Automated Malware Analysis Management Report for GlobalProtect64.msi

Overview

General Information

Sample name:	GlobalProtect64.msi
Analysis ID:	1643489
MD5:	c06338506a75ea329e0c892ab255594b
SHA1:	c7cc6729c09b0486ba7171481bdb1b15b13d52ce
SHA256:	2edaa177ac6d8e50464699e96c092e95acd713b48006d0ceb0853366d93b7020
Infos:

Detection

Score:	32
Range:	0 - 100
Confidence:	20%

Compliance

Score:	64
Range:	0 - 100

Signatures

Allocates memory in foreign processes

Changes security center settings (notifications, updates, antivirus, firewall)

Creates files in the system32 config directory

Modifies the DNS server

Queries Google from non browser process on port 80

Writes to foreign memory regions

Checks for available system drives (often done to infect USB drives)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains capabilities to detect virtual machines

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the driver directory

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables driver privileges

Enables security privileges

Found dropped PE file which has not been started or loaded

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries disk information (often used to detect virtual machines)

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Sigma detected: CurrentVersion Autorun Keys Modification

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

Bitcoin Miner

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION PanGPA.exe
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION PanGPA.exe

Compliance

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_JAPANESE.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_SPANISH.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bmp00001.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaresource.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedInternal.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Lato-Regular.ttf
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_GERMAN.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.inf
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.cat
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHip.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_busy.ico
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.inf
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bitmap1.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPSupport.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.cat
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.ico
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\license.cfg
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PsvCtrl.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\WdfCoinstaller01011.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.sys
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_32.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedNone.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\uninstall.ico
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_64.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedFail.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaheap.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE_TRADITIONAL.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gp-public.pem
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwalocal.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.sys
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bitmap2.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\close1.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwautils.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Connecting.avi
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanVcrediChecker.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\WebView2Loader.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_FRENCH.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanMSAgent.ico
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\app.sig
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\DEM64.msi
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\res
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\res\help.chm
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\message.bin
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_ok.ico
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Lato-Semibold.ttf
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaapi.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_ok_msg.ico
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanSupport.ico
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\res\Panw-Logo.png
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Decimal-Medium-Pro.otf
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Connected.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd64.cat
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bmp00003.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Connecting.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\close2.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\close3.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_stop.ico
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\debug_drv.log
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanProxyAgent.log
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pan_gp_event.log

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D6DDD103-F4D3-4123-A9A2-E61CFE9FBCD0}

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

File created: C:\Windows\INF\setupapi.app.log

Source: GlobalProtect64.msi

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 8.8.8.8:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 8.8.8.8:443 -> 192.168.2.16:49737 version: TLS 1.2

Spreading

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\svchost.exe	File opened: d:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Local Storage\leveldb\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Local Storage\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\

Networking

Queries Google from non browser process on port 80

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

HTTP traffic: GET /generate_204 HTTP/1.1 Host: clients3.google.com User-Agent: PAN GlobalProtect/6.3.1-383 (Microsoft Windows 10 Pro , 64-bit) Connection: Keep-Alive

Suricata IDS alerts with low severity for network traffic

Source: Network traffic

Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49737 -> 8.8.8.8:443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /generate_204 HTTP/1.1Host: clients3.google.comUser-Agent: PAN GlobalProtect/6.3.1-383 (Microsoft Windows 10 Pro , 64-bit)Connection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: c.pki.goog
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: dns.google
Source: global traffic	DNS traffic detected: DNS query: clients3.google.com

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 8.8.8.8:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 8.8.8.8:443 -> 192.168.2.16:49737 version: TLS 1.2

System Summary

Creates driver files

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.sys

Creates files inside the driver directory

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

File created: C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4b3413.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{D6DDD103-F4D3-4123-A9A2-E61CFE9FBCD0}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3D69.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\PanPlapProvider.dll
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\PanCredProv.dll
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\PanV2CredProv.dll
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\PanPlapApp.exe
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{D6DDD103-F4D3-4123-A9A2-E61CFE9FBCD0}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{D6DDD103-F4D3-4123-A9A2-E61CFE9FBCD0}\_853F67D554F05449430E7E.exe
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{D6DDD103-F4D3-4123-A9A2-E61CFE9FBCD0}\_F67ADD686FB057D50FF66A.exe
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{D6DDD103-F4D3-4123-A9A2-E61CFE9FBCD0}\_76ABBD49E711C599777E87.exe
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4b3415.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4b3415.msi
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\3ware.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\61883.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\acxhdaudiop.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\adp80xx.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\amdsata.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\amdsbs.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\athw8x.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\avc.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\b57nd60a.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\battery.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\bcmdhd64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\bcmwdidhdpcie.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\bda.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\btampm.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\BthLCPen.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\bthmtpenum.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\BthOob.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\bthpan.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\bthprint.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\bthspp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\cht4nulx64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\cht4sx64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_1394.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_61883.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_apo.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_avc.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_barcodescanner.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_battery.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_biometric.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_bluetooth.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_camera.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_cashdrawer.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_cdrom.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_computeaccelerator.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_computer.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_diskdrive.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_display.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_dot4.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_dot4print.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_extension.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fdc.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_firmware.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_floppydisk.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsactivitymonitor.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsantivirus.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fscfsmetadataserver.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fscompression.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fscontentscreener.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fscontinuousbackup.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fscopyprotection.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsencryption.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fshsm.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsinfrastructure.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsopenfilebackup.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsphysicalquotamgmt.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsquotamgmt.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsreplication.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fssecurityenhancer.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fssystem.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fssystemrecovery.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsundelete.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsvirtualization.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_hdc.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_hidclass.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_holographic.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_image.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_infrared.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_keyboard.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_legacydriver.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_linedisplay.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_magneticstripereader.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_mcx.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_media.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_mediumchanger.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_memory.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_modem.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_monitor.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_mouse.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_mtd.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_multifunction.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_multiportserial.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_net.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_netclient.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_netdriver.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_netservice.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_nettrans.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_pcmcia.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_pnpprinters.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_ports.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_printer.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_processor.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_proximity.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_receiptprinter.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_sbp2.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_scmdisk.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_scmvolume.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_scsiadapter.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_sdhost.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_securitydevices.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_sensor.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_smartcard.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_smartcardfilter.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_smartcardreader.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_smrdisk.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_smrvolume.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_sslaccel.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_swcomponent.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_system.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_tapedrive.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_ucm.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_unknown.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_usb.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_usbdevice.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_usbfn.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_volsnap.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_volume.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_wceusbs.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_wpd.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\dc1-controller.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\dc21x4vm.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\digitalmediadevice.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\displayoverride.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\e2xw10x64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\eaphost.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ehstorpwddrv.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\fidohid.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\fusionv2.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\gameport.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\halextintclpiodma.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\halextpl080.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\hdaudss.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\heat.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\hidbthle.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\hidcfu.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\hidirkbd.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\hidscanner.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\hidserv.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\HidTelephonyDriver.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\hpsamd.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\idtsec.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\image.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ipmidrv.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ipoib6x.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ItSas35i.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ks.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\kscaptur.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\lltdio.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\lsi_sas2i.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\lsi_sas3i.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\lsi_sss.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mbtr8897w81x64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mchgr.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdm3com.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdm5674a.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmadc.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmagm64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmags64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmairte.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmaiwa.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmaiwa3.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmaiwa4.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmaiwa5.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmaiwat.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmar1.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmarch.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmarn.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmati.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmatm2k.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmaus.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmboca.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmbsb.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmbug3.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmbw561.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmc26a.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcdp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcm28.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcodex.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcom1.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcommu.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcomp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcpq.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcpq2.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcpv.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcrtix.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcxhv6.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcxpv6.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmdcm5.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmdcm6.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmdf56f.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmdgitn.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmdp2.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmdsi.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmdyna.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmeiger.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmelsa.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmeric.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmeric2.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmetech.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmfj2.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgatew.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgcs.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgen.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl001.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl002.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl003.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl004.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl005.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl006.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl007.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl008.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl009.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl010.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgsm.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmhaeu.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmhandy.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmhay2.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmhayes.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdminfot.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmiodat.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmirmdm.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmisdn.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmjf56e.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmke.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmkortx.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmlasat.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmlasno.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmlucnt.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmc288.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmcd.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmcom.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmct.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmega.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmetri.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmhrtz.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmhzel.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmminij.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmod.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmot64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmoto1.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmotou.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmts.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmneuhs.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnis1u.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnis2u.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnis3t.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnis5t.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnokia.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnova.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmntt1.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnttd2.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnttd6.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnttme.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnttp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnttp2.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnttte.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmolic.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmomrn3.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmoptn.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmosi.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmpace.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmpenr.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmpin.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmpn1.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmpp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmpsion.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmracal.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmrock.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmrock3.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmrock4.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmrock5.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsier.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsii64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsmart.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsonyu.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsun1.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsun2.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsupr3.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsupra.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsuprv.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtdk.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtdkj2.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtdkj3.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtdkj4.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtdkj5.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtdkj6.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtdkj7.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtexas.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmti.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtkr.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtron.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmusrf.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmusrg.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmusrgl.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmusrk1.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmusrsp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmvdot.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmvv.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmwhql0.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmx5560.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmzoom.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmzyp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmzyxel.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmzyxlg.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\megasas.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\megasas2i.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\megasas35i.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\megasr.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mf.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mgtdyn.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\microsoft_bluetooth_a2dp_snk.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\microsoft_bluetooth_a2dp_src.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\microsoft_bluetooth_hfp_ag.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\microsoft_bluetooth_hfp_hf.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\miradisp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\modemcsa.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mrvlpcie8897.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\msclmd.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\msdri.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\msdv.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mstape.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\msux64w10.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\multiprt.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mvumis.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mwlu97w8x64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ndiscap.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ndisimplatform.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ndisimplatformmp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ndisuio.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net1yx64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net44amd.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net7400-x64-n650.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net7500-x64-n650f.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net7800-x64-n650f.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net8185.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net8187bv64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net8187se64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net8192se64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net8192su64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net819xp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net9500-x64-n650f.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netathr10x.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netathrx.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netax88179_178a.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netax88772.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netbc63a.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netbc64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netbrdg.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netbxnda.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\nete1e3e.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\nete1g3e.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netefe3e.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netelx.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netg664.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netimm.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netip6.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netirda.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netjme.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netk57a.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netl160a.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netl1c63x64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netl1e64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netl260a.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netlldp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netloop.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netmlx4eth63.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netmlx5.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netmscli.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netmyk64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netnb.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netnvm64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netnvma.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netnwifi.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netpacer.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netpgm.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netr28ux.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netr28x.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netr7364.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrass.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrast.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrndis.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrtl64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrtwlane.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrtwlane01.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrtwlane_13.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrtwlans.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrtwlanu.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netserv.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\nett4x64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\nettcpip.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netv1x64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netvchannel.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netvf63a.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netvg63a.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netvwifibus.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netvwififlt.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netvwifimp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netvwwanmp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwbw02.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwew00.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwew01.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwlv64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwmbclass.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwns64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwsw00.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwtw02.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwtw04.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwtw06.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwtw08.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netxex64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ntprint.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ntprint4.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\nulhpopr.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\nulhprs8.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\nvraid.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\oem0.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\oem1.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\oem3.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\oposdrv.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\pcmcia.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\PerceptionSimulationHeadset.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\PerceptionSimulationSixDof.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\PerceptionSimulationSixDofModels.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\percsas2i.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\percsas3i.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\pnpxinternetgatewaydevices.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnge001.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms002.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms003.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms004.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms005.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms007.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms008.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms010.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms011.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms012.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms013.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms014.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\qd3x64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rawsilo.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rdcameradriver.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rdlsbuscbs.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rdpidd.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rdvgwddmdx11.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\remoteposdrv.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rndiscmp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rspndr.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rt640x64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rtux64w10.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rtvdevx64.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rtwlanu_oldIC.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\scmvolume.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\scrawpdo.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\scsidev.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\scunknown.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\sdbus.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\SDFLauncher.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\sensorsalsdriver.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\SensorsHidClassDriver.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\sensorsservicedriver.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\sisraid2.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\sisraid4.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\SmartSAMD.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\smrdisk.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\smrvolume.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\stexstor.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\sti.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\storfwupdate.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\tape.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\termkbd.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\tpmvsc.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\transfercable.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\tsprint.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\tsusbhubfilter.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ts_generic.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ts_wpdmtp.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\uicciso.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\uiccspb.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\unknown.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\UsbccidDriver.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\usbncm.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\usbnet.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\usbvideo.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\vca.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\virtualdisplayadapter.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\volsnap.PNF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\vrd.PNF

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\4b3415.msi

Enables driver privileges

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

Process token adjusted: Load Driver

Enables security privileges

Source: C:\Windows\System32\svchost.exe

Process token adjusted: Security

Source: classification engine

Classification label: sus32.spyw.evad.winMSI@33/708@7/21

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files\Palo Alto Networks

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe

File created: C:\Users\user\AppData\Local\Palo Alto Networks\

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Mutant created: NULL
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\GP_InstanceChecker_user
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6568:120:WilError_03

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF955B425E2344DFB2.TMP

Source: C:\Windows\System32\msiexec.exe

File read: C:\Windows\win.ini

Source: C:\Windows\System32\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\GlobalProtect64.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe" -commit
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe" -commit
Source: unknown	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "1" "C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.inf" "9" "4473c0673" "0000000000000158" "WinSta0\Default" "000000000000016C" "208" "C:\Program Files\Palo Alto Networks\GlobalProtect"
Source: unknown	Process created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe"
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe" fromGPS
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknown	Process created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-383 --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3384.3808.9035140351402317242
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x140,0x170,0x7fffebae8e88,0x7fffebae8e98,0x7fffebae8ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1776 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2856 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=3016 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1742409843635632 --launch-time-ticks=5027663235 --mojo-platform-channel-handle=3216 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=MojoIpcz /prefetch:1
Source: unknown	Process created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "1" "C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.inf" "9" "4473c0673" "0000000000000158" "WinSta0\Default" "000000000000016C" "208" "C:\Program Files\Palo Alto Networks\GlobalProtect"
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-383 --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3384.3808.9035140351402317242
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x140,0x170,0x7fffebae8e88,0x7fffebae8e98,0x7fffebae8ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1776 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2856 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=3016 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1742409843635632 --launch-time-ticks=5027663235 --mojo-platform-channel-handle=3216 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=MojoIpcz /prefetch:1

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: dwmapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: oleacc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: riched20.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: usp10.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msls31.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: psvctrl.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: userenv.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wininet.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: powrprof.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: msimg32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: oledlg.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netapi32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: secur32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: version.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: cryptui.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: msi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: pdh.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: oleacc.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: winmm.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netutils.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dsrole.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: samcli.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dpapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: umpdc.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: devobj.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: spinf.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: devrtl.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: drvstore.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netsetupshim.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netsetupapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netsetupengine.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: spfileq.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: textshaping.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wldp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: cabinet.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: tcpipcfg.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: moshost.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mapsbtsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mosstorage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mapconfiguration.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: aphostservice.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: networkhelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userdataplatformhelperutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: syncutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mccspal.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vaultcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dmcfgutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dmcmnutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dmxmlhelputils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: inproclogger.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.networking.connectivity.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: synccontroller.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: aphostclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: accountaccessor.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: systemeventsbrokerclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userdatalanguageutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mccsengineshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cemapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userdatatypehelperutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: phoneutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: storsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fltlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bcd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: storageusage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpnpmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wlidsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: clipc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gamestreamingext.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msauserext.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: tbs.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptngc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptnet.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: elscore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: elstrans.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netsetupsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netsetupengine.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: implatsetup.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netsetupengine.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: implatsetup.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: spinf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: drvstore.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: mpclient.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: secur32.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: version.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: gpapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: amsi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: profapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: wscapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: netutils.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: slc.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: sppc.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: psvctrl.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: userenv.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wininet.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: powrprof.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: msimg32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: version.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: oledlg.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netapi32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: secur32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: cryptui.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: msi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: pdh.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: oleacc.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: winmm.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netutils.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dsrole.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: samcli.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dpapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: umpdc.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: winsta.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: amsi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: profapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: devobj.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: devrtl.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: spinf.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: drvstore.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: spfileq.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wldp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: cabinet.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: samlib.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wscapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netprofm.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: npmproxy.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netprofm.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: npmproxy.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netprofm.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: npmproxy.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netprofm.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: npmproxy.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netprofm.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: npmproxy.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: userenv.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: netapi32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: cryptui.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: winbio.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: wininet.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: powrprof.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: ncrypt.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: webview2loader.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: msimg32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: oledlg.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: secur32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: winscard.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: dwmapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: oleacc.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: winmm.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: netutils.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: samcli.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: devobj.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: umpdc.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: ntasn1.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: profapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: wldp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: textshaping.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: version.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: propsys.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: edputil.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: napinsp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: pnrpnsp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: wshbth.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: nlaapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: winrnr.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: winsta.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: dhcpcsvc.dll

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B035261-40F9-11D1-AAEC-00805FC1270E}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_JAPANESE.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_SPANISH.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bmp00001.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaresource.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedInternal.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Lato-Regular.ttf
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_GERMAN.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.inf
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.cat
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHip.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_busy.ico
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.inf
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bitmap1.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPSupport.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.cat
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.ico
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\license.cfg
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PsvCtrl.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\WdfCoinstaller01011.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.sys
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_32.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedNone.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\uninstall.ico
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_64.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedFail.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaheap.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE_TRADITIONAL.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gp-public.pem
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwalocal.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.sys
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bitmap2.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\close1.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwautils.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Connecting.avi
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanVcrediChecker.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\WebView2Loader.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_FRENCH.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanMSAgent.ico
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\app.sig
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\DEM64.msi
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\res
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\res\help.chm
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\message.bin
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_ok.ico
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Lato-Semibold.ttf
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaapi.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_ok_msg.ico
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanSupport.ico
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\res\Panw-Logo.png
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Decimal-Medium-Pro.otf
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Connected.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd64.cat
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bmp00003.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Connecting.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\close2.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\close3.bmp
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_stop.ico
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\debug_drv.log
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanProxyAgent.log
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pan_gp_event.log

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D6DDD103-F4D3-4123-A9A2-E61CFE9FBCD0}

Source: GlobalProtect64.msi

Static PE information: certificate valid

Source: GlobalProtect64.msi

Static file information: File size 66515456 > 1048576

Persistence and Installation Behavior

Creates files in the system32 config directory

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Palo Alto Networks\
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Palo Alto Networks\GlobalProtect\

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanV2CredProv.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE_TRADITIONAL.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanVcrediChecker.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PsvCtrl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_GERMAN.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwautils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\WebView2Loader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaheap.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_32.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\WdfCoinstaller01011.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanPlapProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.sys	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_FRENCH.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwalocal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaapi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_JAPANESE.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHip.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.sys	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanPlapApp.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaresource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanCredProv.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_SPANISH.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPSupport.exe	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanV2CredProv.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanPlapApp.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanPlapProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanCredProv.dll	Jump to dropped file

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

File created: C:\Windows\INF\setupapi.app.log

Boot Survival

Creates or modifies windows services

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PanGpd

Modifies existing windows services

Source: C:\Windows\System32\svchost.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage

Stores files to the Windows start menu directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks\GlobalProtect
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks\GlobalProtect\GlobalProtect.lnk
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks\GlobalProtect\PanGPSupport.lnk

Source: C:\Windows\System32\msiexec.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GlobalProtect
Source: C:\Windows\System32\msiexec.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GlobalProtect

Hooking and other Techniques for Hiding and Protection

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanGPS
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Contains capabilities to detect virtual machines

Source: C:\Windows\System32\svchost.exe

File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\PanV2CredProv.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE_TRADITIONAL.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanVcrediChecker.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\libwautils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_GERMAN.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\WebView2Loader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaheap.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_32.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\WdfCoinstaller01011.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\PanPlapProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.sys	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_FRENCH.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\libwalocal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaapi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHip.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_JAPANESE.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\PanPlapApp.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.sys	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaresource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\PanCredProv.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPSupport.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_SPANISH.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\svchost.exe TID: 428	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe TID: 5956	Thread sleep count: 81 > 30
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe TID: 2116	Thread sleep time: -30000s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Queries keyboard layouts

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe

Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\Windows\System32 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Cache\Cache_Data FullSizeInformation

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Local Storage\leveldb\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Local Storage\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

Memory allocated: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe base: 1762FA60000 protect: page read and write

Writes to foreign memory regions

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Memory written: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe base: 1762FA60000
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Memory written: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe base: 73FE94E2D8

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe" -commit
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x140,0x170,0x7fffebae8e88,0x7fffebae8e98,0x7fffebae8ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1776 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2856 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=3016 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1742409843635632 --launch-time-ticks=5027663235 --mojo-platform-channel-handle=3216 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=MojoIpcz /prefetch:1

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-383 --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=mojoipcz --mojo-named-platform-channel-pipe=3384.3808.9035140351402317242
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview\crashpad" --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x140,0x170,0x7fffebae8e88,0x7fffebae8e98,0x7fffebae8ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1776 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=mojoipcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2856 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=mojoipcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=3016 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=mojoipcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1742409843635632 --launch-time-ticks=5027663235 --mojo-platform-channel-handle=3216 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-383 --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=mojoipcz --mojo-named-platform-channel-pipe=3384.3808.9035140351402317242
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview\crashpad" --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x140,0x170,0x7fffebae8e88,0x7fffebae8e98,0x7fffebae8ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1776 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=mojoipcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2856 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=mojoipcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=3016 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=mojoipcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-383 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1742409843635632 --launch-time-ticks=5027663235 --mojo-platform-channel-handle=3216 --field-trial-handle=1780,i,13562698424550181503,3014916588442710952,262144 --enable-features=mojoipcz /prefetch:1

Language, Device and Operating System Detection

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{85384807-c270-594a-be16-957143f816d2}\pangpd64.cat VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C: VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C: VolumeInformation
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Queries volume information: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Queries volume information: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\PanGPA.log VolumeInformation

Source: C:\Windows\System32\drvinst.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Changes security center settings (notifications, updates, antivirus, firewall)

Source: C:\Windows\System32\svchost.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION

Stealing of Sensitive Information

Modifies the DNS server

Source: C:\Windows\System32\svchost.exe

Registry value created:

