Overview

overview

8

Static

static

1

pia-window...20.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    1798s
  • max time network
    1799s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 06:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    pia-windows-x64-3.5.7-08120.exe

  • Size

    21.2MB

  • MD5

    c5a4dad9025bd2196874b395db2093e7

  • SHA1

    f38ac163e2064f249190a2cf7b3e50e1c66beef8

  • SHA256

    013a8235cb3126ea004c16a48671cb3045f81031864f2af56bb9e50a6737ea28

  • SHA512

    cd6f1d26b27629b9e1711374483f4b8b491fe993e8e68b513bc28678f28a14a18d71a99c29350e5c5cafd9edc10a0076c520157a3e52a54d601c75371bdce350

  • SSDEEP

    393216:4FHhFZe5GUYb01APo8ao8mhQw1jfCmczH5iW1LsLTn5zw0kCROwCeB0VereKyAm:shq5dUphDj6TxLmnOlQBVBPerx

Score
8/10
discovery

Malware Config

Signatures

  • Drops file in Drivers directory 3 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 20 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 63 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 29 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\pia-windows-x64-3.5.7-08120.exe
    "C:\Users\Admin\AppData\Local\Temp\pia-windows-x64-3.5.7-08120.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3020
    • C:\Program Files\Private Internet Access\pia-client.exe
      "C:\Program Files\Private Internet Access\pia-client.exe" --clear-cache
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:632
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4140
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{d8653f26-3890-7142-ad80-8c2189edda8f}\oemvista.inf" "9" "4913cc9cb" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "c:\program files\private internet access\tap\win10"
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:3452
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:3beb73aff103cc24:tap-pia-0901.ndi:9.24.2.601:tap-pia-0901," "4913cc9cb" "0000000000000148"
      2⤵
      • Drops file in Drivers directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:1564
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "4" "9" "C:\Windows\Temp\ebc95c55fe32344ee58c261566eedf6406ef0f0d10a47dd81ecbdb45b9119f9f\wintun.inf" "9" "4031131fb" "000000000000017C" "WinSta0\Default" "0000000000000160" "208" "C:\Windows\Temp\ebc95c55fe32344ee58c261566eedf6406ef0f0d10a47dd81ecbdb45b9119f9f"
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:4184
  • C:\Program Files\Private Internet Access\pia-service.exe
    "C:\Program Files\Private Internet Access\pia-service.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Program Files\Private Internet Access\pia-wgservice.exe
      "C:\Program Files\Private Internet Access\pia-wgservice.exe" /cleaninterface wgpia0
      2⤵
      • Executes dropped EXE
      PID:4468
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3756
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3488
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding 9489857A1ACE7810B2EF2CEE607653E3 E Global\MSI0000
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Loads dropped DLL
      PID:1048
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    PID:3496

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Config.Msi\e577c28.rbs
          Filesize

          7KB

          MD5

          302a75d2e8067788a6d17965645d21cb

          SHA1

          88508a9bf079456d73c471e2795b0d138b57d875

          SHA256

          27114112cdc4d73a0e241804999c528408a93505747e5a111bb33080c7cf1616

          SHA512

          5e0f23fa42791dc74416c824906d3e4f4446d075ef4325119806aad5a47da2cfd25ca60df99a39aa207c607b0e613ac0e0f92f02fa620dd21ea5f478ff799c95

          Download Submit

        • C:\PROGRA~1\PRIVAT~1\tap\win10\tap-pia-0901.cat
          Filesize

          10KB

          MD5

          5c912dc8273b1fa10cb386d9c012cc1e

          SHA1

          9d6a69bd20d457dd54b02add95c7d2a43a4f7377

          SHA256

          de319c4a44f1dfa839b1bb7854e3c154e887a183b0b4e5f3f21c1f9708b6f9b2

          SHA512

          fa56222958edb8542979294b362205e68daa7010e68d912404f83b5ce048e00350a3d92b071fdced490ca1adde62c9878735627dc006bbe169ca0e0e01fe35e0

