e4e2caf0f86864be702d7d8905aa7

SHA1
d1418d2ad5515054b967b4b22227db4fe9b7eba6

SHA256
f1ce2255a0f7ee6f78af5baa428223eaf251246c4769525a5533404de7179784

SHA512
5fafc45fcb11f6eac3864c8983fa856058d649282651ce4522aa3533d28a3b8d3d643c988b7415292a0643829f156802bf6921af7a9782824c84a9dff03a6438

Download Submit
\Program Files (x86)\Raspberry Pi Imager\Qt5Core.dll

Filesize
8.2MB

MD5
39d509b1675c380dc549972506a8f717

SHA1
7fdbb1897ccd3ffcdee39ac3838e19f7b9d3f6c7

SHA256
bb88391d53cf771c58887cb54101b5dc638abeb84bce4beddd82be5fb4bae671

SHA512
bb4cfd92dd772b4d7a5bc84a6348be1e7d96864b086bfc331713ebefb47e30c7d1b304cde7d3a25b388ccd7e59816b0e3fe96f85676c722664be470723960ca9

Download Submit
\Program Files (x86)\Raspberry Pi Imager\Qt5Gui.dll

Filesize
9.2MB

MD5
f676936b5dfce1c5ac2f8a1a7f577844

SHA1
c9870365d594bf1d6a4215acd4e730695166f809

SHA256
77f8946ac559cd03694d9a36ab4630cc7d5f0db62b34c00ecec12bc021eafbe9

SHA512
ce4ca22c4afb55a035c68711708ac86b5abf08ddca0bb0b059c3ad130aa1c9266a36e412b4feaeb4cd89edda6aa8ad95225e0a777fb33bcbae828b41c316301a

Download Submit
\Program Files (x86)\Raspberry Pi Imager\Qt5Network.dll

Filesize
2.7MB

MD5
ced4531f553504ed6770d999f9c82cb9

SHA1
3405a3118bb6479413b9a749ce4c0b395622883c

SHA256
77f1bd3192d9e8b15dd23adb15a3f83e92e9474df9a30450247fbe9e96b71736

SHA512
df98b27470b30377928bcea23e18b0c3d8e7929d0d7ee6862887440f6ef577e5172fcb02b82a20b4903ce9eb7e1d00cfb8e1785476cbaaee3da92354f701dcbc

Download Submit
\Program Files (x86)\Raspberry Pi Imager\Qt5Qml.dll

Filesize
7.0MB

MD5
65781efc205f808159563cb526332e28

SHA1
771cfa537a523cad8987179a0211c653cda30c68

SHA256
7244b065771674bf963d998acefad1ee0c93ababfaf667724c4ea3c6bf4f0bce

SHA512
fadd974e9353575ec3e5f631643e246bfbbb0da30c90225fb18c587517603b4f279b0d5f1cab86e47844edb46f6832fda2a338e9717b1534faec7e76bd4d2304

Download Submit
\Program Files (x86)\Raspberry Pi Imager\Qt5Widgets.dll

Filesize
8.8MB

MD5
b037b86cd074ea2a216bbd4b7b489c9c

SHA1
bc6b32e01e03887b06e297009efcf965083aa435

SHA256
2f0c2a362f2ef318ce80e03e914981ad42a1751c74b534725a6bf3cf50ce03a3

SHA512
39472c8ba41dbe53e180568ca61472fd3b912ea55227bbc75e9e2889f9d18551b971079824e9102afe0f132782b20c42f2b7c06b576eba2509c36e5f77b6572b

Download Submit
\Program Files (x86)\Raspberry Pi Imager\Qt5WinExtras.dll

Filesize
432KB

MD5
ffd0b3e6a95ac68a7a534f932677b6e9

SHA1
e2b365833ba1125d2e41082e2f50564b437fc684

SHA256
a6b8f3b595bdd486143e80040dca1bc96390c0fc866e80c4a3a373c8b6a14b4e

SHA512
3590d4ed40f71a3f1028e806bf66a5d972132551d7f6c8056dee4d85126aa9ed3ecbc6c648310114179122fa71e419d237190ec404593b5dfb36ca54961ec26c

Download Submit
\Program Files (x86)\Raspberry Pi Imager\libcrypto-1_1.dll

Filesize
3.1MB

MD5
53ed6c7079e5a683acb8dff532de3fc2

SHA1
e4f1111a1f870a00d7a581e28fc217467156b231

SHA256
7202b19a44c4955ea2e700372a88b0a571acfa3c7bbb8b1217ba2c7e949fc3aa

SHA512
55fc0abd9ecc5524383817d040620236f382bbb3ce71df53d41729cd506bac0bdb543f3ebe7646e8025cb5f2b5bd065f8dca041ce6c0192d86a36d8b9b49f967