Domain

Country

Flag

ASN

ASN Name

Malicious

8.8.8.8

dns.google

United States

15169

GOOGLEUS

false

142.250.80.46

clients.l.google.com

United States

15169

GOOGLEUS

false

162.159.61.3

chrome.cloudflare-dns.com

United States

13335

CLOUDFLARENETUS

false

1.1.1.1

unknown

Australia

13335

CLOUDFLARENETUS

false

184.31.69.3

unknown

United States

20940

AKAMAI-ASN1EU

false

40.126.24.83

unknown

United States

8075

MICROSOFT-CORP-MSN-AS-BLOCKUS

false

104.117.182.8

unknown

United States

20940

AKAMAI-ASN1EU

false

13.107.42.16

unknown

United States

8068

MICROSOFT-CORP-MSN-AS-BLOCKUS

false

172.64.41.3

unknown

United States

13335

CLOUDFLARENETUS

false

17.253.97.203

unknown

United States

6185

APPLE-AUSTINUS

false

127.0.0.1

Name

Active

bg.microsoft.map.fastly.net

199.232.214.172

true

chrome.cloudflare-dns.com

162.159.61.3

true

clients.l.google.com

142.250.80.46

true

pki-goog.l.google.com

142.251.40.195

true

dns.google

8.8.8.8

true

clients3.google.com

unknown

c.pki.goog

unknown

Name

Malicious

Antivirus Detection

Reputation

http://clients3.google.com/generate_204

false

Avira URL Cloud: safe

unknown

https://8.8.8.8/global-protect/prelogin.esp?kerberos-support=yes&tmp=tmp&clientVer=4100&host-id=9e146be9-c76a-4720-bcdb-53011b87bd06&clientos=Windows&os-version=Microsoft+Windows+10+Pro+%2c+64-bit&ipv6-support=yes&default-browser=-10&cas-support=yes&data=eyJjYXNfZW1iZWRkZWRfYnJvd3NlciI6InllcyJ9