          Download Submit

        • C:\Program Files\Private Internet Access\MSVCP140.dll
          Filesize

          552KB

          MD5

          acac7b54a296d0dea20ae105914d6a1f

          SHA1

          8b285b8534bac5e3b06bf322171c06d513246f2c

          SHA256

          dd64a0ce847de17e42a52ec9eed794a6347c79f4f5b37114e53eb7c967fb53fd

          SHA512

          14a760cbd5d0211ecfc75a38d7f6ac1ca3b7b191775ce8900759cbb16a8af318d9bf78f22374123d78510da0f34253469b16186884b721c5e1b2968d8ce2ff45

          Download Submit

        • C:\Program Files\Private Internet Access\Qt5Core.dll
          Filesize

          5.7MB

          MD5

          bffac38e1af11804366a76d13a91ecfc

          SHA1

          a627516c2216c7d6df458af09819620e5e99a680

          SHA256

          0f1466d820d416979ab576eca864ab808ca6933cea351cb0aa769defe72603d3

          SHA512

          a1cf35a550e3b16ca2741c637947c4692e183b9d3e75bfb287dfcaf5ad06495db104a98a4026c486982e2ff74cfab7ff579ac61c1bec4b496d9a30d550253d66

          Download Submit

        • C:\Program Files\Private Internet Access\Qt5Gui.dll
          Filesize

          6.7MB

          MD5

          7c9fd758d9d1ceb3cfbd3a340c21319a

          SHA1

          ee1d03be1975e91b9136c4552b879eefcc467984

          SHA256

          c79493d209840dc864626dbfd5d9527277fc66e79409614c4f2f9bfc3a8a9183

          SHA512

          fd32870b038febab825a812c18d011f34f746197fc4990771474352106d7a3ef73d31d42513eb46ade69785359126351c9d6766ce7111f9c3801df0da7563bc5

          Download Submit

        • C:\Program Files\Private Internet Access\Qt5Network.dll
          Filesize

          1.3MB

          MD5

          a7ea038aa585f453506334058c2d3b57

          SHA1

          6024de2461f27e8f2a71b52c72a95b6f4286fee0

          SHA256

          432362a1163ae67a74b079b9504693fd94a328b7b5acd76730af8e6af6ad8d39

          SHA512

          dcea156689564fb79c8283667b3cc60fac74bb074f56a80b68a783f8e6fcb65ff4f1226dc05c49bfe47fc16bb82963b8b93c9b2e3912ca60836651351049fd2d

          Download Submit

        • C:\Program Files\Private Internet Access\Qt5Qml.dll
          Filesize

          3.4MB

          MD5

          d482b871da5a079cd8caea0028ba5cdc

          SHA1

          c4df4cc14380b05bfee750cd114fdf9458281c22

          SHA256

          bdc727fe8d26aee953e113c4ef8c38876c189f619ff1e225fef935cc984cee72

          SHA512

          abd956e79252622ec43f09d746013363a4d21bf01ac18601a9efad551e50a633efb67ea6f3f6a6554aff06adfadcd1dc55e6a0fc6147fce268928710b55f9028

          Download Submit

        • C:\Program Files\Private Internet Access\Qt5QmlModels.dll
          Filesize

          430KB

          MD5

          2638e03fabfe2ef87b15f6e9ff594fde

          SHA1

          c26f83432b0ba53c9bc966d99c722afe5aa5ee29

          SHA256

          273414327c156ab357ad7f8c2110083d79973d2bfbf73fe6cad7b9a5fa493dff

          SHA512

          9dc2777829620a6936cab41f8bc065b1a7f1ddd9f5820e42b315175747187868f84fdb80ca5f2067c725ca37811eb721b0cf59f99128a185bd0da8a978c4ff1a