Download Submit
\Program Files (x86)\Raspberry Pi Imager\libgcc_s_dw2-1.dll

Filesize
113KB

MD5
9aec524b616618b0d3d00b27b6f51da1

SHA1
64264300801a353db324d11738ffed876550e1d3

SHA256
59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e

SHA512
0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

Download Submit
\Program Files (x86)\Raspberry Pi Imager\libstdc++-6.dll

Filesize
1.5MB

MD5
051973a1420749e10d007049f15a30ab

SHA1
27141d4e7847e16f3cedd487dd3f074811556ff1

SHA256
672458902acead23b1a4dbca8b26e51324e88948196bc30d68703d45547898e8

SHA512
0f105ba29af981afe3a43e6d789f5df8a501c252d3f46bf730d5c92c98358c6656cbdc7bd7d5a0d4c5357ae0acb1144828358b07cf2b1515512ca9b4d3f047fa

Download Submit
\Program Files (x86)\Raspberry Pi Imager\libwinpthread-1.dll

Filesize
46KB

MD5
ed53eee1623a43e9ae174262169f0f2e

SHA1
4bf7e9fa40878e19d6d7b8277982ed958681af86

SHA256
0b5532f93126db45689d7e3162cfc6951f78738a182e52712bb2c71980468f23

SHA512
dce1bc89033313934323e9ad1fd0ef7a525df0fd8f2f7c64b5ca8f5e7780b5526ce9e1fff408f8a00b46f718763d492eae059b7d11d873eea3186e8584dca53c

Download Submit
\Program Files (x86)\Raspberry Pi Imager\rpi-imager.exe

Filesize
3.2MB

MD5
8e125aaa747edfbc2b6f4a0916d8d275

SHA1
3e0fe4905548f6b965dfbffd871ba055f53bc842

SHA256
11d043199e9699e21f5bca9d7a6bf19e75e945ac7216849eddaff9e04b46fb64

SHA512
b4bd1e6ba20307824d0d2616c0e4a46ce26430d54703dddb339cb671605869755363c2506dc21ed474ad64ce616b050daa309a0f8940394a48afc24c5afdeb23

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB482.tmp\InstallOptions.dll

Filesize
15KB

MD5
ece25721125d55aa26cdfe019c871476

SHA1
b87685ae482553823bf95e73e790de48dc0c11ba

SHA256
c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

SHA512
4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB482.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
memory/2404-89-0x0000000075255000-0x0000000075256000-memory.dmp

Filesize
4KB

Download
memory/2404-88-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2916-591-0x0000000068A81000-0x0000000068E0B000-memory.dmp

Filesize
3.5MB

Download
memory/2916-577-0x0000000000870000-0x0000000000EA1000-memory.dmp

Filesize
6.2MB

Download
memory/2916-592-0x0000000068A80000-0x000000006911A000-memory.dmp

Filesize
6.6MB

Download
memory/2916-581-0x0000000061B40000-0x000000006225D000-memory.dmp

Filesize
7.1MB

Download
memory/2916-593-0x0000000000400000-0x000000000073F000-memory.dmp

Filesize
3.2MB

Download
memory/2916-594-0x000000006B400000-0x000000006B6AA000-memory.dmp

Filesize
2.7MB

Download
memory/2916-600-0x0000000069900000-0x0000000069AE2000-memory.dmp

Filesize
1.9MB

Download
memory/2916-601-0x00000000662C0000-0x0000000066726000-memory.dmp

Filesize
4.4MB

Download
memory/2916-596-0x000000006EB40000-0x000000006EB63000-memory.dmp

Filesize
140KB

Download
memory/2916-597-0x0000000064B40000-0x0000000064B54000-memory.dmp

Filesize
80KB

Download
memory/2916-603-0x0000000062C40000-0x0000000062C82000-memory.dmp

Filesize
264KB

Download
memory/2916-602-0x0000000000870000-0x0000000000EA1000-memory.dmp

Filesize
6.2MB

Download
memory/2916-599-0x0000000061B40000-0x000000006225D000-memory.dmp

Filesize
7.1MB

Download
memory/2916-598-0x000000006FE40000-0x000000006FFC3000-memory.dmp

Filesize
1.5MB

Download