false

Avira URL Cloud: safe

unknown

https://chrome.cloudflare-dns.com/dns-query

false

high

Name	Type	MD5	SHA1	SHA256
C:\Config.Msi\4b3414.rbs	data	FF28607A9956FB335992119B83DD5738	B3609B6C07457CCBFB9FE30CFA1A0B1D5B5DD2E6	0ED5BE86148BA53147BF331F9ED2440FE703BAD21D1C6B32876C6F4D835AE619
C:\Program Files\Palo Alto Networks\GlobalProtect\Connected.bmp	PC bitmap, Windows 3.x format, 106 x 112 x 24, image size 35842, resolution 5668 x 5668 px/m, cbSize 35896, bits offset 54	9ADB0FBD8A5A08422AFFF58D27B5DFB5	57E3084A8CB347679AB21B901D3E281BB6759325	5827D6F83617DAE8FA63963C318F36BAA978E66C532A5EF34FC38FA6E7AB99EC
C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedFail.bmp	PC bitmap, Windows 3.x format, 106 x 112 x 24, image size 35842, resolution 5668 x 5668 px/m, cbSize 35896, bits offset 54	FAB748173122877AFF2FFE9BB46C5515	88AE0759F4858C08BC24FA9D21439F0A272A536E	12F12EAAC7630DA461D5532B7F7C06E13F615C7B8542C0A9FAC31696A59F1F17
C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedInternal.bmp	PC bitmap, Windows 3.x format, 106 x 112 x 24, image size 35842, resolution 5668 x 5668 px/m, cbSize 35896, bits offset 54	619F1B08AA639F872325BACC337C07B9	B4164EE2619E14CB450F2DB6AAD5F9D805DA3010	C16E81075EA202363D6870FB0F2BB7BDF7006AC46EEE554C9C6A6B242EBE28F2
C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedNone.bmp	PC bitmap, Windows 3.x format, 106 x 112 x 24, image size 35842, resolution 5668 x 5668 px/m, cbSize 35896, bits offset 54	8772D53AAE99B7CE8E2D764D9E39E8A6	5982EB1F521F47FF3A04D3611A04620EB02DD57E	9FB7DD4B421EF3EF199BE518031AD615F488EE4C44177B471B068C6053D18BAB
C:\Program Files\Palo Alto Networks\GlobalProtect\Connecting.avi	RIFF (little-endian) data, AVI, 88 x 88, 10.00 fps, video:	73D63A2508E2DFFC0AD80010FE97A47A	CB6F2F4D77DF3CA95B0E64DF7A67DC19B3471121	8F8C4EFB5F546E71A6928627B07FDB7FCD9FAC1AB8CCC7EB6C0CA7D16C52C1E4
C:\Program Files\Palo Alto Networks\GlobalProtect\Connecting.bmp	PC bitmap, Windows 3.x format, 83 x 83 x 24, image size 20916, cbSize 20970, bits offset 54	F5BF14AC5EEC10973A49C4E78225910E	79D8DF686F52FE5D2464D771BC003D4406ECD5E2	D9A94BCDA2A5B2E90DDD97494E361C27B68ACB18D9AEF2267F1F774CF8C35FDD
C:\Program Files\Palo Alto Networks\GlobalProtect\DEM64.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {F9DDF353-9E3A-4895-8363-68BBB8975543}, Number of Words: 2, Subject: Access Experience, Author: Palo Alto Networks, Name of Creating Application: Access Experience, Template: x64;1033, Comments: Installs the services required for the Palo Alto Networks' Access Experience., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200	C86935C1387D036155663CB74DAD53D6	8B00E951D3036409C165CF5B7FDD08D4AFF3A9B9	43932B3E084870B7C25EAEFB5547BDDC463973066F655699BCCC84A0251B9A6D
C:\Program Files\Palo Alto Networks\GlobalProtect\Decimal-Medium-Pro.otf	OpenType font data	A754D31D11186B8F1370B8382ACB1118	36955F22EB4CD9CB9C8820418B59B808DECB5275	A8AD7F4D6E1FFB353CC1BB5AB32C4B0D5C9F75451A21A0D374EFEBCA745B8B5D
C:\Program Files\Palo Alto Networks\GlobalProtect\Lato-Regular.ttf	TrueType Font data, 16 tables, 1st "GPOS", 30 names, Macintosh, Copyright (c) 2011-2015 by tyPoland Lukasz Dziedzic (http://www.typoland.com/) with Reserved Fon	3B9B99039CC0A98DD50C3CBFAC57CCB2	F59F9E4F3CBEE981A5E6F58A279F9B9613F22599	6F6940BE0835C3DDEC9199E5FC42BE4CBC61EBCFD58C623FDF719366253F1780
C:\Program Files\Palo Alto Networks\GlobalProtect\Lato-Semibold.ttf	TrueType Font data, 16 tables, 1st "GPOS", 34 names, Macintosh, Copyright (c) 2011-2015 by tyPoland Lukasz Dziedzic (http://www.typoland.com/) with Reserved Fon	3C6CFB1AEBD888A0EB4C8FBA94140FA6	96569E2CFCC3A298BB1AEA21103D0D1E3C7E2ED4	2DC5D31E2CF1E29F3430EB2DFA1BA9911E08EE401B61DD12F40E0ACB047A17A3
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	PE32+ executable (GUI) x86-64, for MS Windows	3C775994C268B795CC9367BB967E34CA	4778DDAAFA9A98E15232C5B289EF07A5ADF8B404	850BC8D40D61D0CDF54F5A739F64665CFCEB9F4395B042F699A92A67466E7045
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	B9272CBEDEAA100A55E5002DC0301C6F	8349D7352840CD594A37ACD601607A37EEF4A715	A8A3B7400D8A3C66B856FE2F30F6BA4AB7595DEF8453D2D1564B5822CBBB07BA
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F58D33545D9A484850713078AD9895E9	35E2406F05F85368FF89374E4201090291C176C7	0EDF6874B10609B874C6A76AF50D7FF7E2749CC873A7D9A3E805BE0FBC9D84C1
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE_TRADITIONAL.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	D1DA97D0881BE9AE8CDC4FAF2F64EBB1	52B7B6F47CA32934FF1D0B500137C31A0DDFC379	A6120A3E55CDEFC55BBE78BCB23BE5EDDA0B5A4F1C1934ED6B76464BEA2A2B6E
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_FRENCH.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	4D2942CC587142D31BE63B6AC4782C43	219A027CD9A93D8BACE4DBFCBE1207406F4F55FA	8EC73128AF6ACA1217A0795F19569D2DBF89B252FD9C325AEBC46CB1E082E03D
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_GERMAN.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	6F99DF3409C59B6E0FB1B977BA959210	819F3AE24C5C4877877714B1B729CE5444DD8687	F45B6F3010748AF4211C671335C2377F4242271234C330B9BD93D62F16E8BF6B
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_JAPANESE.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	CAE3AADE99B76E3166D8640496A02BE0	25DF56A72BBCF88CE75FB3AC5989D4E66874A606	CD4E4693DADA4D9CCB83D6436F64E6F63CAF299DB50EE5F63B6F0A1859A9D683
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_SPANISH.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	9B949DD5DA866AB39C2BBF89A13E4AEB	76B7DF591415224FA3164956E7ABC9CE192BFD8D	29B7D1A76C8B9E55559B07953B79B21869B12B607E398DB311813B6811F9EB87
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	PE32+ executable (GUI) x86-64, for MS Windows	E815CF46FB6D9350E84F65283E133FD9	9CD0C1A3B5544C19872397911B58CA5B6432F9D4	A04E262BCB2EDA1AC01D19D4E7C2C6E9DEEFEABC60A047C444E161C9ECC77001
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log	data	05316C0ED666EA63499E46452B27129C	1BDE6BC17C406ED34BDFA0FFACAD1AE16AE8A1A9	7D1F1453DB946F38BFC865593389468CD4FFF207517374324B5E1BDF3453D4F4
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPSupport.exe	PE32+ executable (GUI) x86-64, for MS Windows	830C5BD34632C6D29BF0369B60E78A44	FBF1AC6674575606DE077BE0FE7ADBCCFB3F3AD9	4120C1DD35062396DB166903159DC934BAC6E4651780F0DE8392C8CDBA9B630F
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHip.exe	PE32+ executable (GUI) x86-64, for MS Windows	B7CC9265B08D4C9CF85D9F3DBFFDFDB7	8639386A89A64B82885F6367CF892ABCC8ADB4B0	422680711AE66B84903266C740596BB672F796D13D4CDD8F92AF8DF2425FEED3
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe	PE32+ executable (GUI) x86-64, for MS Windows	8B1B3734B30673BAA1FEBCB861B67295	281F108DED472EF040498FA747CE1DE04D668048	E2575848359450C6040485893174A78C063F99ADFA33D2BF12A91313376FA5AA
C:\Program Files\Palo Alto Networks\GlobalProtect\PanMSAgent.ico	MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel	2FBC3DDD9597EA3C6A621CC3832CEACD	69A53CEAB84D786D30FDF38BFFC8862873CE6CD8	FCB8A6C4CEC48D4B67C504C32A0964AB570705CAD1E627C90BA800349BEFCFF1
C:\Program Files\Palo Alto Networks\GlobalProtect\PanSupport.ico	MS Windows icon resource - 5 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 96x96, 32 bits/pixel	4ABE455BAD5FFFFA43741DEBBCBD07E5	C66B072E967EBAFF3B7F6F9A96C41602F5E75CE9	2E47D2B23A1954EDA142FDE7012F2D9F68DD92FC358F90A099A1C03A20BFF7D8
C:\Program Files\Palo Alto Networks\GlobalProtect\PanVcrediChecker.exe	PE32+ executable (console) x86-64, for MS Windows	BBF274B31BC2D6A33A671321BA54810C	3A6800C6C02D35FED8C3A125420B261F511C77E8	99C69086AD05EDAD93A8678606672C5736D536C212BB32379E58A7A046D7E580
C:\Program Files\Palo Alto Networks\GlobalProtect\PsvCtrl.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	6E0629C79F7083FF0C2C25F47E0D8CDE	FFC8016280694B78721BCD7B2F71A7EA77836D68	DEE45735AC66D3674CA41BE56ED7855C00F574D7584836DE36053DF1A9B19603
C:\Program Files\Palo Alto Networks\GlobalProtect\WdfCoinstaller01011.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	B7B997EEAE8FD59A0566F9875D38782F	39EB78FD8A27B574E0C26EB07DC77F66D8EC7650	F3C2024FB36DD8F56213E568918C6FEC41D133AAD79A2BA8A47B190D6348AA02
C:\Program Files\Palo Alto Networks\GlobalProtect\WebView2Loader.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	A811DC19F3F87E30A3B41B23A4D4095F	3166B82C20060EA0FFCB653E574E86F6BF81D2EE	96690E989A8EEE97D93DA058A91EA2A98F715DEDD15E3B255852BC1724CA2BB0
C:\Program Files\Palo Alto Networks\GlobalProtect\app.sig	data	CDF4A83343DB142BCE26F8975E7439CE	1D64CB41F50D23F288DDC7121B4E880DD54809A1	C370EA5555A3C9E374AB8655CAFDAD593D00498A2A1EB28581BCA6D6AC2C1E85
C:\Program Files\Palo Alto Networks\GlobalProtect\bitmap1.bmp	PC bitmap, Windows 3.x format, 10 x 9 x 4, image size 72, 16 important colors, cbSize 190, bits offset 118	20CD4FE4ED54D9529F198B7984E79EE2	C09067019768C47F675CC8794CBB2E5475CC4BEC	3D8FCA9479647B5676AEE59D91E8B5FE939EA0F07C0C53F30A7B0BD93C75A7B3
C:\Program Files\Palo Alto Networks\GlobalProtect\bitmap2.bmp	PC bitmap, Windows 3.x format, 10 x 9 x 4, image size 72, 16 important colors, cbSize 190, bits offset 118	7B12BDCE40352F5835B47A97F60B6C7B	281966975816DB21B38991EB7A1FDD10DF26950E	18A6A8E7452DD319587EFD4A48206D7D6CECC0DA22FBD92354211A52F499E6A0
C:\Program Files\Palo Alto Networks\GlobalProtect\bmp00001.bmp	PC bitmap, Windows 3.x format, 10 x 10 x 4, image size 80, 16 important colors, cbSize 198, bits offset 118	11A6FC5112B16C750CE9C435B9D9ECDA	30EC46FE5B5EF72BD3318714E1F2BD950E561325	F9EA18599390E773A66A1B7351DBA4E9ED912405B706EB5938B1E53B38A50157
C:\Program Files\Palo Alto Networks\GlobalProtect\close1.bmp	PC bitmap, Windows 3.x format, 10 x 9 x 4, image size 72, 16 important colors, cbSize 190, bits offset 118	12378638D5D9629DF029B8680F66F623	A9AC4D707781A6BBA1D9890F2BE6981CD51FA4BF	BAE5470B6825A087B88449D189152807D32DAEDCE5C6D4C4724D4AC60A31E1CC
C:\Program Files\Palo Alto Networks\GlobalProtect\close2.bmp	PC bitmap, Windows 3.x format, 10 x 9 x 4, image size 72, 16 important colors, cbSize 190, bits offset 118	6C08943777106D71DBAD1C57832F7BD6	726CAE4D66D7470BFAEAB7D7A9756813B0ACD542	654B7A31ED9A0A532BC3851427BACA56BF98B803A34CEED715F7A9C66285378D
C:\Program Files\Palo Alto Networks\GlobalProtect\debug_drv.log	ASCII text, with CRLF line terminators	8E0519174110C560DA7AD8116D7ABB87	E1C4DCBAF1E0A2B0209686F1B060C14A4052693B	903001CA3E27CEEFD27B8C07B5ED07EF0BD18B51E09A8C27154C3999B465A1BA
C:\Program Files\Palo Alto Networks\GlobalProtect\gp-public.pem	ASCII text, with CRLF line terminators	6DED4854DDDD18195CFCEB8C662B6CD3	DB84197303D4F2DB05FDBA9BB8CAF74F948C4E8D	FB427E41239C2EEF0AF65F958280910E151229C4BF514F15E77C0963F449D61E
C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.cat	data	0FF3F46C852A8809AC12AF4AF492D833	B93073ACB1DB35A4DE9475AEDE68766EFB3A4E77	99A812D309E6B40F75BAF27FACC44880AD4A04F65D9731CDA2F94CAADE530510
C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.inf	Windows setup INFormation	083330FA0340784145012D1210630F6D	5C9F3DCB0F3CA0050124A372527EDB5CA5EF42CC	C6D158F7747DA61EB40A21BDAC1EF3DFC852806F6080306E191F29F55749109A
C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.sys	PE32+ executable (native) x86-64, for MS Windows	D9B1F383AD60E687B7A8347241683C50	293FE84008105EFF5AB9ED1D0338EEA32138A3D5	8E438A6E3C6FFE966644E02691CF15D1FAABC522AEF8BA1D6E969A4FB0B650EA
C:\Program Files\Palo Alto Networks\GlobalProtect\libwaapi.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	98E05F30B856E880453418A67DAB6740	EFA381338AEE5A0FAA4A4BD6CD80DC104938FC74	25081B547184615E9E9E4E79F18D09135BA15C0C23F0B0E2BA45B87403A6AE04
C:\Program Files\Palo Alto Networks\GlobalProtect\libwaheap.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	92CCC4179E359E9CCAD1130948D64330	829ABBBE9E56BF0DB696A95744F2E4E1D5EF8C0E	0BEDB14AFDD123A59743B51B7A1AAB8AD46110F73C280C58A5869B22A7D788F9
C:\Program Files\Palo Alto Networks\GlobalProtect\libwalocal.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	951778E5CC38970B1CDF6B9169C641A5	C7A5624F24ABF4890735751DCF560FC857F37767	864166F27ABA6FB7149C57FB5EEB8569459D211A9A4E055D032CF0F16C628E95
C:\Program Files\Palo Alto Networks\GlobalProtect\libwaresource.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	738DCAC532DE76944843D91633A5133A	A062B74368781A6BF035E5738D446E43162300E7	5DE59EAFAF1B243BE786F48304BD0A1718CC265C474C5A80BBCEA87EB759C0C1
C:\Program Files\Palo Alto Networks\GlobalProtect\libwautils.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	C359466310A578FA11D16AD05F4774B1	6D628FE726A48DC27C8728C968728EB73FD85A84	FAD827890CC73A50B639085E2EAC05EDC0DC135E3FC8BAACD9C42C6EE4A3AD47
C:\Program Files\Palo Alto Networks\GlobalProtect\license.cfg	JSON data	68C9C3FED0718775973952E8EA2BDF82	1F6A66A905EEDA7C8450202B301741B4649C69FB	28B72358D00A0380F22A5C60F7C8AF6B9D62DA3F2C419FBFDA809A7226C39C15
C:\Program Files\Palo Alto Networks\GlobalProtect\message.bin	data	F8EC09BB868234B6C54F57B8832B18BB	DA7F565A7CFF893B843AC5813905E44A705D566E	B19BE90FBF748C975097D125CE980CEA67AA36DF1088205612813DCAC1829AB5
C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.cat	data	A17145CED05A0C6F38AB3C0425701732	4EF64B143BBE05FBBE0D053B80088C0BBAF1FFE9	BB0FF85E3D7E8B12EBAEAEB2EE77CAA702E5439718609C1D62074D6F594E3CF9
C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.inf	Windows setup INFormation	FC97A101113D88276C58400BBA7AAF77	814D0C9FBDEE6B3DABA6D18389536FDE536D3B2D	20B44F3859A6FF1B7C644FC90CED4E7AB37CCF5CB50EC21D59A92906932A4842
C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.sys	PE32+ executable (native) x86-64, for MS Windows	6CA91596CFAE2079BA66BFBB099F41E6	12729569CA22D782630E988C56A6472D8CFB96AA	9CC08F70555E3958E1676FBA56B12D482EF961F8FDBBA9E69DB7A44F3B007A02
C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd64.cat	data	6F4E74E781E6BCF142DD838CFEBB41C7	F4943F6168827C6E6E5CB4F9E7D34B35398D66C9	F6F9275BE2DA16360F7498DD1B4631F9B19FFF816D8A025B0146C20572B1A1EA
C:\Program Files\Palo Alto Networks\GlobalProtect\res\Panw-Logo.png	PNG image data, 497 x 69, 8-bit/color RGBA, non-interlaced	FB91B28E8398A4ECDA31A0AAFFEB2B82	F5D7F15476CBC090DB457C52069BBF77C013EC07	304E8284FC9DFDB620216A10E76C7FF7EC1025E10B49D26A1E0B81C4881ECA9E
C:\Program Files\Palo Alto Networks\GlobalProtect\res\help.chm	MS Windows HtmlHelp Data	530E871CA76D7DAF1BCEAF6A3F91CA2A	87554907394F32689BAD4AE02362EF58DF726C5E	D17AAD0639FA874F2C9AE69D5DA43A237BB162A2397B20ACA813B13421756137
C:\Program Files\Palo Alto Networks\GlobalProtect\tray_busy.ico	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	5E3A3BD61AB39532B1BFB045066F6ABF	063E92D47F1E2C7381916336736E557EAC49C88E	DE96FF2264AF2B47289AD255FA68B2790433298916231226B4B83D3DE6D859A5
C:\Program Files\Palo Alto Networks\GlobalProtect\tray_ok.ico	MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel	5CE27F3AE8EBE259AB7C07E5B3FCDBFF	9C47C6D079C807AC2BDED50FEF226F1D00F13FEE	FBF8BFD212ADF90ED0B77A9F925EA1A54048E4E30F85D7B33FBEA016066507AC
C:\Program Files\Palo Alto Networks\GlobalProtect\tray_ok_msg.ico	MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel	73EAC94B0F95147466F346156AD520F5	DE51716E7E17686DA59C1BCA9AE40517A89B91BD	91F2C66868A593185BEB0284A602AF85B098C576ED0190B6D25BFFA7B538BDD1
C:\Program Files\Palo Alto Networks\GlobalProtect\tray_stop.ico	MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel	98D1ED97265CD2F09211A006F896D145	11CCAB22535BDD2EE25DA99F536C4B52A06B66F1	97A5443C3FA89AF6A971E42CBDBFA6280EC79624AC942E2580F21519F34F1CB0
C:\Program Files\Palo Alto Networks\GlobalProtect\uninstall.ico	MS Windows icon resource - 12 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel	BB92CF1770EE4753DE901FFFB459B10C	1792E3C335B123317643561AEE8BAE0EA4FCC99A	46F7E20DDD21BAC0C45B01F0DB1C5458FFDA24CA61F9D03B874DBFC3A2DBE41B
C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_32.exe	PE32 executable (console) Intel 80386, for MS Windows	FBF3F390C34BCBED6BEADDB22DA21925	F25A4655C55F46FE4A8AD453CA1CDAE4490B0132	8A0186470697C903944F194AD4C7B6A5F1062AB420F3CF33CC53305ACD10F6D3
C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_64.exe	PE32+ executable (console) x86-64, for MS Windows	B484EC47569E3F315AD7087F69D2B230	60A77774FCFF9AD4F77A3559BB27BA14DB932956	7FE717EDDAD5176E525C3B5A66711A8121D7A09D61178A9DE99FF0EA03648962
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks\GlobalProtect\GlobalProtect.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide	629E0D130A7D1AF06014A8F4E6F04B07	1EE22B36682B22D3A0F5BA93E4147B84DCA9C1A3	9E0062564489549284BC95BBF832117699B697F10C801C23B256376377069290
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks\GlobalProtect\PanGPSupport.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide	78F04E9C2476BAACCFDE7A2B6F2DF219	0E2ED162BD2F7A004E1C1851736A559F041713FD	EE6D869CC035A8CF9B08C2C77213FE0C97B2F951D34040B4C84188BC4900B504
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\174cf785-513b-4a57-9933-689fe8430efc.tmp	JSON data	24D021D19F1728DF01CF4EAFCA48936D	92873BC3EC2F2484B4314CF6321202FE1CCFB5E9	F511230B44D5D00794D750E44A120462B8E2E3761384C9B775881BD5DCD2EB60
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\467f3eef-bbaa-45fe-b2f1-15dcfd637152.tmp	JSON data	3BE824F1646FF18BD33A497E5F018523	C6E551D9AF40CD5DBED80A80885C1CD5E9876F6C	F74AFBB6BE279F86C05878EF31F8909517883FA23C8561B254CF1FC19FFE7182
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\55526641-4f1f-476b-9dda-bf598e92fa9f.tmp	JSON data	564331D9E6ECC4F04196A32AD039BFAC	2025E9D1673105A67B7C43030705096CDFE234B0	5851A32F36873FBF2748B194DC361E4B05889EB7B062242E45B328F3DF092ED0
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\75dd55e6-d9c9-4734-864f-940b4c1902b5.tmp	JSON data	2880A5752F025466690EFBFD761ACEC4	67949B50CC669D2FCD2C63BE1AF9A4E9D4D4DB5D	6EC499FF508E20C751BFF846EE00B7431E57B06F017E1E3EAA619580C493D9B9
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Crashpad\settings.dat	data	E7EAF2694DE299E793707B0673C732DF	8A2FE25D6F38B8F5DB3F713E5AC44C08F44AA4F9	BEB0E8030E3B1C26F01B8956DAD17D3A6D0DA82AB3622E9D79EEA8604ECDEEE8
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Crashpad\throttle_store.dat	ASCII text	9E4E94633B73F4A7680240A0FFD6CD2C	E68E02453CE22736169A56FDB59043D33668368F	41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Cache\Cache_Data\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	174C571402E8FD55CAF160436EBE90EA	A54D7B7BA263B5970FCC5DC52F958E5804F371DE	AC1F559ADF62FB291A35088F915EA8897934C44C55531A463B24753D274BFB48
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\js\index-dir\temp-index	data	20642A27F35D9915613E33FFBC55ECB8	1654BAFF00FE9CCF52844924ABA48BFE0FEC2F94	645982AE57FF0AF3C4A7A3AA5AC153A1EB841693627FA338D96D84CBD84C9962
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\js\index-dir\the-real-index (copy)	data	20642A27F35D9915613E33FFBC55ECB8	1654BAFF00FE9CCF52844924ABA48BFE0FEC2F94	645982AE57FF0AF3C4A7A3AA5AC153A1EB841693627FA338D96D84CBD84C9962
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\wasm\index	data	54CB446F628B2EA4A5BCE5769910512E	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\wasm\index-dir\temp-index	data	25B6684AB88E6101081E27118C8A1C86	28F43452F3CC700C5598DAF455268C2CD44389B5	AABE8440E27402DC9EF8B89320F22C29C9A06AFD8A806D31BCDAB72019742A2F
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\wasm\index-dir\the-real-index (copy)	data	25B6684AB88E6101081E27118C8A1C86	28F43452F3CC700C5598DAF455268C2CD44389B5	AABE8440E27402DC9EF8B89320F22C29C9A06AFD8A806D31BCDAB72019742A2F
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\DawnCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\DawnCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	23D3E34EC27E839A31796CCB9E9374CF	A92BC9FBCC3E7BAB5D6A417A3B6B34D1414B3F7D	C4C84BA67048427332381433BB2529F02CA186D76C9B77AC6A07B761A490442C
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension State\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension State\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\GPUCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	88C76DFE2E466433B90699C826B6708A	2DBA30549D0FDE309FAE8D654CC334F6F4B8F298	51CEFDB4BC3C6AEA4483610CEF63D6476743FD56DED490DAE100A9CD6C8AE228
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\8e81e3d5-24fb-45c7-a682-183a5a72813f.tmp	JSON data	2800881C775077E1C4B6E06BF4676DE4	2873631068C8B3B9495638C865915BE822442C8B	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\Network Persistent State (copy)	JSON data	2800881C775077E1C4B6E06BF4676DE4	2873631068C8B3B9495638C865915BE822442C8B	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\SCT Auditing Pending Reports (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\SCT Auditing Pending Reports~RF4cb61f.TMP (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\Sdch Dictionaries (copy)	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\b17308c2-5e68-40f3-bfa5-c5117b6dd9a8.tmp	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\d1613901-539b-4119-9c71-208dd225433f.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Preferences (copy)	JSON data	04B577AE5F65295C46DE0179E7357A42	98C9172653B15F42A8ACD3779CDD61B4A26CB323	C4ED46E13E1C79BAC7D941EE71B86E65116223BE0F50D8F2FFEC0495EF19FE10
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\README	ASCII text, with no line terminators	643E00B0186AA80523F8A6BED550A925	EC4056125D6F1A8890FFE01BFFC973C2F6ABD115	A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Secure Preferences (copy)	JSON data	CFFC43E73E3EFA543EEA615B0ACE24B5	263A7FB1FCFE904A3E88E8CA57BF0D5CE4C62617	ED5E5F9B7C4776E792005200843339492C286BFE5DFDBBCED0D3A7BDA43EFB11
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\d46801f9-0d96-4de0-ba0d-68f52007ea66.tmp	JSON data	CFFC43E73E3EFA543EEA615B0ACE24B5	263A7FB1FCFE904A3E88E8CA57BF0D5CE4C62617	ED5E5F9B7C4776E792005200843339492C286BFE5DFDBBCED0D3A7BDA43EFB11
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\fd96f9cd-1b8b-4f20-8755-1d325fdfba70.tmp	JSON data	04B577AE5F65295C46DE0179E7357A42	98C9172653B15F42A8ACD3779CDD61B4A26CB323	C4ED46E13E1C79BAC7D941EE71B86E65116223BE0F50D8F2FFEC0495EF19FE10
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GrShaderCache\data_0	data	03A4C045451282E6C87326D1748B6938	45FC6CCAA722F7B8754D061C7E4E8BF7D918DD1F	898A6B05644529D3657B40E94281DE897566887F0C9C0A94ADEE96B11AB3DB58
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GrShaderCache\data_1	data	DF32B76291FABE73A8DE5BB236BAEA67	20F4DC3DB5BCF133B65259FD3DD06A1DDA4D99F7	38427B9073011D5B132B4DE9DEAB42933E154177184B3E4B1D1A71801DD333C6
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GrShaderCache\data_3	data	A6550A8C16229AE3A7D23D7306E850A7	A2CE905BC651102EF12BFC939800488965156C2C	60461F5F844B1343860CE595E590B0E174EB304B82A4FFB78B52B2277AE736AA
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GrShaderCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	1C6436E6B75901CA6567F491537CD95D	AB7A7A2F402F2092FFDE169856B30D2A9E3E0E01	185C334BF4309DBAC16508F4F48840E54D83C5755DF35AF23A56526ED9842DCE