          Download Submit

        • C:\Program Files\Private Internet Access\Qt5Quick.dll
          Filesize

          4.0MB

          MD5

          9e221c3551440f6c6f00ccae2b4f7568

          SHA1

          20e05c23f8b921b6bcfb57634dc4d648f336208f

          SHA256

          2e7efe561c6f564a2c95527a064e4c96786e6869708388bbb804a2fb1dc26704

          SHA512

          9d5ed70e9bdfe33cf124dcf934db64d7d4fcab63e8717c9348018e0d1926cf6a9a7d93ed613cbe77846fc5c291deef410f76b9aecb14ac45c508ddc0dcf78c9e

          Download Submit

        • C:\Program Files\Private Internet Access\Qt5WinExtras.dll
          Filesize

          233KB

          MD5

          4dcf95420a00153bf2674375f4c41b86

          SHA1

          f2dc4df114b4192b1a4d0e216248f7cf1bdbd4e2

          SHA256

          064821d520a9cd29bcc5539aea50b27e863ab0297eab81975a2b315a58ff9e27

          SHA512

          fd3a9bf1ad7f49c216b496e1c923d5c1bd901e7fafc5263c720d37b3a405db5c15e9b6f8a6dccc7ed56d572fc41fb9680f5675711c492aea31af14eb79628f87

          Download Submit

        • C:\Program Files\Private Internet Access\Qt5Xml.dll
          Filesize

          210KB

          MD5

          57036b763bef1784d44b0efc287bc389

          SHA1

          9d41e387d476471e0be4317c7aa79a2684581424

          SHA256

          f5d0e1b7be89165d4c96a6f1f69bd4c230e958d4b994459c20f766ffdc14f55a

          SHA512

          5ba34090b6f0e8ed70e335467783e03ce3d79d13425eef55b1d4533e5a626a5c0f3611c0c05c28f656ad3aa4f74e51083a558d50a909e81140483253da4f4729

          Download Submit

        • C:\Program Files\Private Internet Access\data\data.json
          Filesize

          179KB

          MD5

          352f95b1a1727281419c257b7ccf8315

          SHA1

          2567d843536823bb2d01dd70f37df9d8c42957f5

          SHA256

          e73236d02ed677f2cdc2aecba1e534ee85b4fa71eaaf34953556f50044e32a8b

          SHA512

          f6f4ac2c26d7533dc387ed7fedb1e8a56f84e7773da698c974c71781d70733eb1be9dfa853c36ddb94f4d9b2fde2a068bb38f04d9d27827a39f73b4205c728d0

          Download Submit

        • C:\Program Files\Private Internet Access\data\data.json
          Filesize

          179KB

          MD5

          bc93ac946310714f2b8fefdd3d077eef

          SHA1

          4f46bb6e3dde4c79dfaea9df80562bf9d547ccdd

          SHA256

          4669a94230769dfc5d933dcb2316ef9b739e84e8ad9b2540c4b91aa62ee298ad

          SHA512

          219a7f19dac5c722bd0a13716cdf81d0631f764305de338ff8bb3a60cfc3fd76ac2f98d399dac06a30f66e7b24014a56ab3abc62f8182a2cbed624d676d28fa6

          Download Submit

        • C:\Program Files\Private Internet Access\data\data.json
          Filesize

          178KB

          MD5

          f44b29e611e6ef88dfd7a564f0dcd1c3

          SHA1

          e9084e3a2ea5d3fcd92385530cce9ae0dcc39ec7

          SHA256

          647aa7dbf274944909ffaaf2677d11e0d42cc941bc612390271018fc96598fd4

          SHA512

          7a728150815b4d7b0a04ef3507cad0f396cd2ef61eee337854fd9e086b329f189844792f68694c7f4928021b53b3292d79535d958f1c6519dffff14164765038