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GraphiteDawnCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GraphiteDawnCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GraphiteDawnCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	49023424ACA430DDE23C14A513E27130	65ABD8B9B574F299D9CBA7CA34FED6E045DEAC88	12FDDF1B6E58509B871B57E7258E86846EDE59CB551938DDF9AFA679591D8EAC
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Last Version	ASCII text, with no line terminators	BF16C04B916ACE92DB941EBB1AF3CB18	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Local State (copy)	JSON data	564331D9E6ECC4F04196A32AD039BFAC	2025E9D1673105A67B7C43030705096CDFE234B0	5851A32F36873FBF2748B194DC361E4B05889EB7B062242E45B328F3DF092ED0
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Local State~RF4cb40c.TMP (copy)	JSON data	564331D9E6ECC4F04196A32AD039BFAC	2025E9D1673105A67B7C43030705096CDFE234B0	5851A32F36873FBF2748B194DC361E4B05889EB7B062242E45B328F3DF092ED0
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Local State~RF4cb43b.TMP (copy)	JSON data	564331D9E6ECC4F04196A32AD039BFAC	2025E9D1673105A67B7C43030705096CDFE234B0	5851A32F36873FBF2748B194DC361E4B05889EB7B062242E45B328F3DF092ED0
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Local State~RF4cdb3b.TMP (copy)	JSON data	564331D9E6ECC4F04196A32AD039BFAC	2025E9D1673105A67B7C43030705096CDFE234B0	5851A32F36873FBF2748B194DC361E4B05889EB7B062242E45B328F3DF092ED0
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\ShaderCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\ShaderCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	C362E1A42894D9BF091F55C0F7B2DB4E	EA6EAD2CA3A9D0352DDDF40B766934AB076C8016	55319068F73D560BEA42B7A0703BEE314F592FAD717A05E0B83825E28EDD78A5
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Variations	JSON data	961E3604F228B0D10541EBF921500C86	6E00570D9F78D9CFEBE67D4DA5EFE546543949A7	F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\PanGPA.log	ASCII text, with very long lines (1152), with CRLF, CR line terminators	FD83180E11F556664F785FE18E1BBB09	8EE0CE2EB3BAEA5B7FAC9D51997937BFD747A8EA	23BCC8B8C3EF85AE62A197CF8A480476BBAE0601A52CCC9333A886BC483C43B8
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\ServerCert.pan	data	161927ADE3C080A611BE965C8D3020CF	2A72518B6EAFD1102438C954C6B739EFAAF04212	72D159C6D777650E4812151D2B1CDB0844BC878978006F07719FD4EA0937A9CF
C:\Windows\INF\3ware.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b58 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A074AFD85D1918B365BCBF9B3C8110B9	24F647BEB7F6ACAE6B927E63F56E18196684B30D	FA5D190407D84612BC115F1AE3BD65DF30CED706B659BDE622E58AF1808F34D5
C:\Windows\INF\61883.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x18f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	44C1FCB728F7C6ED672754475E9BC885	E97162E5B093B2FF34CAF4F93F972762E16F3E68	F6689AB2FB65E3DF76B2B79F4607756B273307F68989782834D352EA2DCCC0CB
C:\Windows\INF\BthLCPen.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	EF714FE92CB71E8D24512583E8121C39	D9B55D46360BE101F6DFDFA3D5DCC1FA1EE89BD5	3F33D77EFED8B6E7588DBEB6D85D1A0A09CB1FF1566304E6C92D68BA015100FD
C:\Windows\INF\BthOob.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10b8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2C4EF93F261A2143264951DB9F70CDE4	10E791549CF65490E333B81ACCFCEA8B8DB50661	2D61A8E8BE2C65B97906B1B08B3540ACFBD6A17BB1C6A0EC0021376D29396FBD
C:\Windows\INF\PerceptionSimulationHeadset.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b68 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BEA2966AE50C72BB6CA97AC1B841823F	D2DFE7BC1891D16A6434D5ECE70FCB9FAB98C737	9E6B7E332973213C4C564C8DB12B5E0F4D1579DCFE8B8E9EE3061FD7EC7847E4
C:\Windows\INF\PerceptionSimulationSixDof.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1fa8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BDCC9F5A4EEE21946EF4639635778445	92B5BF51B1569F9267F1E3BAB5B03994AB4F6A5F	DBB8E0E0E26AF82C7FAF9DC722D731FB7B45F8322BAC3BF52E753CB40C147F2D
C:\Windows\INF\PerceptionSimulationSixDofModels.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1968 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	96B8754027EC9F60391072BB071108BB	AEAC9E506F13A809E07FC7F3232342796C8BC292	DD562DD95F6A7DBA4B101EDA4E76F0AB2C0039736BF70DF81628C0D417AE0F6A
C:\Windows\INF\SDFLauncher.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2EF30B7857D667420227D0D303A3B234	312D85ACDC64BFD2249F7C0F7D28CA8375E07562	7E35474387E5096EA2C34BCAE42748AABA7038E2B5357BDC4526C5B4C789B8D0
C:\Windows\INF\SensorsHidClassDriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4b48 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0C4FA7023F55C3896E25FBF1FE1B7468	BEFFF349BB3821D155BC72BD9459E01D58EC6B30	03422ADD50EF0DC89C635C65D0DBC5CB8104979923D80EC486DB16FA154E360D
C:\Windows\INF\SmartSAMD.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2400 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3E07E38A74569CDCA14F8589018557A5	4B8E9624CA92533BF4DD63032574E1FE78C6A69F	948372FED78DE0846ACF20CC59EBCA211B9C08EEF90FAB1793B3166B623C0B72
C:\Windows\INF\UsbccidDriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2d80 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	63FC5D60C74E5541CF702C75304EF6EF	B21D0CFF88295B7B4BEF9842FA975F7EFE367187	3D55041609DD13A81F05856B8967FF7D1175A09D56757E518D127A3AAF7281C2
C:\Windows\INF\acxhdaudiop.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x94d0 "Signature", at 0x68 WinDirPath, LanguageID 809	12F7FE12DEBA235AF61C9C87EE056C4C	42922490DCAF5AB0B6A75CFDFA7DF03789649BC0	810027B1C0B6B3672C7F9DF6CCD4F5A1ECEBDA503D3454695CF78838AB4D31AF
C:\Windows\INF\adp80xx.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5138 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	58EA231A0DA660D73F4EB42A73F8AB9B	4AF5DDE49F1B421EA09771FD8A4777C07A49BC6E	97418477EF87981C210760A1AC4F402FBACDFF45E06B06B0571D97D9F838DB6C
C:\Windows\INF\amdsata.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2500 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3EF2CB2D7E9B8CE2BFACCD217E024900	461DC30949BAF78C9AD3A152E769323154016E9C	010BBB80E836944C6E3BC2C9FE0CD832BB58EF6AA5131301DB67BE076474B201
C:\Windows\INF\amdsbs.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1f20 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FCD5AE961D0A54A2544C133331A5961C	1E05C993E561317853101B9B72B1DA521DACF822	F5BFD522E0F5626B2FAF158065519672DB746437E8DF0D0F44BB638CABDAC3B7
C:\Windows\INF\athw8x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x191e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	EE66243F82B15DC872746036D47181A8	B4F8A1243FF714DA4866D6D90702F03DF736C37E	30BAC8CFF12946D7A1A9632B37F945077DB239B8AE4C5B621040198AB8C15265
C:\Windows\INF\avc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1d08 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	69E90213E73BF2C1AD78483138C7C520	4B35391E4BDCF0E2862373B4946C569C7AC1A8C9	A1235F35C4E0F2D396FA11905013C068E064DA6644C5B6B28C192E7795EC12D7
C:\Windows\INF\b57nd60a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2da58 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	686606CB62D9A7F32B92538CC1B652C3	11DC9E3BABE6182A70917AB8005C57FC0F3B1AA8	EAA2FFE3FD24D7E184349E175E5C0F8100944316B9452E8527DE76C0F5A2B305
C:\Windows\INF\battery.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1528 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	180423B58A2DC8A71464307B011DF2E8	67C1BFBA947DBF3D456298E3274F960D777B577C	198227ADB40510693E0C5FDF221545AEC0BF53432BF529D08D815B7E0C10F3D4
C:\Windows\INF\bcmdhd64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6718 "Signature", at 0x68 WinDirPath, LanguageID 809	84EFED246B3FA8F96DCC6D979BDDF3A5	CBF8B6AC6E7B450B9A6C3C68AAAF5EF4857AC4A4	36C845B2B87A1A5C47EE1F238DA280E2E0038E289A7DB575032E471546CF7F04
C:\Windows\INF\bcmwdidhdpcie.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x54e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	22FBB9E12703F86A97F25A4840B6EE75	6AC96A7F2A776A4889E3C4264A7343CBA72BA253	1DEF3D8AEF4A00F5F81D312B7B4E5ABA42DEA2CD089FB96F8F487F4CC7433F81
C:\Windows\INF\bda.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1fa0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C969A89FC6552B70AA92990F7E6E0D12	EE27ACC3E86E43256EF8CCE760993630C470D42F	9D3BB34986F5EEC8AE5C68EB8B2722A0C54E9C36CB16D5F93A9453233BC32F62
C:\Windows\INF\btampm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4F00E1AFA8EC376DB90010AF17A75DE8	DACAAEE7A239F848AD5444D0307128BC7AE675E0	926085F8FB62D731B4D918021BD06BA36A0BB6941E9B27A4DD92426DD77E4A70
C:\Windows\INF\bthmtpenum.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a40 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FF191CC050A312AC9145830BC22A47F6	AF1F87F7C6340C3458D56227B54597C7DC4B12F0	DD68E4B1FCC9D9EADF0A33FA6F42706531BEEF06651E1E1B9A6611F346B436FC
C:\Windows\INF\bthpan.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1e30 "Provider", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C1632294A8F61B49397BB1255CCA0D69	8C43F3B50A3EED3E5FA98236EB56F4E5D4E51A8E	B9BB8716C48DF77C0737CA38678BDA1B791CC2783435ECC9F6EA8CFB68B0908A
C:\Windows\INF\bthprint.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1600 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	15F60316958A0E08F5E264F9607D9283	DAE3191D170A8B1C6D3F95E63946E409AD299880	403115256728F385160541ACC9C4C37091D5674271573B547AF843BB461F9605
C:\Windows\INF\bthspp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6693AC7A535E57BF020B83BFC629009E	E8EB82BB46E4CD5BD51049B8E852EB928993D408	434F56DEF20A9701467ED108AA3F30E8B0DC71500309933CAB0A196FAD379CFD
C:\Windows\INF\c_1394.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe18 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	166EDC7B89AE725FFF2894A04C08DBA3	445B78815713D8BBE3D31F4AF05B076CDAA1E6A1	492BA6CCF0DB4362EAF331B310435F9AFAB453A4C65A3DCEA8F0EF0C7B6FC717
C:\Windows\INF\c_61883.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DAD8DF15136F0ABC69EF190EFCC81D7C	C28278C2D61D7542126BC2CCAD8E287F8DE22ED4	31CEEC5AAC26DC3C0F5989CD7E458E7ADDF57BDCFA76F6E75CDFDAC0185D1916
C:\Windows\INF\c_apo.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1418 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6F57FA0B1482A499FA01A93CFAB33E28	B4EA177EB7C8D6D3BDDD15933B927F2F17B9FCD1	F97701E741BC2AA067E08191D690423145053FE5A71005CDA79EAD99699BE0C5
C:\Windows\INF\c_avc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd90 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	CDBFD18D45A5427873C31CABEB3EB502	620200F7CC0C327A8CDE1D47669C2ECD5BE900EF	2BE137A067D3C66BA8C0F14BB07A1986EB9E47CE11E7023F64857868F6C85265
C:\Windows\INF\c_barcodescanner.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C585E760F01F21D92D62333FA665D8F7	CFEC32B1A981D4E69F527FA56708C1179AEFDE74	95A2A04762AA9BF23E19A4FB5AA8987B7674FC770868785A04A1862F5779D145
C:\Windows\INF\c_battery.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6805E246573CBB24D9BA93123C89129A	59007E89B3170CE0D40EA47691219B0362731856	9AC7F8F63D5481BC71E73136DEF92BDDECE7CBE479928BAF07FB4A780E8DE801
C:\Windows\INF\c_biometric.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xda0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	11B1532518F99B0C3DA388E98E09173C	7F5A0C0866ABAE2C7EB082A7D79D987F9C640DA4	C68EECD309A0548360F6C6EC42A99DCD5285869C3DF0EE1ED706615CA025C614
C:\Windows\INF\c_bluetooth.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe00 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D4CA38550FABDA12D23D8E712F50CDBA	35DEEB7A6CE3CFC9CABBA2BF31F5400D7E129C99	E07ED2D0A4D336CE91B3F63E98E716847B6713F0E17B89927F6870611884733E
C:\Windows\INF\c_camera.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1728 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	B5F9A59E21AAD40AFFE39E15F4ADE4EE	AC1C3B7A589A7564EB38C393FF2A51E00293E5B5	6313B6F2D37EE53A3FFEAD8E0F5FFB1728A4AFB05B2E5BFE5D972B627CE7A088
C:\Windows\INF\c_cashdrawer.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4B1109A983CD32F2F1EC34E36AE9B00F	37C2775AD59B2112F591748E4F9F78F55434D304	09216D721D551CA30C1A90ACF0B39630D7AA2F9F09407C1E73D2754064C7F0B2
C:\Windows\INF\c_cdrom.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1118 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	ABA99991B457CAA2250C12FDE0597451	9BE97D4F0AD7CC0C82648028295E76EF5D72E002	E623187760891BD42D54C7CF2091EAAD0BFE6C9EB274CBD9544D1785B23F3EF9
C:\Windows\INF\c_computeaccelerator.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	452CBF4C97920DEC2BF007E20EC1872B	04A9ACFB302F0B85000E121225F16A973302B979	34FD10177EED5DC4CC649C843CCC70E369AD848729E6A3A36F2AB376B0B4EF88
C:\Windows\INF\c_computer.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdc0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3346D891AC5498F2915C4B8A60FBA619	2F75B9D7053D3D7784FE8E7441619A39001BDA31	759DE8893DB284FC66F686E518A6E28CC29E2C93B5216B79ACD2818E1FD1A6A4
C:\Windows\INF\c_diskdrive.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1248 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	D8D032D65791EFD0F31DEDDF8750933B	36EDD9A5AE808DE95AB94214C3FA5E7BCE707CFE	96A0EED916C0DA320488D91D3AAA6E5789B4503EA8FC25EB92CD6479A91BC6B5
C:\Windows\INF\c_display.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15b8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	40527DAA7BE387F139DCC20C09677F00	EACCE2076A3B9890E84BE32FB15D79E092A208B1	F756C1A56198201E17B703EBC4529B4F7399B42D9D3C603CA3E91269A9128728
C:\Windows\INF\c_dot4.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd68 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	39ADA069B1427B62300F7363B55E81B6	5DA4CCC83EB2876A34C1D9AF9F939A38259E36E3	A64A714423CAD08D80D3B0BD688B5F74D44C2D83410ED4337C7BB7FA893853E1
C:\Windows\INF\c_dot4print.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd70 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7718043FC0E10311C90ACD7C505B9FE6	2C9B9DB2C1530DC47153428A5D9EE0EED34BC67A	80040FB175E55D80C3DA88781675EA1C5733F31AEEBC58680E09B03D2A597B6F
C:\Windows\INF\c_extension.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	24EDB7E76A0FF3BE1F813599211D16DB	007429EA58E8DAF2CB3B3F9504BEDC0548D2255A	154F7B632EF9A7B09878E356E0D5AE669854FF330206EE656AE464380AF17C25
C:\Windows\INF\c_fdc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe80 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	33AA9297BB30B923D67F64E31BDACB11	D98246814C78FFC1453249C1AB36E1B1D74D212A	12DEB32394C29A8C2EE429977DA4481919562895F427BDDD51383E621A687F53
C:\Windows\INF\c_firmware.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15a8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	2E9D5110F1CB5CB6A38A11734F8AE2C1	286590CA2CB31872B34BBD9019B36A5918F97C4C	FD1F125AC16E1B2C0A6B253651E1232AB1C0EF7CB6ACE51AEEEF35C4667443D0
C:\Windows\INF\c_floppydisk.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5656FDBB9785DA9CA318A2A2CA227650	32BA65F4469F64E1A0BB676D97E6F92ABD4D203E	1322511C9608F550EA80703DA2AA477361B20DE14ACA39C7C240A99AA1EF6D64
C:\Windows\INF\c_fsactivitymonitor.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DCDFDA9EF1ECC2F644D03A0A49CBDFB8	E2E8EAC427797034143691ACD74A052A2A1827C0	9A4FAB7CD2D0364856E847E83325C6E369FA92262A88039216655904AACD5A56
C:\Windows\INF\c_fsantivirus.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdc0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0D8B72113985EA6D48EB6183B0D42D40	32D6B53A09B5A39A308A9575340B7E7091173DF7	1303205FACC3BABE070F4DE0BECCD10EA1B5893A159B25029BB7E134B37A9252
C:\Windows\INF\c_fscfsmetadataserver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	42CDD5D4E0284F3BA9194B55B3485681	14E757D8684424306D11C34261A5D3319DF268A1	AF88273FDA9FECB1B07CE6C288A57D8A3C13E6E42A6739BF6ED74A9B1B8ED9BA
C:\Windows\INF\c_fscompression.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdc8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C380865E06CAD9485982A26C5FCF0CB8	8A0DC484CB64B20E938D1379CD2E4EA624492EFF	A2075CE299AD7D29CB8EAFDB2E46D2D768BD1D00E93BAE00101EAA7B0F8588A1
C:\Windows\INF\c_fscontentscreener.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7D241DA905C72DFF15FF2F69D5A453AD	04001DF38BDFC8B3C2DB8260AFAF9976F5A04D13	800D5E0B2084C978BF1FA9C3907FFF031E0612CC2F98E750A6824CE4CEC387F9
C:\Windows\INF\c_fscontinuousbackup.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FA379E7D3BA1388DFA4D1619D0121705	C5FC5D433D3BC3B3D3297ABAE1B498408DDC5491	49F7BA5DB4D5A0E8D0985898FE4761BFCD08E975F0B2A15BEAE9F16C095BCCB5
C:\Windows\INF\c_fscopyprotection.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	15AF6DBF07524C32C469851D60C9ADF5	A93D220E58D4E39C5F16005B9C7CAF42FB6E839A	6305FB756F6A77015E18F1A8C389ADD4A7342859C34DAC463413769E0D0E0BFB
C:\Windows\INF\c_fsencryption.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdd0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7EACA7EF41BFF8EA9DFD59914D2BC51F	89838CBD07B5DC4CBD99C45E9DF66CD2E9010F37	D8C88C627B170A3EAFF155E6FDE9CE8C821837B22FE9B48B061C9B5C36B5DD13
C:\Windows\INF\c_fshsm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xda8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5FEA2136FE92A2E32064A5EABE1D94D5	BD50B566957E958DE52C1FA7D5998894AC73093E	6AC729595BC3FF719FCEF881A8400E6E3B066CB28651151D75CFA55915CC78C1
C:\Windows\INF\c_fsinfrastructure.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdd8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D8A28DE47D97F7EFBB36FCA1259F86D4	37EE2EA987E486187C13A1DD3227976EEEE6D804	0E4B5D8C2F817901CF0A01D324BB85F0678C7ABE320721EAFF6698C73ED63F72
C:\Windows\INF\c_fsopenfilebackup.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdd8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F2CC6A8103329333665D70969A584867	690EACD14178D2AEC69816F0B48DBA5B457C2023	0295E11E2AEE6770C3B1A2462765BA4680CD9F3D6E952300F260870F40A8AC41
C:\Windows\INF\c_fsphysicalquotamgmt.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe00 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A30F66DBFAF134B634F6E8CDF6F566B3	CC981136AB40B8EACB08A29A1E4FD6760CE476BC	1353A6FBF4118AC5CA3AA2671C12094D650571EDA6814405BE0BF697EA5ECF12
C:\Windows\INF\c_fsquotamgmt.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdd8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DC7736971A11E7051553140B3D19076D	5F99B1BD335C5C5A67B1EBF50B51EA0DC875F727	EFF772F18BC2E06F84653770454A4D6CA15D2AD8C5F49254F84A354B19F119BC
C:\Windows\INF\c_fsreplication.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdc8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6B80E6EB4E204FA527BB84D095B1CE04	1F3D0ECE2CF7989A03E36020CF1E7F3053B04875	572ABBF2BC52A30297E1D0DBF3A54FB9BA6338BCAD363E0763C93998D1F9C426
C:\Windows\INF\c_fssecurityenhancer.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	744A21F4FF93048E26E4CC9985B2E04D	FEE862591B79E56872D11B44987FFB5B4FFAAAF7	C83907B90CFE7832F599C919CE834EC1229EC13E748163CDEC26F8F2F68C595D
C:\Windows\INF\c_fssystem.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdc8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	ECFB3951055EE670EB26E1A570E2217A	48BDB04B979A2B16291FD75D5ECB5504BE033EDD	9A74DD64F222FD9C457BE50B2CB35B341393EF52910905C1900CB09D513A99DA
C:\Windows\INF\c_fssystemrecovery.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	27E9F95DE4648F1DC04A923A41AFD1AB	FF786452AE9A58956C83137F17D549BE1CAB7D27	0C3AA340912440954000E6544D75C8E75332BF2271E749D221D96FE948452EB9
C:\Windows\INF\c_fsundelete.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdc8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A1E061936E5E389F12AFB23C979950D4	4F83176F10043CA1B0A862E854A00C6B84FDD75D	A218E7F2789A7BE7537BDD4899F8850D4D2A5352D1D1AD0B9171C18AB179771E
C:\Windows\INF\c_fsvirtualization.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdd8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	41531D7EED7DB06D49EBD0CD88CC58F4	E9A3FC3146C87A78A411CB80934DB7E71421D6F6	499232519DE4656BC0CBAE7A2D8FEA80571D00F324DA930FE9BC1D8E963605EC
C:\Windows\INF\c_hdc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1308 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C9C656771B9A4AACA91DF8530F628481	0EDA7E60AA10A3583EC7F3A09AA2BE1C49E2F4F2	CFD7F94926E4B857BD26E0BF262ECE774A0C3032983D64684ECFD3A7D46679AF
C:\Windows\INF\c_hidclass.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe38 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	60C631BDD676EC288B85D966C1A83C4E	706087D2503C443056D04D761FA03A268EB629BF	7D9BF4974061098DA256933CDB097D645617FC8CD0FECBC6E2C001680DE660DF
C:\Windows\INF\c_holographic.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1390 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6B1D36040DE090D2DCE0ECB6C4A7999D	D35D01BD6B62322D55F9D63DFA4B2A50FAB4488A	0101D916E2FA454E235A3BBF0C744B2BF9C33FCAE66CD1427F8C51DE5C4F3A0B
C:\Windows\INF\c_image.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1800 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D99F03340AEDE2EF846E41F59E17EA1A	D246B987BD4774D0CCDB1F5FCCC563BE1A8977EF	EE0312C2CD2A06BE432DF72CE5D7375902BA320ADF8C9F4012BC90DBCFC766AC
C:\Windows\INF\c_infrared.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	CC3261E46584A7A80E59CCCA0F2D2A0F	958EF942EB2447304B44B80516D922FA4E412523	2884159168DEC4ADD24B30F1DBC8D5305635C3EA367CECC8A21469F446F1C4AF
C:\Windows\INF\c_keyboard.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe90 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	76513513A720461FBD387604DE66EF3D	B09FE4B012D5C544C17086E216FBDB378457EDD8	BF2062C4B07F862714615144A4FFBC3EE827E323BF800E8AA38AFB68B842270A
C:\Windows\INF\c_legacydriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2BCB61BBB9B503983C6D4FD2BA4C5B88	91B6D23E91BEBA11F6ACD9F0FB40BA52A3D08133	E4E40067E0F4A7FAE834A76C4CACC209E2266B12F32678EA84547D379286F2E5
C:\Windows\INF\c_linedisplay.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc38 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	41503503E2ECC015138EF144BFFF94DF	B8EC47EEB703703858A0A9DAC9F1FFB6569F1F6E	7356C0A1467E8C2339A600CBAC04C58F80F4771BF988F41C8DA80208E4F95D6A
C:\Windows\INF\c_magneticstripereader.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc20 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	465D8269EE2FEDC082F2053E326488F9	4732FE35538633C72618EB59E4F10B1D248D2372	6FBFC635372D4CE13C4B5176F99B1135028BA4078D4C12A8C8CD296B6B491FAA
C:\Windows\INF\c_mcx.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xda0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D1A4FD7971E764394AD853BE99F76759	D1B73CE7C407DF80ED7673A6A3C48601079C4CDE	E8587479AE66E7036CE5DADB991124B212FD1AE9DC69A62ED1DB7FA2D6C8C95C