          Download Submit

        • C:\Program Files\Private Internet Access\kapps_core.dll
          Filesize

          166KB

          MD5

          b230e9adfee968f95d00a6e888cc90de

          SHA1

          b6f86f855a3d634b7c098f3ba35a12457bf7f852

          SHA256

          4200a1acced2b0b444158365c332d68c28979028256087f7e8cc8fc55a509e37

          SHA512

          e854127522bfdf31fb7eb76d7f8d5d194fa50624fc85e3882b1f61b449ba21887347dfbbcebcb4b0984e8f1651ccb13ea8c56d5487599512401e71ce25dcae86

          Download Submit

        • C:\Program Files\Private Internet Access\kapps_net.dll
          Filesize

          243KB

          MD5

          3bcde82f04c72f6ad89906fb718c2cd3

          SHA1

          39025a168d4e6005610b5345ea63420fd6da3e9c

          SHA256

          9aeb1fa91a2523b84b17dc2b6c5e0fe7cd7d5b283aac8b9dfc143c3d08722018

          SHA512

          1d96d1d5c72d3dc4aac675533ad8f620f25da3dca7287902f220bf2f4d107353984d91e3861469d264c1c302b9fb77337cd24ac4b94dea05d3abfc9084701745

          Download Submit

        • C:\Program Files\Private Internet Access\kapps_regions.dll
          Filesize

          377KB

          MD5

          39b9c43149176329b3df479c1a130c84

          SHA1

          92b43d4ec7d93a9cbccadd2cc8954d13ec85db67

          SHA256

          0a3bcdbf0a33d72b242465e2826849f51e68ef1c811bb60ff84c8e9cd2602e42

          SHA512

          d1e282e0e459e19a9e5eaf95d8064d0f9e0cdaf11f09418adf79f48935ca36d4bc1263672cef274018972b75cccdc006b546c92e08a7849c233dbc9a3d65745a

          Download Submit

        • C:\Program Files\Private Internet Access\libcrypto-1_1-x64.dll
          Filesize

          3.5MB

          MD5

          88acb8c2a536290e7ef09ea634d739f7

          SHA1

          1f43e50f836e3024ada6be81a1c1911d2e4419c6

          SHA256

          6c036b347844aecac716bd4778e5fd5b4722bca81332fbcc2a4e2961fe5d8bd6

          SHA512

          42c18eb6102a3aaa912523b6180d98aabc34c692c2f4702b4f85bf9f7c9ee737f8f088bbf319a896a7989d88045da3186ecaf050d7ea2be8ef6f984de221725f

          Download Submit

        • C:\Program Files\Private Internet Access\libssl-1_1-x64.dll
          Filesize

          911KB

          MD5

          09872e245ffe69a984ec930902573e49

          SHA1

          5b52d25220f0127c7c5045798b1b2048a0e4f982

          SHA256

          a0e1db1a24ecff383bf220db7621d01f1b38449a389cd0c2d251f6cdea85378b

          SHA512

          c1283390745a645b4bab1cd42a56fcdf20baad408c3f474b94e255d4cdd5d29ec9636a9a0813daa28c166000e638e02bd45646c0ee8a3504f4c8821347cad387

          Download Submit

        • C:\Program Files\Private Internet Access\msvcp140_1.dll
          Filesize

          23KB

          MD5

          ab6cd7971aaf69636e9021fb3135cbf4

          SHA1

          ecd9c4ed543d01788212dcf701e12ae55e6bc454

          SHA256

          b991072665c8c812325c956e23d0335bb0bee5a86562395190ab87b8833f288d

          SHA512

          a62b71771ba11c93598bfd2457f6a857583eec1e1bb49d60298ceb388810759ffef17aa15e71be02a755810f12744f210b371b06d7573d4617ad6496af7dae2a