C:\Windows\INF\c_media.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2108 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	887AADE3BC8B1005EC1B8C198702E8D3	49979DF5CB250E9276C948EFDC618D26F30FA914	29927C1555CE9D92131406F12CAA4DBB1812484BE49E80BAC0D65E7AFB5C91BF
C:\Windows\INF\c_mediumchanger.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xee0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9F0207B2950AFB77E85547419EA89776	49D955519B45345C34270FCEF6ECF38D2CF6E0FE	9A1874752139381505E079343C7FDA19B5BE605CE655E150996A51DCC125126E
C:\Windows\INF\c_memory.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E45850D9C54B54A12211D90ACCBCEB50	7D62F60EFACAF8D5E2C59DEC3719D184229F8AB2	39CECCC297F42238E30E4BFF79FD0D825C58E77FB7B515E3FD5F1EA0970AA7C0
C:\Windows\INF\c_modem.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F71700ED8B4D2B40E4C33A3B7F96870D	09A88EC53BCA447187465AE6F93F2F15E0CF3F9B	9943117386D38993EFB3D65AD117E6D146E52E8C574E84DD29161E8768635F90
C:\Windows\INF\c_monitor.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1318 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	336D8FFC89A739983485468DBF5B6248	66A88364D1BFED4A3C92B9B2BCB1C5B882DFBA71	A3FAB1EC6CC3730C642392CAF609B7B5C483F145B93108E9965024B653F0162C
C:\Windows\INF\c_mouse.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xec8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7B307FF239FD034B923CEB154F7176EE	4186B45E9C097CD142F9020AB6F451C9AFECC910	7816F87E5D92F51E504AEFAB8EE1F677426531BBE9717588ECEFC6DEFBADF1B1
C:\Windows\INF\c_mtd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd68 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	395CCC93125D8FD85D968E7C8B0416B9	9F0B7F9CF52803157F0EA92C7856F0B20274AFEE	CCECADA8277FF352A251336C94AAC132BDFE93A2B8971ED410937591E90C4943
C:\Windows\INF\c_multifunction.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xda8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E06CFED03132EC6A78E801DE65D50FAE	883EF753C6E53AE25AB859EA8122A45722CA877C	8B120430BF9277F191366C419A05EF91803329BA4B17D5D5E7D564CC69774E66
C:\Windows\INF\c_multiportserial.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdb0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	12362EB744C8B25A31F4CC46E17F021E	0AF23D9E62F6E69497A27D19803BCC735446BA0E	991573E49A96470ECC8ADA55015A6816ED63463D21CA171867763BE847E54D86
C:\Windows\INF\c_net.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1550 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	7E3CB4866E31611876823DC36025BFA5	5E0AB5921D1E124267FA7F63F4E2C3FA6CB26CF5	62FC9546EB74E9BEAB6515ACE0256DB433A53249BEF406C5B859BD72B30FB5EB
C:\Windows\INF\c_netclient.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe18 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E7B605EA68EDE1C2574A5B41AE0FBACE	F34A8B78CD5633015944753AC7CB9F168BC5D177	DA420614C23A6434C243E3DDF461D153B420D70829F6A1E34FBCFF410437CEC8
C:\Windows\INF\c_netdriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8412E700FC3594AB5F6E3D43AACBF35A	77C40C695839EF796FF184EA6FAFCFF6A3D4C79F	15960D147F30C8ECF47570715FC1532501423C26B4E35D46F0238D580F6BFDE3
C:\Windows\INF\c_netservice.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe18 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FAC71670C936D5D374B976B8EF19BB79	D78F13BF2379AB8828FAFF14909600B9C9905E88	7D087AF913F56D7478FB04B906FFE15C03489DE4A57EFF6D24037DAB0FEA5A7A
C:\Windows\INF\c_nettrans.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xeb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C290A6B20E9F5B5744B448B2D4E4D772	90689168DCF391729445B0DB13498488C42205E7	708139D0341CFD2229977D4164AEEB05B4E81C61A671E62265280571989A9385
C:\Windows\INF\c_pcmcia.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	02FB93378D51E1D238F2166C34209B32	4CE8C38412FEAFF7E8C5149F6E48318B394C9538	D7FD01D02FBABF9872FBC73E78E5E9D1EE6F86A3E383EDDC5F70513909DA627F
C:\Windows\INF\c_pnpprinters.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdd8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6F3BE180D3C25535B5F2AF3B55FA60BA	C34BAE7D01FCDCB2409E83CB6317F8110D126144	D341AA85C7EACBEC5477A9C4A76937EFE689074AEA73BFAA39A734ACA2DA5360
C:\Windows\INF\c_ports.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdf0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DADE390B88E46486DC69562D5726D9F1	5C3383DABCBEC0458A674050F83158F95AC49D57	33C0FD9B00245D66201CCA854194DAAD14B8E009A296EF311669513A68AB227A
C:\Windows\INF\c_printer.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe58 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BEA7BE000F5813715D73CB7C61289713	36200CFD9AEF3BF75A9FD791FE31244616511C3F	488793A560BBF6BF2F714F7FC228BFDD9334948A71815D779391199C425E1E6E
C:\Windows\INF\c_processor.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfa0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	3B3968D49B13414DD922993ABF8FC312	F580FA47B2A19FBB7EF26EF70D53E3DE71F764AE	82C871B9ACF97532554F938D0FCD7023232AD79BCB801D05522D90632180A218
C:\Windows\INF\c_proximity.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1018 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	2A19D704FDF0893D8B84432CB967214D	E4E28BC4E4F668B5306A16A15496621DC982DC33	94DD4F7CBAAA8875E3BFA303B623D5625A31BED9BF4F12E169D5E7EEEDE0907F
C:\Windows\INF\c_receiptprinter.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc10 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	04E31C549DF0B9161344835720D43206	EF9C8FD82AFC3DD767B8AEE181D36C79ED233E82	24FDD4AFAE66DB80A4DE9F1408AC6E3F2EBA86E78606D91B6D84304BB31196CA
C:\Windows\INF\c_sbp2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd90 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5FCBAAB370BC2807C2D0050D91396F63	FCC9F60F5099D4A94B984D7A83B0D60240C19E55	641F27A583183CF8F42305503665D0D51D19A69506D9EB1F179376F520B8C7E3
C:\Windows\INF\c_scmdisk.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11b8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5E54BD1FBBEA401837E4B61F9533A225	196DC6CAD4C02412DEC271CEEB87263668925079	FF8D1A9C67FBBA9226DBE1FDD460FE6E6CDD2945EA7F1FEAA0FFE0FC30EE67DD
C:\Windows\INF\c_scmvolume.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3A62CD87E81CDDEB085347862AB58CC1	314F76D43C4946B756A0B6EAC569EACB9E022451	C616570297E83748C4B212EDAA3CE6820A040C08CE075CE95F820069341D610E
C:\Windows\INF\c_scsiadapter.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xee0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	380EFDF27B28990C29C3CEB2333AC761	1E921697A52FB5F024AC531BC57CE0A1E139527B	0F7064C251603A2A99106AA6A4C266DA46907FFA0FD7FD9B4B6F62E6016D08AC
C:\Windows\INF\c_sdhost.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	747D72AE06F93A87BB78B857E28F051F	E7B1BC6535A3128AFF74B5A3F79DB880D67524E7	FC4886C62245CA85E1DBF1B52DE7C8E59AC34D61A8100C1AD991BA87798B8F97
C:\Windows\INF\c_securitydevices.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xda8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6172F307D84D013556AE6744E02C7109	6BB79A128E53CE59FBAB07D91CC45976D2F1B6AB	7A4BAE9C037715FF9C06702F8FDF45B06B06F66E5898975C87EDA9D66F0850AD
C:\Windows\INF\c_sensor.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x24d0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	F44C0418E28AAB5C7428F8A2665ADC90	D6E05F2C5FECFBA01E5EEE2F1ED3DBC7DCBA55E8	E72F9E3B5C1B9DE26CF29AA2F104002D927C8777BACF87090B8C9F28D2BD2035
C:\Windows\INF\c_smartcard.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd70 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	EB3947A4D2258637F5552EDDBB89F0BD	BE7EEF5441F1C0A622BD2DC0916FEA19C6D2292B	E5F84C4607F2FC558B766DA1B0106033B7E142D018538FFC14C8CDC782FE1DF6
C:\Windows\INF\c_smartcardfilter.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdf0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4A5554C62251AD715B5EC7125E9C0DF7	70AF5AB2386D8554F15C2F0DA1F8B8B7DB85EB1E	EC9EEC1CA8315031A70574FD3105B8414653FA149C8AFBC9A5AF0780F1BD1A1E
C:\Windows\INF\c_smartcardreader.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe90 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E69431E1F029DD1EA1763FD55FFD4620	3336700C4EAD137F64DB5A5CBF1EB12EB927FAF1	D8187B3CD1724D586410DD1F37D82AB3120278CA82B0BE7F648915A82133144C
C:\Windows\INF\c_smrdisk.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11d0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DBF6437B34E2FFAFD7EF9F864A20C1BB	F531B7827441CEA0A24535C38B4759257CD9BB06	C02A63B3D3338368C6D6A02488037285FE69B0A62917ADBD7085FC89B6B1B506
C:\Windows\INF\c_smrvolume.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdc0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9F8CD4EB7C208834A354F8F23E388C8E	239FAA8368CB67D7E67EE31B161B2259144E606B	774CCADFC889545F4266DBD231F6B6CB8CA1EEC7F5177847AD32A4723FECF593
C:\Windows\INF\c_sslaccel.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C54CF8A9A4A37BAAEECDC34C2D0A0479	B7AA46520A4E60C2644A9C23FD2E61B782EDBE1C	C384842FE5B5D54EFA46F4A89B59E6005993F3D2DF8FBC555D3C066CD6301552
C:\Windows\INF\c_swcomponent.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x14b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	003413BBE6B7DD538FD6E8FB5E3445CE	597C3FD64A01708B46D72F7C3510CED4212541DB	671135A10948C87055D6CE64915F2FC2BEEC747AD4D727491AB5838EC581D4D4
C:\Windows\INF\c_system.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5A89ACC0DA034EB92ED0F3526DE14B89	499A047A38DEF8F071C6D0A2B3A7AEC583DB7FAA	0306A6A2718625A7D5F1CF203ECC11327B252A6AC34D99BAD46762AFE56B1D5D
C:\Windows\INF\c_tapedrive.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1388 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	538E674A9DCE90B9FD35C706B71B17F8	331DBBE01BA2B43107073A86555FC7F96B6D2020	9F63F12564F6D9CE78D1219340284C4F48778D8336AF9F2EDBC3C215E69C3215
C:\Windows\INF\c_ucm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd80 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3745A75544CCC2DD1BE483ABB99E9D3E	50B8CED5359326BBBB78CC4CD1EE387091A63D5F	B12E66ED3A6E0045B878C86FFB9DA0613CF5ED8848C9C90CE06A58B63C255E72
C:\Windows\INF\c_unknown.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe30 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	010A029DE1DB3F202698462503C35A33	6F4F15C9E1DB1526DC6FAA243901A798A6A3E688	41722429BA688CCA7BE680CDA7E3B0831A169B31CC40DCD70C84E2110393AEAD
C:\Windows\INF\c_usb.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BBEFDA4A0E4DEC64FFBEB55C541EDF5F	E56FDE58D16012CA0DD09C57E16ABB63C1E2D07B	171F9B011931516E0A19EE01F5A585B7750B348BF23280EA71C0D9AB2FF3A7EE
C:\Windows\INF\c_usbdevice.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1058 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D46803CE6F56C14B103528C5C1462875	13AAC493FFE9920C25A5A9BE550B81D30CC5AA0E	AFA491FDBDA7E3170810359A9C95985A6955301099494A0A729DDADD6AF5094E
C:\Windows\INF\c_usbfn.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdd0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	809A24AD0AD6005F29D755E6AFACF389	EE660C0CE96CCD420121FD571795DDB5A25585A5	824261510EA841FF5F5BC537416FCAFD6912F21D98AF4D1FBDF835CE6EB87ED3
C:\Windows\INF\c_volsnap.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe58 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A01E0AFC88B72324B66B3C96EBAC8C46	FC239CA07050FE5E2BB3532671D9A9D9A3394188	FB3811D8811D31B4C67FA29328F9974A8D315C4AB4811EA4F96030C9AE5C9FAE
C:\Windows\INF\c_volume.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	81D20503FBB231BD81DB257CD14032D5	CF62AE8FD2D999D174AC14094D9A7D4EA8B8DBAC	3074A0028F22A78AFDB24EA9D0F41A027F9A05FD8D5FAB0F3845DB87718EB665
C:\Windows\INF\c_wceusbs.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	28BB0BA872E938D7EDBF161DBA534DF0	E2CCFAFBA5A06FE49E0320DC098081D794E1C3C7	2902DEA7345A89DE0BF1FB6880F4A961339338E44B64AB46884F5AB5963F5292
C:\Windows\INF\c_wpd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe08 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5679DA3FC08A52559BF6002A8C1E5989	0BA3EAA14B0E69988DC0369D0ADB2D2DC2BCFC49	0C7D2A76A5A55DD88DAE5CDFA1F7E81F1681F70E9B28612BE1FC6EE4E6596FDD
C:\Windows\INF\cht4nulx64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd150 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1464503190A7F386768ED6FB2179FBD1	F4FE922CA4A111FECDA92F0E6184591B64A56179	E075E667CDB9B43DC75BD4EDA11F9CC6F6EC5C432F7962EDB75737D350A285E2
C:\Windows\INF\cht4sx64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2570 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B183A5A83FF9F2E314B552BC283008D6	CBE94A3975A930FF03A5D9B5550D725977A1B6E0	4C3610AB840B8CC7897E90652E7876F311CABC282EDB7214962CBAE515D111C2
C:\Windows\INF\dc1-controller.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2a30 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	54BECFA70B605FE45E14886576FFDD11	D085382599F2D44C81DC0CD951716BF7CB27A2C3	C845D477B22A98B68D5B88D2988E9F8D6121721B2AA1ACF1F15174F124813384
C:\Windows\INF\dc21x4vm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3328 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	07887F5E7300A47A20DBFADA4EE30AAF	2175C8E53564008B166E07DE23AD0AB29E03B1C9	C04E561B5AA3EC8AB7BF7103F4B0427F94E5E64BB9ABCE09703B118321AAB372
C:\Windows\INF\digitalmediadevice.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x14f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BE1321797546D9B830C32A55A12E7B87	DA95BE744999B099075843A1108406598971025F	268909B91ACB51C89882D07587923430DAAE9DB1C0944B5CF449A414E3C58841
C:\Windows\INF\displayoverride.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	04D897871EDA7B715FE74F029A0FEF37	D717FED724527B14AE0807B1E5531F7B5055E103	018073E13835568FD13580534FB959E2D82B7597DE7B549B1B1C74FBBD7A60E0
C:\Windows\INF\e2xw10x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4ad0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	09B2A795C97939966175D6FC7F2516FE	179C7F31F61331087A2E5C7444488721D1C22976	3B25639B7D416A093C320D3106CA53BE32230A167F8863B58C8E043DB357E767
C:\Windows\INF\eaphost.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1178 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D1019570F08B28FF0A9E845DD81CE7CF	7D3161B0B5669FC129E89269E32BE8ED57754622	74343593B908AACF062FBBDFA9532EDE11AF43C8075235F0B6BD66DDAB8A63C2
C:\Windows\INF\ehstorpwddrv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x23c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4DB149061AFA0F91477B06CD853217CA	BBF5E229E3FB3361F48B00CCE4FA2DC614303FBE	95B36DBAE061CC671F5D2FC1B1C6043ACCFE35D38A53E712AB5A5093288D3D8A
C:\Windows\INF\fidohid.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1098 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4434C015D25E94EFCCF59E7FBB2AFD12	2B6CCE2B9F9B4D28C5EBF6A78EC9FA86C801C473	38551073C81CE1EC7611AA86DA65D32DB374FAAE40F2E5146A2BF20BC1B3CCCA
C:\Windows\INF\fusionv2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	928607F6C8B525E08FC166A2896CD44E	7E69EDF86E79EC147FF0F9CB94C5D2CCD49B046D	B8B4553363FA32DD9A99D0308691FE68FAE35A32B2351F76D0BC2B59C027594B
C:\Windows\INF\gameport.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x26b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	85CEEC2E5471BB2E1E6FE3F0290F84A9	56A3F61E9987703C2BDC51F11649B7B00EFF75C5	F5CDCFCA109D0258C6A7F4A119375CCC9DD4D4F70982B93BA2025D25F7EE3C51
C:\Windows\INF\halextintclpiodma.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1780 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B2DEACD5382E68A6380E0978A4F3CDFB	A9149D8026C90A7310A8D002E0C40F8D4D0DF982	D372872E466894676F42FADDC86A81D7BD399A5B836867F511748AF6F6C09C83
C:\Windows\INF\halextpl080.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1358 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	95449B08F6D06BA3B3056FCC5AC8AAD6	4826DC4899B1F8124AEAF4C1F4932AA9D8977C52	04B1517AD342801410F265F5AB772A9927032ED5364D2DD99A499AF025BF4766
C:\Windows\INF\hdaudss.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3d28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0BE712866C8F177EE016011947CC25B7	644EDC91A728B40D678C5EEE2EA8EB6BAFEDBE81	01E09D0ADD13779B78A336D44DD044A3C1DDDED5582B61D80BCCBE3FC56893A8
C:\Windows\INF\mdm3com.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe460 "Signature", at 0x68 WinDirPath, LanguageID 809	134F3EB478FE520C561E6C92E1C04CE4	8BE3AA96883EA9C1695D135332E1DA202D54CA89	E2442EFD16C85898B8F662020213E282C5E375D421188E9506C881B76DE3882C
C:\Windows\INF\mdm5674a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x53d8 "Signature", at 0x68 WinDirPath, LanguageID 809	D7264A99DF79078FD5C7063C06234335	F8144AD02C6C4A00CF111A2643DC3CD09A8F11B5	FC695ABDAA18C753DFFD758BC1C0C42E74EC76C10769F04EF49B5184938F24EF
C:\Windows\INF\mdmadc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2540 "Signature", at 0x68 WinDirPath, LanguageID 809	3E7797988C9831A1A69DE01D18616FD8	7310FE2BD404395AF89BF7B8087DA5DDF082D314	6E61C52B05BDFFAF94E9D3D7186C3EE69FC7FF6C339FA30FFC78A5821CF6F1F4
C:\Windows\INF\mdmagm64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9108 "Signature", at 0x68 WinDirPath, LanguageID 809	45775053FCF8F03FF60F6A8EC9E6A516	4973380A0CC9E0A5DA2DCD68A86AC12294B558FE	A0DDC9F87C9F5B3D0FABF6E85FA8BFA543F6444195324958810A7EDDC441C44F
C:\Windows\INF\mdmags64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x171d8 "Signature", at 0x68 WinDirPath, LanguageID 809	3F6772449C5B4B73EB76D132BD1155B3	97BA0BADAB5956663997E90CC8E9408B4BA4BD87	B5EC9C3980828ED15C128F1CE54FAFB3FFAFFF13B76672961B262AA10138FD2A
C:\Windows\INF\mdmairte.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1950 "Signature", at 0x68 WinDirPath, LanguageID 809	77239AE3620C47C4F96A78AA2AE63AE8	E016273592027E8E4CD3C171B722C4827A32CDD3	CE7AFFAA7BECA335A63DDB1C704B3A02EE48958B05E191ED88B0336E9EF899FE
C:\Windows\INF\mdmaiwa.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x38e0 "Signature", at 0x68 WinDirPath, LanguageID 809	445B7F4FCECF8E570E9B185F84041968	FE7FFE5582772EFA5E150E8D1338EA918593960C	90C3768E2DC5C26BF98F03CFA2B8309CDFBD8147A9FC4C01FE54F5CE1EE1ABA1
C:\Windows\INF\mdmaiwa3.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2b80 "Signature", at 0x68 WinDirPath, LanguageID 809	0CF14447ADF2E4F41ECA27F70360289D	BD6A06231306AD291A5B8DFA15F60D5FDFA1138B	AD6D40048F2BDDA61E75DB8F598ABFEA1685BF38CE399C16C4CEB8866325346C
C:\Windows\INF\mdmaiwa4.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf7c0 "Signature", at 0x68 WinDirPath, LanguageID 809	A4A2453339A3EE077B765A0706A55D10	9456E27D77FB07B08F57C8CBF95BF6ED3F4940C1	0718E03713508D40A16897750130D67F24E0654F00A4F61491509EAD61D8ABE8
C:\Windows\INF\mdmaiwa5.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3f28 "Signature", at 0x68 WinDirPath, LanguageID 809	D89DBA6E955AABB229631ACE97A9EE67	1FF024D2E4ED717FA58457C4E714563B8559A21C	1F5F6E3B19F7F8FCFC4218AC8C7EE59BABE5690FD5A0576FF0B5C7D2BAE1620E
C:\Windows\INF\mdmaiwat.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1aa8 "Signature", at 0x68 WinDirPath, LanguageID 809	23EA3753DF0769DC14D98AB0BC0ECEF9	91299E977FFF3A109FE086975319FF05FAAD8F86	03475B6F38DC635F74955F473920D18596512B0EE14C206845E748D4B146A903
C:\Windows\INF\mdmar1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x29d0 "Signature", at 0x68 WinDirPath, LanguageID 809	0E76B77E000B3D93F360E5BAF72E556F	895940E52816F0FF464F84EE420EA851EA6F18A6	245C06EBBAE64FB15FF19F799C6D9A077B7215DBB534847C647CD0C59FAAC997
C:\Windows\INF\mdmarch.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6660 "Signature", at 0x68 WinDirPath, LanguageID 809	B2FE4CA67B83759085C7E6E5C355396A	A977FBD8A7A2039F63E96B2A61973F206E666D95	A70B324B6CC7867B9ACF9E97865149CFBF59EA1FAFF225A5BBE482EE93757160
C:\Windows\INF\mdmarn.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2ad8 "Signature", at 0x68 WinDirPath, LanguageID 809	CAE76B8BC44BE398FE832555A501B814	461DC10786F157A67B4321D86A75676CB39E5F7D	F354D9B58E3DA334F8C28EF3D4E06954F1418A33433C252354F16751614DF5A1
C:\Windows\INF\mdmati.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9ff0 "Signature", at 0x68 WinDirPath, LanguageID 809	A4DEA529786661F8615C6A31120A3C80	A56FDACAD18FAD1B09250284B2ADE4747250D1AF	603D1573B57E635B34C68892B7222EB37193D847C497DE15167BA156F9AED853
C:\Windows\INF\mdmatm2k.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x35a8 "Signature", at 0x68 WinDirPath, LanguageID 809	BE7FAAA792328F31383C303DC7B9C4F4	A9EFFE15D869066057765FDD2F34E01F76500C5A	D7D111B3C1C2930894F15081820D09659AEA2FAE411F3A8CAAD9A341BD6C74B6
C:\Windows\INF\mdmaus.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3048 "Signature", at 0x68 WinDirPath, LanguageID 809	FFC00A10CD65EB76F9A2C5F34B97B48D	F6F78B45CD4DB078C7557DDD11E28D4E2AE555CE	C793C3CC4E1205BE896BCF54E052354412A257AC9F50DD3A15DECB13EB1DD2D1
C:\Windows\INF\mdmboca.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6e88 "Signature", at 0x68 WinDirPath, LanguageID 809	2CC8844D12D58AAB863E057B346797B6	FBC193E58CDCDA306FAE3BCC9AB92BB3A5ED1A77	14A7FE3B6B14A10048C84389C404B82B4BCB671D37089DCCD326F9A15E8FF1D6
C:\Windows\INF\mdmbsb.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x37b0 "Signature", at 0x68 WinDirPath, LanguageID 809	61FC936D8612AF1BAFE317F05B9B94B6	F8DEAA64A79CAAF6B5B5ECE0E884DC967805932D	FECB72B46F413D48ADC451056E22095D53F19194C4C6693E21DC92674FFBCE46
C:\Windows\INF\mdmbug3.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1db0 "Signature", at 0x68 WinDirPath, LanguageID 809	A9B3BABA3363197AFAE5BB58D81B57D1	F4ED9F8087F01F8FBF452453AE62453A170A22B8	4A399F328F9A471EF86B2B3650E9EA4975D7D9186E99B1077E00A285500CCEC9
C:\Windows\INF\mdmbw561.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3c20 "Signature", at 0x68 WinDirPath, LanguageID 809	535762641B7C76E75F9D60A8B72FBEDE	A1636C078CB98E802D441D9C3D55A035E49CBF20	D7F5D92EC0C1EA4484EB9317788A97422AAFB5BA1EA30C525E64C4BB56DA2EB4
C:\Windows\INF\mdmc26a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3330 "Signature", at 0x68 WinDirPath, LanguageID 809	43F62BC7CC4616D58C4AF74A39178C9B	7CABE2774B2C957CD6E78B45CEB2C6AA1F59ACB4	D0E69E968DD912E2F04C03A9EE08645364875FB706C848765AEB9945B6DD4B17
C:\Windows\INF\mdmcdp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1ce0 "Signature", at 0x68 WinDirPath, LanguageID 809	95E7B2F32563091E1609173647D53C69	E5536D02655A4D9143EE432A81396EE588B4A96A	DFB6CE1C87BCC04AA1AC033C71A941ACD2A479280E70758F0F1F2FE8ECBF81E1
C:\Windows\INF\mdmcm28.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8f18 "Signature", at 0x68 WinDirPath, LanguageID 809	2E459A79505692786F6E68EB7FAAFB86	D0C8F27EC1D9F6A558097949597C1ECED0371144	FCCAD2D5B53B9A0215DABBBEBAE8BBEE5253B9969AC579966AD9117659C02EFC
C:\Windows\INF\mdmcodex.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2de8 "Signature", at 0x68 WinDirPath, LanguageID 809	FD770293AF3B7E98524F916439BC007B	943C88BFA2A196A50E6CAA868679A40457284BB0	15CDA573B2BD72ED85C15CC47A0DB20D2B9EC64D3BBD38F970B93DBCB1A02441
C:\Windows\INF\mdmcom1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5c00 "Signature", at 0x68 WinDirPath, LanguageID 809	125CF64A549A2C0316B8E50C20875909	64DC59AC35ED2892ABBADA2E8EA197B4049701C6	1CA7CC6ABBEC896A56187DF46E88D22C6EF965E11DB3D112758F36956C6AC122
C:\Windows\INF\mdmcommu.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1e00 "Signature", at 0x68 WinDirPath, LanguageID 809	710EDC6E553A1720FEB5290B549FC34F	376A9B6AD2F959F919077EB47ABF9F6C80E2DA15	F604DC6BC4986E3DC10C98459D1071FDA9FA6AF00E9ED9A5867C5EE0FFB2EA4A
C:\Windows\INF\mdmcomp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1cd0 "Signature", at 0x68 WinDirPath, LanguageID 809	D605CAC2B75F8DF93FB0B591C55B7B56	88ADD6E9A49D9ACA0F3DF1039A531BA5AD183373	7633BE89903E923EAB29CA1069736A444C03B35FB3C80E57F7CF56180D92AE3D
C:\Windows\INF\mdmcpq.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x126c0 "Signature", at 0x68 WinDirPath, LanguageID 809	EC8E0153289784E7F7C4508BA8EECC66	28B1257813A8934E3AD4CE52252902514E5D3EF5	D46A0B214C6F2E0231E1A9D35FC3617BAEEAEEB7BC31F780DA0C1D16B5295C3E
C:\Windows\INF\mdmcpq2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x69b0 "Signature", at 0x68 WinDirPath, LanguageID 809	D7733F7284161385BB3125FBE7473A4F	8DD3F51C6CB1819805615A697C9D71E8E802A36D	8DC372E7375667496C702026438497E0E6E9EB0F9CDEDFE6A5FC6971064D6328
C:\Windows\INF\mdmcpv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2430 "Signature", at 0x68 WinDirPath, LanguageID 809	1B823896944E49995715FB7D8AE29929	405AE9C164E6D9B536F3D436C906AE9E93193EC9	8BEA9228B331217ACADD8F11374EBA274DC15B324FBCB388B060F31FFDEF0287
C:\Windows\INF\mdmcrtix.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2fe8 "Signature", at 0x68 WinDirPath, LanguageID 809	BB207C0A5BAA5506F98DB7073519712E	829E9E08B146998D1D316A6FE6D593DF6385E39A	501BC4797915592FDA85A912CF544781ED84BCCA0B8B1B96444DE6F4A810D21A
C:\Windows\INF\mdmcxhv6.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xba80 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5572EA05D1A6F149F283A9F191EA7472	5551917F1FF24B140670F4E8C429F2EAAD7641DF	DEBD18E4DC81742C59FA2883C13D2634D11683677B6AEA6DDB6798FC7FE092AE
C:\Windows\INF\mdmcxpv6.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xa288 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	598DA4693075C5E7766D817E25AD981A	63CF8AF0C70DCFDD9858E5E035D202C6BF0ED565	86F4888250A74C521569DE6BCCC920029CA94C86CDDAE50555BA15BB4C0256E9
C:\Windows\INF\mdmdcm5.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6d28 "Signature", at 0x68 WinDirPath, LanguageID 809	985261A853D82734DA2508343335E9B8	FCC4291CB9F24149FF627C4E785165BD25C5DAC8	A49C0D67A55C6454D3208A916C069A18B05F6082E1E1122C6EEBFF407832454B
C:\Windows\INF\mdmdcm6.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4700 "Signature", at 0x68 WinDirPath, LanguageID 809	39BC485114D8EAB68F9338B226D6094E	AE512936CA7B7BA99557ADAD4C80EDFBCC52D1A7	75C3944A6B20476DE8C72D2180383CB68F0A4BD85A692629BB7E8AB5BDBED08A
C:\Windows\INF\mdmdf56f.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x38d0 "Signature", at 0x68 WinDirPath, LanguageID 809	29FCEB6955B0CF126B75B362D21C9CC2	0AE0C353B72B5AB0F403821301A7DEDBC6D0965F	682530A2112B6BEDDDF16F968550B3BA347696D474AC7D44EBB6B9361E2FB38D
C:\Windows\INF\mdmdgitn.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2bc8 "Signature", at 0x68 WinDirPath, LanguageID 809	43DAAB23C04EF438027BF2E410E8C29D	0DFEF23003AAE725601727C35501139C59A1044C	F0F8FB947F1F9A32D730365CC0F398D26C099E3D8E81A834BE4611D43CEFBD66
C:\Windows\INF\mdmdp2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x25e0 "Signature", at 0x68 WinDirPath, LanguageID 809	A03D288B5557367DF540A36D11F1CC7A	0DF998CC2F217B19E3709D542DE476304B4BBB72	A6DE6EEE55867002B0583E05C9112C046A986CC63D9F570A9D030C5EEB32E72C
C:\Windows\INF\mdmdsi.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12688 "Signature", at 0x68 WinDirPath, LanguageID 809	213C5D8CAD306520F922AB7DE6EBB37D	EF27E0D20CAECA77C430DD537B6F9BEF8A67FD6F	6805138A7C017BE6C130231CA647437DCEB7987D2734E1B97D2417E578E3F4C5
C:\Windows\INF\mdmdyna.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7370 "Signature", at 0x68 WinDirPath, LanguageID 809	10CEF6C4FF0338C3171559266D7C228F	6A67787C01A3BC73D522F073307523BC753191A5	A73E274121E674B645A92EB50DA74FF2BB9ECC15DD518F97ABDA87527FDBFD58
C:\Windows\INF\mdmeiger.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3de0 "Signature", at 0x68 WinDirPath, LanguageID 809	0BE85F9BC8B7FF6DFC8AD168B283A442	4F4D3B4DD33C2AAB75248EF108FE1DBD4961D226	20F981230E11076BC24319FA394F90FA6999CB6BBC9583C672A8D6249B6F1661
C:\Windows\INF\mdmelsa.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe940 "Signature", at 0x68 WinDirPath, LanguageID 809	ACB0C42EBE545EB2D3525B80E74F4B02	80DF14DF6C0D2C4328A6878BF6E29F9B8309C23C	F7F70CDE2E8F59C785A07383CBC2533804F03ADAC89B47571CAE4D1257FB7676
C:\Windows\INF\mdmeric.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3080 "Signature", at 0x68 WinDirPath, LanguageID 809	D53BCE8EC3E14E98ECE47FDACD1FF401	B80C6A6549D20F80C9BA4EB5553248A790642C62	1A54B1D0DD6B701B2CB4250A148D171F2DCD60AB5319274AEC1E9DD40D57C13F
C:\Windows\INF\mdmeric2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3608 "Signature", at 0x68 WinDirPath, LanguageID 809	6A20B0BE4EF176B699D60D878BE53848	2FF7B01F615C8E3E4CE36DDE8ABB1B844F8262F2	6FC9AF7ABB0825D93708E3D4B40892708D59A5F5838090DA0D4ED259F7BAE8A4
C:\Windows\INF\mdmetech.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x71e8 "Signature", at 0x68 WinDirPath, LanguageID 809	81231C480D747513FA6B4116FF7BE045	25E658EE1D574405531F6BC8E26D89F8CF8563D3	C9A44F09C3AE024D55BD64B8FFD03F4F41EF22D518072236619A9F38301E7B27
C:\Windows\INF\mdmfj2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x32f0 "Signature", at 0x68 WinDirPath, LanguageID 809	D59FFD19C444B1E0AA35A49EC7158E14	92269B47D83747CCF77DBD0CA97A854088FBB9D2	0582CB9625E8C83D5D401E6F61264902824EA54B342C9287B823B42140244870
C:\Windows\INF\mdmgatew.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6e90 "Signature", at 0x68 WinDirPath, LanguageID 809	FDFA6E00D3D18577BEE3750E384F4A07	D6A9D6376E0EAD9862DF5850A7CB606F96C8EECA	DBB25A950261ACB7BB3D8CDB885B0449A8A885DE8FE8C70FC9A33A6EA321FE9B
C:\Windows\INF\mdmgcs.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5f98 "Signature", at 0x68 WinDirPath, LanguageID 809	2ADE8722DDCF134E9813DD5CF98CC4DE	6BC48926188CAAFF79885D5A7E9A930059BB7F0F	3DB54B9B3817F9EF132B9A2F63AF2C8638FA8E465F7F70894C8BF3DA5F3A18B8
C:\Windows\INF\mdmgen.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8758 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D59EEE5D1408DD7DCC831B940445C7AF	CA66CD1CCBD61A276CA60C0ED73B1B16F4D0DEC9	BC5BD9B340D224842E79DE49D529EB17069034259F15E79BB7FB91F55A5EA94C
C:\Windows\INF\mdmgl001.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xafb0 "Signature", at 0x68 WinDirPath, LanguageID 809	ED2FE563DDBFA094C2D29C841FF41878	2CB3DF2D038528F1B05ED155C82ED67EB35F88AA	C79C64E9F7A172AFBCAFCCF96F6579E8589E6B57A53AEA10010A28659493415B
C:\Windows\INF\mdmgl002.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd1c0 "Signature", at 0x68 WinDirPath, LanguageID 809	E2ACCB8141AFDCA7EC00AB537404D7B0	266B0215221F9E63CCCCBE9927EC0A921CDA3ECE	D65F0413CD56F1102192A2A64EF7FFFC5FD66C7704A76B1D7FF66E12AE121C94
C:\Windows\INF\mdmgl003.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3588 "Signature", at 0x68 WinDirPath, LanguageID 809	47C4BBF6637C24946DD43366019F49A8	2D5519D98D0B49272657BCF36AAA1DCA319D3485	E8451CFCB5B711675C643BA7ADD40614B6DE877738F39DB888970473F275D94E
C:\Windows\INF\mdmgl004.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xcc88 "Signature", at 0x68 WinDirPath, LanguageID 809	86D6B43FCD756542854C5A43248AEB33	0683AFBF56B7DBE1EEEFBE38B0C84A50A6F51FA1	22CC2AAE7C013E15386DD97CEC11688C2192089DDF10D930A05CAE91FBFC8D7A
C:\Windows\INF\mdmgl005.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc018 "Signature", at 0x68 WinDirPath, LanguageID 809	B64B84690094271A2A252BE35064D97B	9D2341927D112BE9EF1EA2AACAAE962B8E2BF980	13B3F43F4FC69A9C5AAE51FB8683615BBDCB0B6B9B07488867D31F1EA1040195
C:\Windows\INF\mdmgl006.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xb1c0 "Signature", at 0x68 WinDirPath, LanguageID 809	7F6DB3FE4F8EF01961B1B82C12E47DC3	C683579EC58E1C823ACE59E4D0C890822837C2DD	180670193C5E2CBD515455E638610E3E07C85FA4F926EC464FC78BB3C73ADEBE
C:\Windows\INF\mdmgl007.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x13200 "Signature", at 0x68 WinDirPath, LanguageID 809	2B6E0010736682C7E9BB40E0922D178F	73801AE8FECD277FD523681311E8858D636A8DEA	5D3231E661E6E7F2927025545899D4A9E76EE71E17A78FB68C72ABB276A1D8FB
C:\Windows\INF\mdmgl008.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8290 "Signature", at 0x68 WinDirPath, LanguageID 809	216E8CC230E1AAD9BD2611EBB2C2A53B	028293D4083787C18D96E3235DB9E7F2DD3097AF	0CF62050FD1ADE364359D4F61BC8ADEBF205A2D1DEEB3AC36437C18292079FF2
C:\Windows\INF\mdmgl009.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x14320 "Signature", at 0x68 WinDirPath, LanguageID 809	25ABFE8FAAE14D6E9E7ED9FD86796F91	F22BA1AAACD86DC2CAC3B0772CF014FF5ACDD980	69E18E79CDA6165D806C5693FB7BE5CB41BE49FD7AABD2F91584446AF31C196F
C:\Windows\INF\mdmgl010.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd1d8 "Signature", at 0x68 WinDirPath, LanguageID 809	C1328ACD41B6414C28C0046AD4361D8F	B82BB0945158F965A1DFF8F8623594EC53827C2F	D7ACD1C4B5E32F9A22836C660FF86FC0D7CFF5D095616CA31B74420E769365FA
C:\Windows\INF\mdmgsm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4338 "Signature", at 0x68 WinDirPath, LanguageID 809	68D98A8E2A145F5207D2E105321B9D11	1A7D2AE7A87233C035D5F27B1D19FC7D60A4F39B	BA7EFBB93784DD8BE1CA893D866272A88A45746C9889A7ACA0DE990B846D3A8D
C:\Windows\INF\mdmhaeu.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x18f8 "Signature", at 0x68 WinDirPath, LanguageID 809	26D41EE36D3C79758BA37FB3A5A6FEFE	DEDADF803C20B129BFE96791806567552362FC04	6229EF682085BD84BA1A7BB47EBB7E520BEB363F657686AFB6B60714F2BCFD3F
C:\Windows\INF\mdmhandy.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x86a8 "Signature", at 0x68 WinDirPath, LanguageID 809	A9FFB72F3D19D8564807F1BE9EF284EE	06119E9DA14612C2B7203C63D8A856107A92768F	87CF5787926166FCF186743ABCB9AD1B8A4144F4F86F76C3FCB11B91AE20DE7E
C:\Windows\INF\mdmhay2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x76a8 "Signature", at 0x68 WinDirPath, LanguageID 809	1446053118B0878394E11D1A0072F7DE	7BFEEC2952DF7BE82D461516D2A6C186D46BD8A1	5A8CBB912B76ED8FC14DF49A01453EFD39741AEA5C323D736A71B2CACCFB3EA9
C:\Windows\INF\mdmhayes.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xcbf0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0F9B9F0904403D957F1E372E0A92B2E7	5B584BFAB95DFD823B77CA31CA516258C044097A	3E8C653B3CECF91F7BE900B75952487B818EC2297D9A0F8B861DB7A6EB4ADF28
C:\Windows\INF\mdminfot.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3758 "Signature", at 0x68 WinDirPath, LanguageID 809	FC5631DDECA94B83CE8F6A0D9EF30131	F84C9D9D35A49180FBB949B0D6CFC25C33984237	75CA2E6FC688DF2570AEF4199C4F0647CA936B36CF54C62D4E8C4DB2BF1CB25E
C:\Windows\INF\mdmiodat.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4660 "Signature", at 0x68 WinDirPath, LanguageID 809	9E15268B764BD8811B251B396AD5D79B	AE0773E466EFC0CB555B9FC2C9EB9AF2F8F0B063	FE0E32C2267D7EF01F7B04F275D660BAF96C4DFFF9811B47776F4174FAA75A54
C:\Windows\INF\mdmirmdm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x98b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C081738CB14D0C6D6B4967922FE864AC	024A4E2033820FA33904955DC44A942EA500D89D	B313682E46E61778BD942CA5831210240E7CE231A735D69913EC09BE7C9DA77B
C:\Windows\INF\mdmisdn.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6b10 "Signature", at 0x68 WinDirPath, LanguageID 809	841C84F4063DBDDFB4CCDE4695447B30	5658E2375FB7B3283A042D74BD676EDE71D70D55	C388BB9E40A7788CBFDA91E6091F9F8DDE04F919C26C43DB401C16A1557D6772
C:\Windows\INF\mdmjf56e.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3bc8 "Signature", at 0x68 WinDirPath, LanguageID 809	6232D0E9030B0BD97CF36F86624AE8E4	2850CC55919E5627731301F6A2D7CEC8E4047B52	3176494CBF03363D13861A12A146F12AB68392696F09C7B19CD586BF73F28725
C:\Windows\INF\mdmke.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2070 "Signature", at 0x68 WinDirPath, LanguageID 809	9ECCE2D7639016A40D677AFF75F29D1E	B14E475CF54D53BB7F80532BB77130ABC99CA8FF	B02BCC0D55DDE032810CEB010C6EB51E2FF5C9A652FB7D8E653872C59963225C
C:\Windows\INF\mdmkortx.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2060 "Signature", at 0x68 WinDirPath, LanguageID 809	28A299FCE04541B9A5D6B9CE72B5B5B2	DE2F88992807CC9836B2D87E0A6D12E22338D763	E739B08359E4D95143ED327A924DFAE63F6834F7E84DED3D7EC2D593FE6B4237
C:\Windows\INF\mdmlasat.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3460 "Signature", at 0x68 WinDirPath, LanguageID 809	8298C725393FD78BC21F489BBE48F7AD	14B0984290965CC4E5F7E50EB194C8DD2B7B07E2	E7B93DE31D037AD47EB8DC2F74024C24CD8C7D0B7A70AE82EE653414617E1E84
C:\Windows\INF\mdmlasno.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6080 "Signature", at 0x68 WinDirPath, LanguageID 809	EB8303D8238A3541AA18A935645DEE08	83CD6B1704043AC973D7CB6C3A45AE39B3CE3562	B2B25E92F1C597E9F5B8FA0CB67B55CCB49FD7F1B9D7C6B0E863AE597CFD12B5
C:\Windows\INF\mdmlucnt.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5260 "Signature", at 0x68 WinDirPath, LanguageID 809	97E3B42E0E0F663214D3BCB74EB14000	EF58BA9F99B6715F1EC7DDA4802BE4E88CB3B0F6	53521FF7FC9645AED769AA7E748138FFC41B992B06D50B03863FAAEB536F25B0
C:\Windows\INF\mdmmc288.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2180 "Signature", at 0x68 WinDirPath, LanguageID 809	6EAF11DFCD299F2CB6F219E8A331A7EC	CC49E9B381031BC6ED4C823E52201C631C3F6103	3C2D139003EF5DE8E2CAED74810CB55B7DF5C1A9BA9BB688D48555EF1C83072E
C:\Windows\INF\mdmmcd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b88 "Signature", at 0x68 WinDirPath, LanguageID 809	B0FD16BC1C39399B134CB6DBE8488397	88FC803BC0FEB081318F0856DC70BB88557E97E5	2926ECC3FDBF0C3BEAB2651537CEB341AD68EAEC680488344F538A053DA37F68
C:\Windows\INF\mdmmcom.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x63b0 "Signature", at 0x68 WinDirPath, LanguageID 809	6F6DA0E11EAA0581CC6F2BB8F0D0F5DB	6A385DD3F17A5504F6CE221FCB68D0884E747CB6	CB963CC91AFDE744744FC969BEBFF5C1E74E2E788C7BFC9D302D03661FBB9B93
C:\Windows\INF\mdmmct.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xa5e0 "Signature", at 0x68 WinDirPath, LanguageID 809	B463D14C2F5E975A03A55606B1338242	126C4AAFB8EC1528F652D75D7270108CA5786A21	DEDADA7743CA3EDE0E57A19C200435FD944648B05F30F336575CB419EF1B1A11
C:\Windows\INF\mdmmega.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x29d8 "Signature", at 0x68 WinDirPath, LanguageID 809	6F5EE6D035A5D25E8078094BEC99A6F9	9D4CA56D7778C7E8048AF3C88A570656C29EC978	DA1B7AC86D7536388E9F1458CB5D1B3B0B50F24DFE8596C599255CF3F8B34145
C:\Windows\INF\mdmmetri.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf3d0 "Signature", at 0x68 WinDirPath, LanguageID 809	3DD9A20A13D928E4C4027C5AE2755D90	F220B12F554BAC68CDE35A681459E4446CC207BD	922522611E23433986AF83641ED8EAF45FF75ECA4B6131023629B7B95E80EBC5
C:\Windows\INF\mdmmhrtz.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9338 "Signature", at 0x68 WinDirPath, LanguageID 809	6CE13DA9B33D93C793CC3B035AF4158F	A8E51B67E9CE9A45D479577381EDCB05E63D9CF5	0CA2FE28E7E75E94CDBD1F3FD40615D19DAE360123E9F9CC1BC01E312F5FE7DB
C:\Windows\INF\mdmmhzel.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b708 "Signature", at 0x68 WinDirPath, LanguageID 809	FBD06C41CA03E6FB2683A2546EBBEA71	8E56FE4443E03CCF786848C49BE97FD82AFA664F	4604104D191D16658C0C3D2E00F627661BF8CAD051ECBAA028D18ACE48AE2BB1
C:\Windows\INF\mdmminij.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1d38 "Signature", at 0x68 WinDirPath, LanguageID 809	A215A7819A43662EA4A8BD29A69B9061	81A96FB2825B6C28BFF4501208AC0424C8ED4067	31F3BCD6113079E83A6AAB9A6628A9D74C6B2B76AB144D189E69D9EE79BE5EA7
C:\Windows\INF\mdmmod.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3360 "Signature", at 0x68 WinDirPath, LanguageID 809	49D639CB7514EC7A5D6C4C8E865E8309	F7C9532E6E73DD8ACB9299827A85B3ADB7524C8C	189CB3E182FF411605F575676856A88DEB594077CCAD4AFF4CA3CEC84EFF75D0
C:\Windows\INF\mdmmot64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10ca8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3AAF88123594229336854352A707DF44	BF2CECE767F8044606AE9E25DBB698B4D869F353	CE34455B7908E9BB65931DB9BA33327F386F0E9F03738CBE0213A0D70F25AD71
C:\Windows\INF\mdmmoto1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2b88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	915FE0E98EAA114C23133151642B919D	8FF902A2A1B8494A4DEF873546F48CC675BBA377	A38FB1F64972463C7AE4081DCC5A68B8D2BE58C4AA80C802D4D4159F7F435FDB
C:\Windows\INF\mdmmotou.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1968 "Signature", at 0x68 WinDirPath, LanguageID 809	527CE988153266F857DDEFEDD496EA12	9E5D653A89D86286902E7DF260A307AC983F6FED	E5DC270C7A862D1F951B813E5C4805529FA9464FF2C7C72712409498E9A41D32
C:\Windows\INF\mdmmts.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9520 "Signature", at 0x68 WinDirPath, LanguageID 809	58C21406D71427319B16248CBFA468B0	293090736E16BF40FC6DD9443C5CB971EA88A093	FF68A4FCAC733A6DEB94572F8EFB43404FE5DDDC156FE745910F482E75564FFD
C:\Windows\INF\mdmneuhs.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2f80 "Signature", at 0x68 WinDirPath, LanguageID 809	57AABC15B9FD9DE2B4757D413A7EB2F7	1F05F7DC9115EDBBC059C494FAE52A0A42EFE7E4	85A0FB8ADBA78CE5C8DC9590AF826EA68F3C903B3B8513FC9591C4985C7C5301
C:\Windows\INF\mdmnis1u.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1fd0 "Signature", at 0x68 WinDirPath, LanguageID 809	84C6A6638DD684AF7BAF033DD88F3E5E	56F8CE5BE662B6642C4764D1F5856DB18FF6F160	649C72171D5B1011D1AD9C5D931E49E2418524098B0B267AA157CECD50810920
C:\Windows\INF\mdmnis2u.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2000 "Signature", at 0x68 WinDirPath, LanguageID 809	4573813582C4DA607AE2CE70BB413D22	BFA088CA27CCC924AB3BF8D8AA367422B06AB01F	2A8EB54F1B787B43B0435499AEE3EDFA084FFDEB4255996DF8CBADD871C34BCC
C:\Windows\INF\mdmnis3t.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1ad0 "Signature", at 0x68 WinDirPath, LanguageID 809	C71D4720893C4897F30A9172CFCCB808	7496E3D234139DF0CC55AB30B65461B742A1ABF8	0C946D2E7F07CB883FDF0B9710D68E306D99C39FEE1C0227B073FB504674BFED
C:\Windows\INF\mdmnis5t.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1ab8 "Signature", at 0x68 WinDirPath, LanguageID 809	46C2D92191B0115116F996ED5B566294	AD13732BB5F83CA7F29F1DB9635BE88BA1779802	DEB07458B5A9F1FFF510CD467099E411087234D486393BB75096A047DA0E99AB
C:\Windows\INF\mdmnokia.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9228 "Signature", at 0x68 WinDirPath, LanguageID 809	9BE8E899705D014E5FC4AC96B806B83A	E74BF7C06EDDAD9DB9EE8874D7441416C97B02DE	094BE109D3448E4F911F988B43158FD97F6D443D6A20CA10EACDAAB0422F10A3
C:\Windows\INF\mdmnova.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2ac8 "Signature", at 0x68 WinDirPath, LanguageID 809	747EB34930C847AE2B2C843581AFBC92	2477F8592BDF6777C183BF39985AE94101888CDA	6A1A436ED05681C27E43569B9DED17D998825274198FA496603E3BD82FA4E059
C:\Windows\INF\mdmntt1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2220 "Signature", at 0x68 WinDirPath, LanguageID 809	1558F8EE83A45EB951AD3C8B19D109CA	AA87253E60A777D1A7F2937B553899B7604F2492	F92A0EB78B696006E4B638197086707E465936566FBD7C67894997D94DB88CB9
C:\Windows\INF\mdmnttd2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3298 "Signature", at 0x68 WinDirPath, LanguageID 809	9EE1813BC8BDF61A03D3C87E2CA7753C	635A3FFE29DCF68867D2B85F6BFF6A0B7A52DFEA	77028798D6C57CA983718E0B634829223684CD374B261736DA110E7A4C3812AD
C:\Windows\INF\mdmnttd6.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x32a0 "Signature", at 0x68 WinDirPath, LanguageID 809	2BF1D06F366EBE183E7B30B7CB20D671	3200634984F3614F76B5A5F81366443E6C8C26C4	9B416069FC34A18D802C3CEEFF5E62B563DD958DF892F9A5B2F0EFEBC4F4FE86
C:\Windows\INF\mdmnttme.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1d98 "Signature", at 0x68 WinDirPath, LanguageID 809	01AABC11BA99EDCBE18A683996F797C8	5711EAC79E4B22C3D955E1FFAA40AF7DAE917069	1D125237DB6419E8C204961F0470C290E1FD7C17143010361C77DF6CD9919D85
C:\Windows\INF\mdmnttp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2788 "Signature", at 0x68 WinDirPath, LanguageID 809	023E79B17B9B900A1A0AD53FA66FBF36	3D648B366DD1805A4E7180900A2A7A2CD1B67A08	B57CC63AF76D1F5765A078F5EDC3BE51FE390C6F0F8CB9F3538E7B2B0E5D0D9E
C:\Windows\INF\mdmnttp2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2b30 "Signature", at 0x68 WinDirPath, LanguageID 809	49470535F7CDFF2CF2A128C5BF260421	2F4D0995392CFC7435B72DD3502995FE4DB7DBD5	C16D871B65E179DB038777E7D0B394924556120D220B71DA231A78B5D0FC0CFD
C:\Windows\INF\mdmnttte.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1de8 "Signature", at 0x68 WinDirPath, LanguageID 809	D066D139D6EAF4B4BE3302C667AB419A	3297F06D92862A6A743095FFBAE94981A30524FE	E388670A9B6517E2E600A3D7F638236472506C752C3EFD9EA274A2B831820B99
C:\Windows\INF\mdmolic.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x46e8 "Signature", at 0x68 WinDirPath, LanguageID 809	9F16BFC8A60C3275EA8889A90AE09E36	CC5060BFD3D823077E0F27B0BC0F6CE53DA32C37	C3582306E452C9D4B7918B57C2900E830CDCD498AF8660F3BBD399F871C0AF5F
C:\Windows\INF\mdmomrn3.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12068 "Signature", at 0x68 WinDirPath, LanguageID 809	A07FB80F25A40D25374A51BA705A2B54	C10D6D1EF20E97C2C31170FF009B18D2D951F340	1B6F7C1B83178876E15DCE734735CDC7A5B324775C7390C8EE866B0B1743C78D
C:\Windows\INF\mdmoptn.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1ed8 "Signature", at 0x68 WinDirPath, LanguageID 809	807F8506535D3AE1200246DB9A96B2B3	4F956C361E05F772449C9022D39EAA3CE186C289	18078110A6B23BC6A9463F8E6FE6A884A5B42F18BC5517D5121AE19EAA1313F4
C:\Windows\INF\mdmosi.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x67a0 "Signature", at 0x68 WinDirPath, LanguageID 809	A07B19DE9825170195EC8213442EE797	3147C2E3226896104707A21D6A409B77220F9A68	9F6C0E021126DA48BCD5B99D5CE51E4DC30FB453A654588E7A53869404FF0E87
C:\Windows\INF\mdmpace.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3c90 "Signature", at 0x68 WinDirPath, LanguageID 809	31942221BF4AC493632925650FCD607F	CD414F23365CB19201A6F8FFE67E62664311D6E4	CF2770640CEA733992A29150A2C9CDF578FE592CEAD374F59F95AE97D6FAD49C
C:\Windows\INF\mdmpenr.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8880 "Signature", at 0x68 WinDirPath, LanguageID 809	163F3ED243D0858F46DAC9668BD71218	42CF917859C4A0A50EDB00BC05905B86301B1A33	331698526941AD53C0BE9B98F7E297FF3B56EFA60AD3E0C9DA58D5723D346F16
C:\Windows\INF\mdmpin.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x28f8 "Signature", at 0x68 WinDirPath, LanguageID 809	81101E31D048D00C438A8A828EEBF32E	1977DB6C8C226C7C1F8EBC63AC4ADE6317C9DDC7	2BF711D23063AF1D990D25C5C01A00BEA8B569E5DEFC2BEA7FED026214F583F4