          Download Submit

        • C:\Program Files\Private Internet Access\pia-client.exe
          Filesize

          5.0MB

          MD5

          ddd82566650f1c67c7431e64b1f52353

          SHA1

          f80c8487c0e98d29f149190fa2551349d883429c

          SHA256

          fb48c472f396526adbd0a726da44a741effa63d2540384a696b60b797e637fbb

          SHA512

          73eff1474d61b8312898fcd7803b79df68cbe7039f3d99cf971e9a539a001bcafc27d8b5177aea2c774ddb9b4f56a68e68b1568ccdad748acccaadb0144bf2a7

          Download Submit

        • C:\Program Files\Private Internet Access\pia-clientlib.dll
          Filesize

          300KB

          MD5

          831e9ad1f9bfdcc73a3d89e61b33f2ab

          SHA1

          40051cf560c24994fcc34e10abd97a38cb6686a2

          SHA256

          b5ec91545352690f4761542a930064a59839fca01362e8cbadd7e38a3bc6b50c

          SHA512

          2f496b8b489903e03465a11053c06dbe998a1ff892bd94b7f301b6c52c40cd3c0a30fd8433c32320a2dc24a636040369c1f5ae90a797cb791f7e8e7d197b3daf

          Download Submit

        • C:\Program Files\Private Internet Access\pia-commonlib.dll
          Filesize

          1.1MB

          MD5

          987a433b8f5495a633179535d30cb670

          SHA1

          cebbdcc7202f331f67f0de356e49cdb14256d714

          SHA256

          d5e8daa2f9105c007743efc1418c992d5468e2cfbd59f85f16d0a009562d12b9

          SHA512

          77e3a25514a8ed5c34ae550d73e7af66ff93b50d95edd5b529fd057be10ad793e472bace224147c5b1fa4a626610ffae8933fb8f598104959251fa58445bae1b

          Download Submit

        • C:\Program Files\Private Internet Access\pia-service.exe
          Filesize

          1.3MB

          MD5

          02ca4871eba5c092cd5918c59109cbc1

          SHA1

          7db333c6cda61a4895bb9a43350d25148475e53e

          SHA256

          2e53256b7105f772905aff51def75959c4c705f0dc4772953774517f2218ba39

          SHA512

          7e9bd4a1041d8e4fdcf90741b355ceb632f6abbe22d53ce9b16571b46cdfd2f0dd9e522f6387988c485172073949449808e0d4686cc70828f35381aafe8df1c7

          Download Submit

        • C:\Program Files\Private Internet Access\pia-unbound.exe
          Filesize

          1.3MB

          MD5

          ffa3104b429bf522d5e148771e14073c

          SHA1

          3f153f8e3d9ff0667be227d0be9cecab3cb7a309

          SHA256

          e38dd45a53b02a21355bebfae2f8e8eb69d881cded40f5e357669222686d2441

          SHA512

          2f856ce7d51cff02513691801512ce1698986c8642800d4988cb0db21bed7eab01578569703ab0b69a2f7a2f4d6ca3e33fc042bfad2be783424b4ff922183e31

          Download Submit

        • C:\Program Files\Private Internet Access\tap\win10\OemVista.inf
          Filesize

          7KB

          MD5

          75d7bbba25d646f4d8e64a46e8d5f189

          SHA1

          09af2f1e0604abff1f4f944cf653c1c08d619a95

          SHA256

          20b0989f66a23ef6b1b2e17e064a069de8655f1e423925eac495ebb840181bce

          SHA512

          ca028c66945f9b84521249a37e526aada855d4f2ee665941fea44e382c626014545cc169a9843059d513daded6a61f20bf48fe176339c9c50743a5ab12d7dd38

          Download Submit

        • C:\Program Files\Private Internet Access\tap\win10\tap-pia-0901.sys
          Filesize

          39KB

          MD5

          92f6261306d323052b9d81c8bcbc25ca

          SHA1

          737661771827b349f01a581f73a7555e8f7e569d

          SHA256

          3ca3816bfb2366f7ba4650ef33f14ce2a7a4fa66631f345b7ad09808b5e78563

          SHA512

          4e562404aa596fe01b4e56678b521c511aa952f2e5593cb99df301855879fd6e422759cafe1f4441555e9fc75eb9f7e61bdf135c2bbcbdf6b96bbceb4c6a4f4a

          Download Submit

        • C:\Program Files\Private Internet Access\vcruntime140.dll
          Filesize

          94KB

          MD5

          afc14553cb2555656da51f35b3f42e64

          SHA1

          37da6a26f62a0e9870737c2d3962eb8c16a0f244

          SHA256

          e8e1d3723dea6212243a593ee7e17238ce112c6d108d97b766ba51c8cf1d2b7c

          SHA512

          c47df379826c6b0045669d50bcabdd8a108eea6ee49a6637ac50fe392c36135e3a4c623e778fa6cc0bef5407563f997729d898d31dccb2d05f8a793be40a1263

          Download Submit

        • C:\Program Files\Private Internet Access\vcruntime140_1.dll
          Filesize

          36KB

          MD5

          482f4bbfb112b6a2751c491f22abcdcc

          SHA1

          b219b56802e75e9e889f78b5dcfc66a1b4c7975f

          SHA256

          9cf6cf0f01cd6b3584ae5f57386f1834d9d7225dc9ad47b94ad0ab0a6d370c2f

          SHA512

          3b4965cb715727346e3b181956e8a54f3804253b1773f57eb55fd34de13cf0de0e428ae1eed9c77a95f59ad024e6d895d36215c5655fa6133af68635462ddbb9

          Download Submit

        • C:\Program Files\Private Internet Access\wintun\pia-wintun.msi
          Filesize

          316KB

          MD5

          810b7cab39784a5eb7f3f36407230173

          SHA1

          d556a1bca0965b3fc84b902af6d6b62c68f25e88

          SHA256

          6eaa3ddbe1603d20d25349fadb3517143de5423755d6bfe78ac2b7f4f8d9dbe5

          SHA512

          5f29c83ac59e66754475c5451093c6f1df980d2a382754f2baebbec06417524bf64d7d0a2a3e3c219392c31d5c0a1d6e04a68616d59b5540d4eb29835e1bdf99

          Download Submit

        • C:\Windows\System32\DriverStore\Temp\{4dc6ecf1-7a57-0b4e-9700-14a2a3c80a1e}\wintun.cat
          Filesize

          9KB

          MD5

          faba2ccb8fe366fd281ca6be6d2bb7c2

          SHA1

          bb7bd32a21f3eba652fde24146387ffc5278143e

          SHA256

          602187e5470ddbdf9421045bb0515f358c88bf88f59fd8a886fb6373da5d0f82

          SHA512

          ec424a545e2598f299706499dab07b4d12b0734a52f928216a53bca2b7f384b97bd4fc092d7d68de636a75daf79ac392c4b49b7251ec011236de1659253d6214

          Download Submit

        • C:\Windows\System32\DriverStore\Temp\{4dc6ecf1-7a57-0b4e-9700-14a2a3c80a1e}\wintun.sys
          Filesize

          37KB

          MD5

          1945d7d1f56b67ae1cad6ffe13a01985

          SHA1

          2c1a369f9e12e5c6549439e60dd6c728bf1bffde

          SHA256

          eb58bf00df7b4f98334178e75df3348c609ea5c6c74cf7f185f363aa23976c8b

          SHA512

          09af87898528eaa657d46c79b7c4ebc0e415478a421b0b97355294c059878178eb32e172979ee9b7c59126861d51a5831e337a96666c43c96cb1cf8f11bc0a0f

          Download Submit

        • C:\Windows\Temp\ebc95c55fe32344ee58c261566eedf6406ef0f0d10a47dd81ecbdb45b9119f9f\wintun.inf
          Filesize