C:\Windows\INF\mdmpn1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x20f8 "Signature", at 0x68 WinDirPath, LanguageID 809	2941D33B6F49D2ABB8F1DBA37CE74CCD	2468D4498CEBE74AF0F627CE8FA7D182A32FF0F9	DED818731A1BC9FEC09E3F565CE61FFE706F7270CBA30E2F96A3E0650FEAA0F6
C:\Windows\INF\mdmpp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x67d8 "Signature", at 0x68 WinDirPath, LanguageID 809	09B37AC40D3A5C80CFCB0805DC81C409	BC1C58C7292AF394B32247D939C6084B766E5B12	335FAC58BC1F4D0F6843062B40DAEEAFC6A24DE81CCEA23346B046E2C91CA833
C:\Windows\INF\mdmpsion.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2bb0 "Signature", at 0x68 WinDirPath, LanguageID 809	A875BD277A46FDAC6295EDA12F29907B	4BC47A89653E6CEE2EFE28FBEBAD81E698409B1D	EEDD6CD58094803598B1411C176D180A543426A481DE8A10B0E05BBF4F9DBBCE
C:\Windows\INF\mdmracal.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xaa38 "Signature", at 0x68 WinDirPath, LanguageID 809	0599F72ABCF6D6948EE5E41723344784	4ADACDEC710F71BCB547E451B78F4600E5210BF8	B14DB0D069A7B68FCF609FD9B33D593C6A59B534BC3BB5A3111756E3A1A48D1C
C:\Windows\INF\mdmrock.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3478 "Signature", at 0x68 WinDirPath, LanguageID 809	97D13C38193C19859A0B64D392227918	0B17F8A1CA052FA783B4219AD9A051439CAC5BFC	44AC060404E858A759A89E7E77CBCDAC7432096B11D1285AAA8C152426010368
C:\Windows\INF\mdmrock3.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5190 "Signature", at 0x68 WinDirPath, LanguageID 809	5E6200A00AF23533A776C956B7D45B36	A40A4F2DFFBCE9B9F47885C010A58C8AB15AD6C4	671FD52CD88B523B214ACAE545A1A1CF6CF7E4EB3FABB5FE19466ABF35FDE688
C:\Windows\INF\mdmrock4.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x89e0 "Signature", at 0x68 WinDirPath, LanguageID 809	11830257C54C648F8C0706E77419F43B	7A2F1369859EC59C9B655100A6ABE8F16BF48132	2242F248C091DB61EA8010711B5C9C0D2383E8EB1D293ACF8F3022F9629C20D6
C:\Windows\INF\mdmrock5.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10b88 "Signature", at 0x68 WinDirPath, LanguageID 809	F5F43FCE709B0393B57660ADC6FDAF4A	22FE0CD85FB141479C0CD5F60FA8434A003C2019	FB495522789D27DE14A863D5271BCF5C9C410515E628B300DE38C4BD3FA455F8
C:\Windows\INF\mdmsier.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5b98 "Signature", at 0x68 WinDirPath, LanguageID 809	C99B722D5E6EE66D17BA86957D14316A	FE4B7F3E515374A8ADEE58EE26EE69E1097134F9	FBED7CB44450E84851BC12BF784FFB42F178FBAE4E582E6058F1075CF10B9DBB
C:\Windows\INF\mdmsii64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3508 "Signature", at 0x68 WinDirPath, LanguageID 809	B98FBA3A8ABD3C2C4F88D763B90C6FE7	BB245D5FD1F747555B5595FFB9094C93001F87C1	DE9BE0FDAFAA3E39421114D3AF57EA20B5031BE3B73A70910A7CF3BFECF06FB7
C:\Windows\INF\mdmsmart.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2828 "Signature", at 0x68 WinDirPath, LanguageID 809	B28014A684602B85CBBE28502EFFD794	E1BF6AC7AFA3E3D980B650896989844EE3B937AD	28660AA142AC2BBA9F22CF80EFE60554199A571D04864369E2C227FE954C89B3
C:\Windows\INF\mdmsonyu.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd520 "Signature", at 0x68 WinDirPath, LanguageID 809	3B602488F723F840EDE054E18FEA4FE9	4D923EC9F7BDC91BA3B3CCE59ECB626C53555EF3	DE1A1300F30AC29037005A5BC9FD716C22412CB313A259EF79920032D392F859
C:\Windows\INF\mdmsun1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b78 "Signature", at 0x68 WinDirPath, LanguageID 809	34600ED1E3A8F17846A63DE5835BB2A4	70E2F042F0FA3FE334E2F44BD2FC57A5F0938219	70652779E3B99DEC9BFD467A7A1D5BA5643AB4FD166BB2C2053EB5C5088F3792
C:\Windows\INF\mdmsun2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4d98 "Signature", at 0x68 WinDirPath, LanguageID 809	94F3D658570CF0C469C9F0F426729EEA	15FB1EC5B75D9CCF3B0CD2EDBF22CE3960C8C520	6C846BAFFEFE039DE461334C0A631D6E39CC4D24912A6636BCFD156D8CD1E415
C:\Windows\INF\mdmsupr3.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5a40 "Signature", at 0x68 WinDirPath, LanguageID 809	3D1E194912F8AE61725237518F7C0387	B7BA1191D6A50F7DC560B78FD8C053D862880256	FC8E19A11B15AB6D0167D60DBEA3D30ECCB53F564A6899793A0BF1BE0480004F
C:\Windows\INF\mdmsupra.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc118 "Signature", at 0x68 WinDirPath, LanguageID 809	14D4A57957384F6789D046F1037460C1	4DAA37A3921E917F9465D66DEEA744801D9FB83B	BEF17EB9E98C95269CCFA61313E5156208FC97AFF02D3586271E2871ED48DF34
C:\Windows\INF\mdmsuprv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4bd8 "Signature", at 0x68 WinDirPath, LanguageID 809	2B21EAB3026411B57F2C28BEB9E1101A	2370458C9AB435C5A0921A1132D66AB0325C3D37	08B725553D3E0F914EEA408F423BB6A0859DA3D92DE2ABAAA7B390228C86F8C9
C:\Windows\INF\mdmtdk.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6d30 "Signature", at 0x68 WinDirPath, LanguageID 809	E0AEF2409A65E9AC4965310C8349EFA5	EA3F1DB6C76036D052604F00DD36DA3476C8AC1A	766E1D6C0E7C15CAA5F392113D7F702BF4E9495AB9CEF7D07220CE56B703D967
C:\Windows\INF\mdmtdkj2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3b68 "Signature", at 0x68 WinDirPath, LanguageID 809	C68D76F4D057F8D74CC8C3080D336E44	E684032BB433582DC484CEB513A420C6EF49B40A	D4E6882A2DF6F7FF99D76B7B9B2D1CDF38E0A1D3C8511FD3ADC74C3F4A38E2AD
C:\Windows\INF\mdmtdkj3.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3240 "Signature", at 0x68 WinDirPath, LanguageID 809	C16100A67398687D2D18D4E4F5A7771B	124DD74ECED8A1749070A1B064CBD08F4D9BFA8D	5E0CB31C7AA1942C11A5CF340341EAC4B976ED20B017EA81069826E37703C104
C:\Windows\INF\mdmtdkj4.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x38a0 "Signature", at 0x68 WinDirPath, LanguageID 809	13E37251840F36184EA2D0B99E6B8078	BD686BBCA3CCBD3BE8E0C34C07E8F928EB845E48	16195C5D4E5DA86AD427BC8B4BA19866CF0F3FF2EDFCCD8E7776336FCA8E2CF3
C:\Windows\INF\mdmtdkj5.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3f08 "Signature", at 0x68 WinDirPath, LanguageID 809	8FB56FA0C7A5B2778F6DB6BBD707978E	4C1E6E009B9C2F9E88FE7D5640DBB179FC700131	258C2A114835981238FB83C86D9C7E4D997D8EF93D8DBAB0E7F9672984B85FCF
C:\Windows\INF\mdmtdkj6.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2878 "Signature", at 0x68 WinDirPath, LanguageID 809	10E915812EBA96998CD536E9C397A22B	EB61BDE26F8AA66189B03FDE2EDBC6B74ACDE204	F24C3668FFDDEB19052541C721C2B0309EA78B01FF8FFB4FC90F1DFBABB70161
C:\Windows\INF\mdmtdkj7.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2668 "Provider", at 0x68 WinDirPath, LanguageID 809	B690FEC8F21DAAED70379C15A91E4D31	C4964CE73CB5FF08E166B28CA6DE82DCDD368970	C8EEA77F7B80004E128F53085EE2C730CD0BBF84BA5FC3F4CBF16367CD99E436
C:\Windows\INF\mdmtexas.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2148 "Signature", at 0x68 WinDirPath, LanguageID 809	5BC880692B38AD5204F3F57A6B9113E7	C60FB354D423C8EF772578E2D1C016E5A6C5159A	014B138CAB24C913D150DE5355D5E0ACD900EA15C11439D0BFB34D486156C0EF
C:\Windows\INF\mdmti.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6300 "Signature", at 0x68 WinDirPath, LanguageID 809	C66226BEA0DA22EC0E6CDA8285CEB441	65DD328E8C4C7063D89C25A373C134C5B930692D	6DA821B245ABFDF56F7524095AF4A398429C5B10233AC73334ACB8E1273D4BA9
C:\Windows\INF\mdmtkr.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5220 "Signature", at 0x68 WinDirPath, LanguageID 809	CDEA84124BC3C0184E8B606C202D5C00	11B4DA49D1D41D991E381803AAFD85E2B9ED50CE	A36705A71322A6604557B04D67A3336BC2C14D24A28AED56AD359E00864F7C07
C:\Windows\INF\mdmtron.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3368 "Signature", at 0x68 WinDirPath, LanguageID 809	0DCB6964F37C69AE2083C6FB58E6DE08	23D6C7350899C2E5DF76907D3544549DB59CD14F	4F74D40A8BD315792DEE3BDAF082E4164FAA42FB208158CFDC35BADE125B11CA
C:\Windows\INF\mdmusrf.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b00 "Signature", at 0x68 WinDirPath, LanguageID 809	5235A12707563560ED1C5B1887BCB283	E9032E000EA624985A3F3E0667E4B8B8E553E5E2	F6B71CCE0C978F4CBA6F1883C25B60B47697A88D6A7AA86F18A3F141C46F4C13
C:\Windows\INF\mdmusrg.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x39f8 "Signature", at 0x68 WinDirPath, LanguageID 809	C1B82E200C5BAEC7DC9E5EACF9186F57	76E53B0BBD5F8115E279251F990397E8FE8AE673	EA1915C76ADE7591240B3FBF71307E319339AF59CCC87F3D883332FDBAD31A74
C:\Windows\INF\mdmusrgl.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7530 "Signature", at 0x68 WinDirPath, LanguageID 809	0532AB1C180B36CD0F3F4E28DE5A5CA1	8D43AB295BB49A68DCBD3ACE8D6B26725BD22E4D	C65C3736D9AF9DDC1581769B813DCC57684AA06A723281D36CD11890C36E5A98
C:\Windows\INF\mdmusrk1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9ea8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	050BB76CC9458740625B685F591D1684	82481CAA50CE611FB201D8354A0F1F59EF9085A9	BC47186EFA87E9E6D5F399B8AB29415CB9CD76F5CD25C92AF671255518818FB3
C:\Windows\INF\mdmusrsp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x19a0 "Signature", at 0x68 WinDirPath, LanguageID 809	1D94281DCA6ABCAD2A2B8A3C166BF542	66CD397F4C81E39BC4A6BA2D2F326D5918F8AACE	3034164D335620EFE56490B1E02C33184115A363DFAE4F0981340CE902B6E922
C:\Windows\INF\mdmvdot.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x17f8 "Signature", at 0x68 WinDirPath, LanguageID 809	ADB54AA75422A7AB4CFDB74891D69E7F	28ADEF600E47BAA7AAC18F6640D839E1F87C75D8	FB72C3B4EE75097F024ABCAE053B7BEDC4228A7029AF8D343CCEB9C262CBDFC3
C:\Windows\INF\mdmvv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3d68 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B527A914919F5273C51F8FDEB0475827	5CF1F718E8E6AAA18CB3083AC48A35066DB12B92	83B6A312BCBC1DDA85370D0CD0A41ED737ED359FF2B69F3277ED137746509127
C:\Windows\INF\mdmwhql0.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12670 "Signature", at 0x68 WinDirPath, LanguageID 809	02E680C199A97BEA242E3DBB13ACAC4E	BD3B7BEEDC5BDDD38AFA0515999F6CE9F0B95AFD	3DFE02C540FA72111B2A7094CF5D8555016D7C309CFB5B59841426DE1B7E9589
C:\Windows\INF\mdmx5560.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xa8a8 "Signature", at 0x68 WinDirPath, LanguageID 809	729EA48CD43151EB72B7B54818775937	086A4C870B327599569C0095CC2725DD67FE4764	FC718CAFC2E2F0513D9A72760D305579612454C2F1681EB82CFC9A6F3EE15F89
C:\Windows\INF\mdmzoom.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe990 "Signature", at 0x68 WinDirPath, LanguageID 809	0E6C94181FCF4EFF23A9325D52189ABF	C43EFFE78594064ED21B392CCB3A7CFDF6DB9679	5F9C675DEC4D117FD53618BF74289D3269A440DF95B5944F04DA8AB956460737
C:\Windows\INF\mdmzyp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x90c0 "Signature", at 0x68 WinDirPath, LanguageID 809	13A99F8A16E810FAF9FF06F117889901	1BAD9E50597EA8D3CF4E24D4EBF6C225FF067D86	2387149B86C5FC993E2F68D369811CCBF6AD5F75327536C4C7B5648F016E7722
C:\Windows\INF\mdmzyxel.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf8c8 "Signature", at 0x68 WinDirPath, LanguageID 809	4FE5BF30CD1C2500ADC3F7BB15B94516	03CD7D00AD23951BDE04B6268D021485475B3D1C	1FC034FA8937A656E56CB5B948C91C7C2BB637ACF1982944E8A704129B02C73F
C:\Windows\INF\mdmzyxlg.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11878 "Signature", at 0x68 WinDirPath, LanguageID 809	873AF00E4EA30D00A28782B7E78092F0	8AC223214A0C6A97D806B7728332BE36F0B51036	C4A2B02B520E1826C8B4D432175348987BF8F83EA39E74000978A32237310C76
C:\Windows\INF\megasas.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x26f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4633ABA7BF7495B64B9AD2EA49B8FDA5	3864B1B86CA1C430E8B8F81FDAC86075EECB7BFF	0EBDADBADA18181197E88B378A1AD3A2692A307233DCF62507CA84BC6ED421C6
C:\Windows\INF\megasas2i.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2148 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FCC0111860FFD6663ECD294CA7AB775B	4F24ADD1018F70C5DE1A7B88889F3C3BD8687F79	331A65481A02771D6DD164D100BB18CD7CE9BA16A7D10FEEDF06CDBBC63E91B8
C:\Windows\INF\megasas35i.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3720 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2038B96260F36A33B318078CFE520B3D	1A6B94FB562CF0F4F82524534483BF18808E0130	4E7E722144FA1D83A3E98DA4BE4EE8A7B7E8970EAF4F432E29DEA8475968A304
C:\Windows\INF\megasr.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x438c0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C5B735677D5188D1FD8232CCD75D58EE	B66F6407F6683E6F51866DA1796B14FC3ECC5ACA	C2293A080B94C965649773D79ACAB23F6CFFAA273D91A5DCC259286ABBF31C1B
C:\Windows\INF\mf.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1288 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	65BB55EFE1F8829978B790A086CE1A56	D640DB77BFB20A492B33DA548D59B784356A295A	5A2E24F061329260C09BDFFDD6C93C768FB8AC1C0951BF25325A3AFD545F52F5
C:\Windows\INF\mgtdyn.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1c70 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8643284246F8B5233F02C1FE9B89946D	AF66C3D33E257D623A47E95AD8A98F5E0E24F8CE	9C95009B730968F10D6C9B2D870746E47633495D38A06A512E3DB03F751182E6
C:\Windows\INF\microsoft_bluetooth_a2dp_snk.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf60 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BABBE2535E62929FDE58DB2FE6F3F16A	866C044A8EE669B65ECD789F12AF3C5F04B6A0BA	5C6ADCD3E48AF9E36C3CC64D7C8E60667E970334A0D56CFE8B10FBD11A72FA8E
C:\Windows\INF\microsoft_bluetooth_a2dp_src.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf80 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9A5B395DCCCB9FB9767F71F8041F07E2	F71AB3B326B58C4F6C641F6FFCB0D0FF77F103D1	6185EBE09C53BB2F55FD68A175CFECDEAF21908DA8BEE8C4256021021E4C3984
C:\Windows\INF\microsoft_bluetooth_hfp_ag.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	84CE1E1AC5CEA43EB7DBE05602AEF0A5	FEE39A21512918FFCC77D5FA284680667F003DEB	FA978190C4088CF6EEEB0162DCEB510C574BABF637D261F4EEDF7619E695CD90
C:\Windows\INF\microsoft_bluetooth_hfp_hf.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1088 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2AA514DBBE5AB833610BF94E64C1E89F	B87590602B8C041CAA1997D5623BCD68BFFFB8B6	3FD7BF7690422005A6D409475C3F8FDFEE6B66B14D08E876CE15441295C9EE1F
C:\Windows\INF\miradisp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x21b8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C1EC9CBC070406EB5D3EC59F5FF112E1	52C45C690E93C2F40890830E53AFBAE0FF2D2DAE	5F3CF3B152620571750DF29E0212F805274BE84F0D7226E75FFCE3537C607571
C:\Windows\INF\modemcsa.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x29a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3B96C3AAE4062D5201AAF44DC72D8720	E25F80B40B38015E966BCB2E0C9E898EDE6E4D01	C7AF9CD14632FEF4BD50A9C1B615574C9059A2ECFAF29E9F64CC8411E956C66B
C:\Windows\INF\mrvlpcie8897.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3080 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FA905F1D2A6564BDE5C5CBA84152E371	476217CAE8164918745420E375E870113BED22B2	6AACC116B74BAF19C276BBA146EE41BDE2737500F64FDD25EBB022D7969E8B2C
C:\Windows\INF\msclmd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1188 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	887E55514F33E83D0805B55F3AECF187	AE950A70ED5CE89BC787111DBF2B38DFBBE941F8	AE5DE7E29BFBB3853CCE13971BAF395824E9D0F431758B485A411589B9F90EB2
C:\Windows\INF\msdri.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1390 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8DFD0B4A52A7F18B73D0729B02BE64B5	81E43782F30A8414B8F0B6F1101BBE9C2F030AFD	1053EA36641934564F9D4BF90777A599F6B936A0B16FC8459AA19EC96F0893D4
C:\Windows\INF\msdv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7378 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D99DD6F76B8A4AA051C2A549BF3E0BF7	2621F7B2EEE2C44145D1236C15D8951B2D9EE8F5	815D78E0F4865459C26DCD8D50AD7BF552A7D7CF00FBE8D7B6D6FBBD0AF4ACDA
C:\Windows\INF\mstape.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x49e8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BD9666B12C20F9020E1BEC0D21FB6300	062599585E2DD7871A953780458507591ADAB892	66EA8782A4363A0712267E875BFDE7B37C314B01033960DF28BBCF476B65CC2E
C:\Windows\INF\msux64w10.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4900 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	69F62AFF3A9287A77922CE6144281CBC	A80D9AE2A32E541C9D05364C30C50238E61EA4C9	1D44834A65DDA0D6ACA614C9AF7AEA5D488FDF270897588059D3B21B4049CFAC
C:\Windows\INF\multiprt.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdb0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	82EF30CD1EE033060DA500F7734C7073	584FCB37A81E28AF07905A87AE38298BF94F23E9	78F1FF67EDE8AA6479D52E94A551D82713397697E1640DAD19995B263E066E3D
C:\Windows\INF\mvumis.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2348 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F863457E169F83CDEB9F3550D03F8B97	142DC8296E2AA00159DA925E0C6037274712E00B	42DA6471378FCC3C57760E72BDED7FBDCE6963373E9EBA4621BDDA39C7F010B9
C:\Windows\INF\mwlu97w8x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2a98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F88E20AE3B6B8632FE74D9EF7F973E7B	9801672233F395E59B89526CE92D9D1C03D28514	611B53F34B793469D942904FA9B5546E72D7FC8B5098454E061E81F212772015
C:\Windows\INF\ndiscap.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1130 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9DB698AFB0835AE40E61BEA44F3044A9	D9AAA6AC03BB5A6D2ECD6C5430CDCB811D4C019D	522D3C992372377AECC61E92DE8B5D2D4DE2153C0C4AE613610FF7414AE057FE
C:\Windows\INF\ndisimplatform.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1088 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6DCADF8FFA104CFE4B9DE119E560BF99	80A8E779022F1607A781A0262968B8CB2120F901	029E704BD58EC398E79DA654ECE0BA8B476475EFF8C88DD221FB9D5DA4494A6C
C:\Windows\INF\ndisimplatformmp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x32f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	AA3CA88313AF4BC19482889A17ADC756	2CCD36CF49DF7091D90F2979BAF59E3355A496A1	014C9DDCC448E8E0D06905FE899A508B7F4DD9FE3AA784ADE23BC12167368C31
C:\Windows\INF\ndisuio.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf08 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7D87A43D302861A5CF59084510826F01	33EDB12FF767D032ABABE677ABDC71C62872CA46	E104AE462A1067309D3348DC20CE38397CD35F5310686D5A00CE579ADB65660D
C:\Windows\INF\net1yx64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5520 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A59701CE961942BD70E29D305D677FAB	85EF61C42B58C237C24A67519438FC0965983958	B193FDC13CBFF2974879866E61BDB694EFA5784F541BDAFA35C697B73B5D1EE4
C:\Windows\INF\net44amd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x59d8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D72287EE81D8C9E9661A4FBE107C01C1	F5540E2166F4FF294331AB3E645A84C7FB4EC3DC	A6DE6C48994449C64A3CF94C4DE2C26CAE17435B780630EA76FB0D78358322E4
C:\Windows\INF\net7400-x64-n650.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5bc0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	36122DB51A7A174DAEC18BA95A247EC4	43C4E5C002784C4EBF7BA84562D81A1E433CBD80	2CC3331A94720C40A852BF56A8881F069D985E8A8504F310044C2FCBE5DABA4C
C:\Windows\INF\net7500-x64-n650f.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x47c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	400553A1ABFD2D9D4715C10B4F9FF6E8	8CB200826FCF1677C5DA761327179564ECB95613	FE21BA2C30E4F9B4D95E2DC30E332F796A55B5472D0A0F7D618EDAB268600AC9
C:\Windows\INF\net7800-x64-n650f.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6198 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	609BC83E93386D3FD54AA14E86CAA045	A38BFFA37572680496658C3C351A9D1A1FD4DC64	805BA22BCAEA61198AE6F7863DA7FBA107D1546267B9A719F025D0D57E1D61CF
C:\Windows\INF\net8185.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2890 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8C100D198021087B1F05F8A253D9A904	14B39328A0DAFD4C7A5708AB96A630496C33CFA5	C91137EF8F1AE1877DC2D728AF2E6C59A11DACC647A70753A2A061ADAF072380
C:\Windows\INF\net8187bv64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3290 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	020CC7A2BBB4F376B8712048F4CAD972	D6FA3768A8CA301B3A97E15B3970DAF8E21FC0AD	F3B802E73102E92572D6D796BF009925CC6ED0B520F8DA3ABDF4009C0402714A
C:\Windows\INF\net8187se64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4058 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D70CA5B2AEC8BE16D81CA7A0268D4475	1554CCB6562ED89C379A2928AB97C09A25A9DDCF	0D43758AEE17DE5DA45D322F17E5A498FFB04D03EAB6AB6093FAFCFC7884F2C6
C:\Windows\INF\net8192se64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8f88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	908A233C1229C1374EE0E46A93A55956	6A2B7FE025A24B994EEB73F5D9574FA1F74324FE	7C86BD57441998C8C94F1A2CB2B7C0DC56125C98E709728C5E2BAB4563E0FAF3
C:\Windows\INF\net8192su64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xbc10 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9C7FECB559374399AB040481EC2B822D	94932BAB066822F59CBA4B3B316676E445BA8C46	E590C0ED00D3C98954BE2849F5C780EDB229A642A564DF0FBEE48AECCE0F4806
C:\Windows\INF\net819xp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5900 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	75CBA829D6F852E636817B7555FE1506	FAB040F01A51EB8759C13992AA5994315D1BADAF	8F32A29A8EE304E239F976AB3E8DAE59DB6250748B936F4E117B7182516BF572
C:\Windows\INF\net9500-x64-n650f.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5f48 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BF24EEDF370E028CC7D1011E0C1EA587	199A26B06E4B688B683230D10F56B85AADAC6CE5	718AA677793397425CAC7489214898E320FA7A323DD2562860FC7177E8F8F64C
C:\Windows\INF\netathr10x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x16aa8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D6DBE4B331873E7D7215845C9AD4713E	814727F940BB339DCECA991D1EC4F817E29B060B	76542085EA8698EA5BCBB751BE48FC96A283210B252E6B5C3CD3B362501F0A15
C:\Windows\INF\netathrx.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2e6e8 "Signature", at 0x68 WinDirPath, LanguageID 809	B0CABC29C28A1438089C231BF2ECE7C6	65F3AD637529865EDDD0D802E79CF99661175464	11B2596B80F952D7F65DCC722098ECCA02D1D1FFD41113AEAABE5BBEBC3417B3
C:\Windows\INF\netax88179_178a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4470 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4B4317DB5F3CEE5ABE6C1B6BF496FB8D	40A7B510AE87FF71D7A642B53D92B10CF15E9F7C	D5EDDD542075EEDC13FCDE05084FB1BF845F688CBD89ADE4DE25607D69C8A306
C:\Windows\INF\netax88772.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4358 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	614A4DAB57164505497F5B810014995C	8A9B17D9BE7B3A13310F8C5DFC25F2795ACA33AA	C3773BD60810D8E796569D86EF1E3AD6ECB0E243AF7EEEC257688D4D756FD660
C:\Windows\INF\netbc63a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc618 "Signature", at 0x68 WinDirPath, LanguageID 809	B49B666BD837F598B8CDF0BA23A9B15E	6EA33780D2202944FF3A0863C8A334A4E02C6913	71F76F769E2863F0C14B25C0E1CE1B186EC35A8C6144ED6391A9A46F0F08720E