          1KB

          MD5

          8480579050970b0812cc3d9a1bce1340

          SHA1

          edebebd090602f4eee375ad754c8566d4fda23cb

          SHA256

          44098408ab9611dd99a38e140c7fb1ca5dce6eb2d5f0d5e500547ac1ba5d235b

          SHA512

          46de9202c3cf0ddbf19f9e0e02ec17530f2722abfa08669fd30a6095ce2342fa89a2cc59c1d47afd82b48c915bb95f4c6d16e7c21129a9c8f09c2bf239566933

          Download Submit

        • memory/632-2094-0x000002042C210000-0x000002042C211000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2114-0x000002042C670000-0x000002042C671000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2089-0x000002042B870000-0x000002042B871000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2088-0x000002042B870000-0x000002042B871000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2087-0x000002042B870000-0x000002042B871000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2086-0x000002042B870000-0x000002042B871000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2098-0x000002042C210000-0x000002042C211000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2097-0x000002042C210000-0x000002042C211000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2096-0x000002042C210000-0x000002042C211000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2095-0x000002042C210000-0x000002042C211000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-1915-0x000002042B870000-0x000002042B871000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2093-0x000002042C210000-0x000002042C211000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2091-0x000002042B870000-0x000002042B871000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2099-0x000002042C210000-0x000002042C211000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2100-0x000002042C210000-0x000002042C211000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2105-0x000002042C210000-0x000002042C211000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2104-0x000002042C630000-0x000002042C631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2103-0x000002042C630000-0x000002042C631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2101-0x000002042C210000-0x000002042C211000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2109-0x000002042C630000-0x000002042C631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2107-0x000002042C630000-0x000002042C631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2106-0x000002042C630000-0x000002042C631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2108-0x000002042C630000-0x000002042C631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2110-0x000002042C630000-0x000002042C631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2111-0x000002042C630000-0x000002042C631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2112-0x000002042C630000-0x000002042C631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2117-0x000002042C670000-0x000002042C671000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-1911-0x000002042AE30000-0x000002042B270000-memory.dmp

          Filesize

          4.2MB

          Download

        • memory/632-2116-0x000002042C670000-0x000002042C671000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2115-0x000002042C630000-0x000002042C631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2118-0x000002042C670000-0x000002042C671000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-1910-0x00007FFCF7950000-0x00007FFCF7D48000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/632-1913-0x000002042B270000-0x000002042B470000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/632-1916-0x000002042B870000-0x000002042B871000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-1917-0x000002042B870000-0x000002042B871000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-1918-0x000002042B870000-0x000002042B871000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-1919-0x000002042B870000-0x000002042B871000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2301-0x000002042C6B0000-0x000002042C6B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2300-0x000002042C6B0000-0x000002042C6B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-1920-0x000002042B870000-0x000002042B871000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2317-0x000002042C6D0000-0x000002042C6D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2315-0x000002042C6C0000-0x000002042C6C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2314-0x000002042C6C0000-0x000002042C6C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2313-0x000002042C6C0000-0x000002042C6C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2312-0x000002042C6C0000-0x000002042C6C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2311-0x000002042C6C0000-0x000002042C6C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2310-0x000002042C6B0000-0x000002042C6B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2309-0x000002042C6B0000-0x000002042C6B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2308-0x000002042C6B0000-0x000002042C6B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2307-0x000002042C6C0000-0x000002042C6C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2305-0x000002042C6B0000-0x000002042C6B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2304-0x000002042C670000-0x000002042C671000-memory.dmp

          Filesize

          4KB

          Download

        • memory/632-2303-0x000002042C670000-0x000002042C671000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1676-2120-0x00007FFCF8980000-0x00007FFCF8A43000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1676-2119-0x00007FFCF8C70000-0x00007FFCF8F79000-memory.dmp

          Filesize

          3.0MB

          Download

        • memory/4468-2297-0x00000000009C0000-0x0000000000E25000-memory.dmp

          Filesize

          4.4MB

          Download