C:\Windows\INF\netbc64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6e50 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	AF48FEB7278A6B1A9A0FCB9531782293	E6EC80F0A7038E1F4E29DE538BD8C96904049236	7AEFA8E453D9BA8AF4DBE36FDEBDD38B76D46AA7456E28930C75E4CE120C0CC7
C:\Windows\INF\netbrdg.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1058 "Signature", at 0x68 WinDirPath, LanguageID 809	96B9567D941F27F90CB1937EFA921566	F9A2341163B910066C71932F82B9DF582F0A07E3	73F3D898D0A05EF38E7794F8C67DA98764850E21B551113D3FC45613104227D7
C:\Windows\INF\netbxnda.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x27528 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FC84977DF9E4750F269E4EFC1A2C7118	19CECBA21C82AE11795B0F4B930771A5B14FF47B	D579DE631273AAADDECE19773BD82622767383E75614C09310F94F8C49778EF4
C:\Windows\INF\nete1e3e.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9120 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	313D645249F7DBDD5975B4F6BACDB5A0	F647CF1986FED4377E8FE51E05B7D3C644D246CF	716634CAD9AA16B9A8EB45832EDBFC58B7B54E259B196B6465F4A1EC4AA30AC3
C:\Windows\INF\nete1g3e.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xab88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F3B8F23B68054308DA95B94DFED152CD	DD8196AE98CDB28992E5D538A5070D285FA72D60	BF7ADA8FAB7DB04B218DEE5A8D51AD48DE1C953D72925549D509F7C3228D197A
C:\Windows\INF\netefe3e.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd820 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	ECF53D89B6C3DF00296F9BF950483BA2	C7201302F309F360B86C7FB2CFC5CBD86BF98A65	45124DEB7815D535AF79B20E3668BEC774D50C1AD39AA1BEC5939F5C65BCE277
C:\Windows\INF\netelx.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5dfe0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F331E3CA30D0FFAAA80F98E95F5BB5B3	E6A032232D2683D2247721F18493B12BEFBE25D4	DCD60EC1C71435D52E0BC1A987E4216A08DEABA3496204E2D1BB969D15E22227
C:\Windows\INF\netg664.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4988 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5B841E2C380304FC5FEECC39BAF31A98	BD121D5E29A51F61F92EA793CE42519AE5948F2A	A0F52633B6204E94730F0919E3F6121FB299657A750132C9C65BD5D2A1840CB7
C:\Windows\INF\netimm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1028 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5CA60DD42D2746A5E874C07D3038DEFE	0FE4876895702A8973B17A83DF40E991CE5F342F	58FFDA3413B79685AE0EE4E9161D776712CCAEB953D8534B57C95BE173E2C6D2
C:\Windows\INF\netip6.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1718 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E7853C9CC8DA79CFD26084BF7049545F	267DE91D04B8F293D9BB88DF396F5891EFD81342	5407EF396DA6F5F1FED4578B844BA08799C049C75BD80F47847F54B46D6BFB6A
C:\Windows\INF\netirda.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x25e8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2895A6522BF92FABA2708A0C1E64556D	23D12C8864208A449AB84D3CEF43B420D6587787	C5EE6AA40171B66A0875E307CC52E0DF98F0B1EE3C921E8A39D5589DD009BC2B
C:\Windows\INF\netjme.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x47c0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B6F7EE649EF9E84901932F45EE467CCA	0CDF17340427474AAF9492DE2712C75458C1591F	4747BC15B6BE488039924AEC922CDA0D3D2796DA4BEA36A2F531C6B722BA74C8
C:\Windows\INF\netk57a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc088 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2825738C0B8EB49F319A98A6BF5547BA	866B7EEC55DC8B276E962B687811689002E4020B	9D44607668F5B8EEE2A9F30FC2EB9245C6BCB8B89498377E2A4A06B93B17208C
C:\Windows\INF\netl160a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2e78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	16C0FAFDB8D1751A0F10DDA7CF9D06F7	A5E18AF728DB120072A35B916618D0C3D63B1A62	17DEB9ABC4BEA536407ACD3E66549F910BAB519A8BEA160B706D8CBAA73E4CA4
C:\Windows\INF\netl1c63x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x20300 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	17A77579476EDD07ED752089C358D092	7D2925E52F61D89BACB34D008096CF9F525C6B26	C703CBEF754537C250C934D1B9C59C7FBA5464875B047DE187FD2FC399F2403A
C:\Windows\INF\netl1e64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4e68 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	ABF49EBD4AF5AE873F3C8804C7478526	96ACB51A3DDA0BB39DD04B1B69D6C0C6A9028057	3560A4BA823C2D646C6F5EC3967E5DFE950E7721AA4FDB8EFA3ACE8C44BDAD95
C:\Windows\INF\netl260a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x27e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	14BBAAD2AA4188C7AD5E0C0806487A18	A500039DC4EC82CB571ABF8376D8158B7A939313	5C0DD1B88D8BBC217EF32633D4E5BFD814B97A61D740D289B955E839D11D55A3
C:\Windows\INF\netlldp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfc0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	265307ED6680D3F7BF8600B27AD5687C	D905D228E97B7D30CED5525FDF63EE0CC785138E	6C0E2B037678DA797A0F378FFF5535F389FE1875C0EFC1456073C2366427D5E7
C:\Windows\INF\netloop.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1950 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	11D5B4DB3F29839D1575E12998DCD45E	201AE12CBC8BD339E95A30C80CDAFC152BDA69CA	FFDB1832237751FA2B394B491D9CFF68B80CEB45FF7C8E6F70F994591FD7F8FF
C:\Windows\INF\netmlx4eth63.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc290 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D2B583CADA6B487FD11734B05F137DE0	B837ABBBD3A87E516A13B8102E7101B25BED79D3	77F1BF22F8D757F3994447C924F11D46F24B54613D56DD81FAFD73BCA77FE014
C:\Windows\INF\netmlx5.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10f90 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	420A5C4549200B3720934556466FB41E	BE888CD5166019F991A9C58C9D4F68A7ECBDAC2E	76E01D359CCF04EE6992E0B4948C0B7D1133A3513BD44F41B8D97A88D0D5B500
C:\Windows\INF\netmscli.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B680F833751F82AA6F9ADC40D6E9D739	31BC035244F65780BCB269D6AE81EFB9536EDB69	1CC2CA29D90D7E7C4705C75DC8D0A93E342185E721BC508BC342C55A83C469FD
C:\Windows\INF\netmyk64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x20c40 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3496B179C124DF70660B14C66FDAD296	F3EFB138419242E1B1BD4821E41A1AEF0350237C	C019BD99A23DE02D0E80B2CA1A62BE6D2BD26453FF3DB827C239B9C2DC3509E1
C:\Windows\INF\netnb.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf50 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	EFC30A3169914D1F7BD7F8651D50F125	774D92AA0014F79D8A0E9C1EF486FE48290C078F	E9288AEC068860E4DEC0F4E75D5256815C4D2B6E892936975806BF211496E7BB
C:\Windows\INF\netnvm64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6ac8 "Class", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	88E2C87DBF5C68222AD832835BE5E31E	BC14C1D48B4F358BF55232B0F0BDA12522AC19E7	F45E5F47B302BDE6DBCC64115ACD16B995599FF31D8B5B7BF9B34E6E005D907B
C:\Windows\INF\netnvma.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4bf8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	91796BE51D4A7093F3342A6528C23C42	E2D4E1BF7CB3C9D9AC61D0F3E67F8A897D23DF7B	90D45D141BAFB2740769C49BDF8D634905EFD46E5DDCF1B6A4060CB0DDC7F3F8
C:\Windows\INF\netnwifi.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1160 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C29DB500505BF8262481D0EA4BE4E329	D4F91CD442C8D3CD9F81C2EB16A4596E87C69A5A	C9F2EDC4B722729D4B3D69B6C8174B577A9AEA7EC0718B3E7C2956AA03E378D8
C:\Windows\INF\netpacer.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1528 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	32BAD953A61B72A75087DD70BBD3624A	4664B712E64E325EFA7E910F89408A7964E359FB	BF79449DCC12881D5EA0B63C1D2CA4664C2F1F0C3C27122214C869C880C6012D
C:\Windows\INF\netpgm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1ff0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	30633E7F6121D159021E948E59D25980	CFCFE4ACF2B7B171140948FD090EF2E0AEF114B5	E424C9C2EFF7B2F23242DEF575D5F552F1A55081F51370D352C6C4190A71295E
C:\Windows\INF\netr28ux.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x28fb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8EFE5C9CD1448711CC3842934E9740C7	043B3E511878948C5547BDE96E84F282F3EB5C03	A68AF79FB9188DFC5FCEDA96EA3533E507401EB70B732FC574301BEC30AD6540
C:\Windows\INF\netr28x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1d828 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D8B4895A537B882BC4E30CE4ED2A127F	2F871E767A68E0D5665988617701037600DA497C	E760A613787B6212273D4E6672E6E59C945C649708EC212165969AA25DEAE482
C:\Windows\INF\netr7364.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xa820 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	67FC48B3B35C16CAE0C5BD1A945A5667	864E32B406A3FA2FBB140F71D97669CB27544AB0	6721B901265D78676AF3040E0F7E21DD08CB167C2C2F6901D07504430684EACD
C:\Windows\INF\netrass.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7F8529E296CED7874E774E2E0328D278	26F8683E95F23070F4930B0209EB04EAAEE7136E	E0916599D77BA94189A0FD70649EADE2B88D26226D82744E5C07FFBA33820DE6
C:\Windows\INF\netrast.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1cf8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2DD4673A26AC148E5E69B3DBAF6E4CA7	8AF11D9216B9AD37F6EE384404BE6BA5DEE3B0EE	6D0AA3AB07B9347E8C7347E1FDEEAA532C5D0749E51F7FBCBE2BA2222766A455
C:\Windows\INF\netrndis.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1A5FC1656083CE8AAB9FB80DDB8158F1	F4876FC48E0872E6E20C80428866B6D9F83B179A	FF572E9275279652E4E00BD0E97FFDFCEEEBAD60108A20C61B6E8914FBCD29A0
C:\Windows\INF\netrtl64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x76a8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7211C1FADCA4BE5FB0244FE653016F65	AF8635B049DCC3E22F1F414893537F5AF652BAF8	04347C28C64BFFC5C833F730B6D2330B02CF8819C15F82373E463A8F1ED9D92D
C:\Windows\INF\netrtwlane.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc8b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2FE8EDA53346DF22260F26F0ADFC7372	D13FE0EA541AC68BD04F258FFD3FD8C4FE9021DA	F22FCCF05F9F7D105447C83CF55DC4A295CE4989CE79D2FF7106E27B9E9D3945
C:\Windows\INF\netrtwlane01.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xeff0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	497B8F8E559E659BD3E75AEF1DD0784C	63E0F691030C52ADEAC4DD98D10EE5B9C2B46D8F	46F82AAE27465A231A2F33EDB3C672652D0EF2D1D34FDAB4E0E432FB38584B2E
C:\Windows\INF\netrtwlane_13.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc078 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B37773582DC0E24F3BC787F6EBFE738F	7C5860476C80EAB4CB16970B9CB79C803E5D96D9	463B344521E9AD563E477D0C113963802526B52BE55683C1C79A22A9F68152F8
C:\Windows\INF\netrtwlans.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7668 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	328DC4470272D9C6DB6E13822872478D	6BDCAA1557FE09B902BE09EE56282C1522BDC432	02CA59D945349EFB269589A5AFB6F156D7C5080EB03758547B8A9EFAFB54074F
C:\Windows\INF\netrtwlanu.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1cab8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	637B182DA09F144052E661EAF7FEAEEE	0F6025344243CC56BB348D02BA4577953D79C3F4	55311E14D57623F964F4CB29E1AC6EA0088F8CCE4D048574E313EE4B5B2F294D
C:\Windows\INF\netserv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfe8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	68797EF7E3C8C2064116131728092FF6	2A5C145B4120C55A65342DFBE734A9EB984BAF70	C06B129BB0DCAD224D6FA2EEA2C390487D3BD22E1C1B7B48040A03E40CB6A4C3
C:\Windows\INF\nett4x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x69b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	82A2F55268622BEA764C50723B41BE4C	C130DA709BA423F18F1F65D596B35A52258FC40C	383D61FB07D5B34ED6ACAB53340983F018DD97E2B2F4F07BBC70D343CD088598
C:\Windows\INF\nettcpip.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1e48 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3AC930F22C69FE62F452C48D1D57D270	85232A05B7BA5995BC188E624CF9DFAD8BBAAA57	B0527747B6DE88AC391624C1573FB81836C2CA191FD56E0186F76FB0925FBD00
C:\Windows\INF\netv1x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x36d0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0F99C25ED172DCEC21C8ADD1EAA4C3A9	063A6913669DF9F35B9222093EEF09793A46DAD2	D6487E6DFBD24F35FD4404EA55E6A93EE0C4FE311E853B4B5529E64D02159933
C:\Windows\INF\netvchannel.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	392183C0CCF136CECFEF5A1B955242C9	1A7E3D9E7EBA9BF2C46F6813DB557F739A9B07B0	0DFC8EE7053F09CDE1B247814A9B9CDA391FB603EEB8518D1B29CD2E160A0461
C:\Windows\INF\netvf63a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe6f0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	39A3C6E215AF8D3DF0DA1559D2FEF7EB	84346EC965F6D3F3C9CD41AEA86BF2CEEAAE92BD	EA2E96072B2C2AE4FA1BE4C4513C46FCA57C0F1D58C9F5F7DF39D96AD6FFEE37
C:\Windows\INF\netvg63a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3bf8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BAF211665B5A8577B7B346C65E3B819A	7339141E1B8339FA33F27533F16AADDD58A41B97	2488FDCDFBCCAE9E3EC92133F8219C17FFFD36C06595EC1E114F4291FAE9AA6E
C:\Windows\INF\netvwifibus.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x14f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	948C4C128CECE5B82F444AE805B5FDE5	9CF68ECA34ADFAFE0B3C2CD3E210ADEDE5BD798E	9839971E7827FBD60A69DB0955D23C8CCEAC4097DD1EE685BF055E3A09633CF7
C:\Windows\INF\netvwififlt.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1158 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FB9F3D865A541D1A3DEE4BE701B324DC	D8BE35F2B623798E742CC235B4130AB0086FC904	61427EC8D6F632A530301B82C1ED82B5661ED8CDE99091A031E5952B503BC041
C:\Windows\INF\netvwifimp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1bf0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A5B4491D0C3445A35C104BD2732C6F7C	218FC8C2120224FFC6AA15C08EBA6FEF83CBE226	4380E6A86C774DCD98EA655AB64D7A47941362E8F58DB60258B7CEBCBED5A48A
C:\Windows\INF\netvwwanmp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4B3E5ED6E95F02DE44C4507A3B6BE8DE	D34184B6B0E5AB4D18BF67E8D013303D4D112E0A	E17CC87B9E8BA732C58CE5588F3E7E2C8029F30DAC2AF610D61E89A0A69BA36D
C:\Windows\INF\netwbw02.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x18dc8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DAA191CB5274B30CAE11CB293927D808	F98526AC94A56585812E736D93554A986EF79FC2	F81DE05676166A54DE9D36C1F96D1B33B32DE3421154C83E80463ECB177A0989
C:\Windows\INF\netwew00.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x98b8 "Signature", at 0x68 WinDirPath, LanguageID 809	4F7A5A8E5BF289C70DC651CD97629629	F19CCEC0C255558AAFE8001C5F07223C7CCDA3B0	6A34ED3D6054FCE4BD0AF65FB463DE9ABF31521C3D1D064C6A1BAF752C26FBC3
C:\Windows\INF\netwew01.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf730 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3FCF29D9B3305A810E7CFC1143C6B91E	A3DBDE54753C170463D4143B8684E70EC6E4784B	2A656652080923EF73B180D671B1914BC747B099F7BBA8733C27AAAC3B346E8F
C:\Windows\INF\netwlv64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x29320 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F76026CB66C48B5369367B494823AC53	254F2FB016BB7E60083E8BB9027492E392D57AE8	DA2CF3993F6299FF6DA4A0B1934115CB9CA253AF129C506C67A7E164E279174B
C:\Windows\INF\netwmbclass.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1c60 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2DD667EB3DE45A03626BAAD6E7BE509A	E82CF3CD05CFB0643C5957A02D8A820B3F44733F	31ECDDE813381F09048FE1CF6FAE995BBA16981AD2FA20E1945E10F52FAF9015
C:\Windows\INF\netwns64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12018 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	71EB9684245E8177343BA617B5933CDC	C8CC7E82484E48BEEC949563B1F1CB3013D059DC	10C4EBBF466DA458DA5E258D5382E6F1B0CE8EB4204A638A644E22E8F7CC7AC7
C:\Windows\INF\netwsw00.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10c10 "Signature", at 0x68 WinDirPath, LanguageID 809	93713B7463FC2062BA2E46DE8D8DDD21	32C1DEF36026D5081172E12DA732E9E2863CFE62	7B71C84CDFB3438C9FA5FEF08497734A7B359017C41EC0C464EE10A74B6117BD
C:\Windows\INF\netwtw02.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2d860 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4C207B7E23AF77E14A3DA5818E575AB7	9FE4CB5F80C6D84F9D745CF8B33E2DC1866494B1	67F243C2FD212E360B09178C476893B780F0A461A2D94DDAAAF2DD5557FCA387
C:\Windows\INF\netwtw04.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x188c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A45F0E4E85E775E11E72A511329B2E47	E1E2CF12E153EC2A21747268694830494CFBD97B	7A182C4837F74BE85EC581EFF6A5889EF33F3B6770EAEB33D735B0AF8FFE62CE
C:\Windows\INF\netwtw06.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12d70 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7063EC13C6AA49401DBAF05F83032A31	A7C6FA0AA01EA2E050C39495956535417EDD0C1E	B47B309FECFB649F626BFF687842EE63157E18DA51A8E9B4FE5BE91A1020420E
C:\Windows\INF\netwtw08.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b7c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	958B13356CFAE4931FEBCC68EE68C02C	24A3743A23666CAAD7E7CBD0C7E91DD5DFA51678	21BC48055697D6321984A0734AA779D4A888AD614AB5BB1043B63EE44B4001F3
C:\Windows\INF\netxex64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5b28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	898A35F7E51EB97E506CEEDA377C1174	7D3F253F4DD887319C69AF40545EC7A330CC43FD	7E5D85DC6852FA9F13862995881C50DF8B00AB858CCC22D7E76CC9F3573B1F2E
C:\Windows\INF\ntprint.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2038 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	54B74DE4F815C30EA3554D4F55307A9A	00A43BAC0360F5BF3EE6844CF620DF1D1FA412A1	EFFE90141BFE062559D151932ECF9FBCF89A1EC83C5E1286CDEBC6BABF05ACE6
C:\Windows\INF\ntprint4.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1330 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A50F55AC8B4260041D083139CD7F834E	634CBF290D7F19726C7630FE042B33EF6ECE6452	802A82343D936DB088D913993731F85D066056EFC8BF8E0473E242E0E826D5B5
C:\Windows\INF\nulhpopr.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x69d0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	11EB286AFD87251951913DF16C5A5FA6	F1032CCE75F407722025757EADFEAF60F6E570A0	790C6275BB87E1FF7F56AC989D45A1946DB4B27E77DDDF71B0B0FF3BDBCFB9E5
C:\Windows\INF\nulhprs8.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	93A935685A0A30E4A94DBD932D58701A	772EB81B4F773A2EC381F8742CF479977E9FE9A8	2024CBCF7D03EC6DB884B92108E27346947D975913F08CB394A9E0420BE92DD5
C:\Windows\INF\nvraid.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2e28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DC10A1DDC60832B64CBADC919DF378B0	9260F893B81DC967A11B42DD580B01B33CA9125E	75807EEA9BFFFB9C6458A0A8890EBFB056E3271E5CFE4DDB3A2B993052166FCB
C:\Windows\INF\oem0.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1158 "Signature", at 0x68 WinDirPath, LanguageID 809	0F4B7C3E2EF0D696CC06AD4737500805	6DC3AB6C5EE3A4CE5158D19294A429D90F4AB5F9	D12A2F4AF662DFC77A2B96C85F75B80547CD14C397C9B1D7CAB3B8E39389E762
C:\Windows\INF\oem1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1100 "Signature", at 0x68 WinDirPath, LanguageID 809	E80CC3CBB661DDDBC3A80AADBA953800	7A1A1302E9BD266569A96C085F3A1B7A982B2979	A845324624DE824B205FCA12190D454851B08B23015AB94C1B5BC835970DF112
C:\Windows\INF\oem3.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1210 "Signature", at 0x68 WinDirPath, LanguageID 809	FA72706D8E16BA2DA40E9976349D4A82	1C850DFBE9C2D62C321D6C310E6F2B6AF804DC1E	3EE455F6E454D3D522A8A385F0840C1248E13348C2B47B09C6044907B0F116FF
C:\Windows\INF\oposdrv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x17e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E6A2EE434A1A1BFC19BF4093843F593E	DA7B58B9ECDC33636350AB89BF521E22308192D4	7A0216C1643085CE034DDEC3109C6DBF69CE6E2C8D0478F95F398A0F4B8D8921
C:\Windows\INF\pcmcia.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf368 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9C475C39E55F3E0A2919A0C77A0A4997	F0DFDF7F2D34ADC25BBE63235865401EAD3FF001	9242B6076E90EC2D1E7E073CFF878C7243AEB5E7A57D7ADA8BD95E1C302DAA77
C:\Windows\INF\percsas2i.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4ae8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	CF9EB760D7EF16BF48B8E5776F463A41	1763C1B0E3146436D96C48646E1BA92B2B00FB12	C51B028752AE2463751880233781FDD9738D0651E71FB3A65ABA14063F4F71F6
C:\Windows\INF\percsas3i.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3088 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D750528F4B8AEF8C22E9CACAD02FF549	710C6419E560FC2CD5F71CFE653E3401971EC99D	5A0B4F62A2D8F6C58C683B7AE8AEDEFE61DDE30C77507B2EEF246091CE525BDF
C:\Windows\INF\pnpxinternetgatewaydevices.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12f0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	36ADD4913743C123BF49371C7579D0FB	C08472F5197DE9BBBD8EA65D3875BEF609D048FD	23AE05CFFCDB6953BAB7199C43EB2148C9CD9F43D8CEFB861CEC22C938B23546
C:\Windows\INF\prnge001.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1990 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6427344D940C791D82EAED2F9335A5D7	CC4089CBCC5FCC1027E6A3766A2182EBBDB91A28	2F9911CF9397FFF844047FBC61F549D8FBFD39FAC20A6F379EBD007A8770E7A0
C:\Windows\INF\prnms002.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1370 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E794CBB0E0E037C12E2024E9EF420B9E	124D60CA470F257CD7D0A421FF2613CE29D71484	4498A68F6E6B7C465A07C1F0E726B148E243DBD7119A3A5AFEAF8B18CC76E909
C:\Windows\INF\prnms003.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x13d0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	20DC22403835CF57995A2489B998E61A	C534ED8C03CC15706E1DAA487422365B9E941ED5	2DAC45E22A555ABF112BA2DFF56F29F5A3191BC3B3980654A34E2032E234C252
C:\Windows\INF\prnms004.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11f0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7771B7A43405D6C86721F9A108F71D6B	8756332F29C1578BF0DD7AAB45CC0E973633C9A1	E4E7A10B2F8924F80B96DE7938A87A9450C70CE7C64AB2ABF0504A87188117B6
C:\Windows\INF\prnms005.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1948 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	212F5B7F7F931BE3F4B639359D46FDAC	67AA077F8DE722B10A9CDD4BEF28DDB8B1C76B58	78E00C5BAF9117958FEC8DF8555FF5B621E8004A593C9B53838C7E0C6F63FD4F
C:\Windows\INF\prnms007.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1690 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	02F4E422119175BCD9086EA0DF5EFC12	93A909E8A2CF6779D907530B4B5D52501733C95D	9D8F4ECB3A43F723F5E57F2290ED396926CF453AD427D11806F010F30E3507B9
C:\Windows\INF\prnms008.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11e8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F3795D99B4317E77F161A81DC20C93AA	5451F990D17EC4D476C990B3ADDDA676A52928A6	88046567F935CEC11930AC4873B7FC47EC55BBD1E399BB6E56842BF88AB16B08
C:\Windows\INF\prnms010.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1298 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9F601BCDE25AF0C5FEAAB9B4D521E1EB	CCB155E959EC28126F8E5069F5374093369CE12A	71D71ACFC430C7624B58DDF1CA61687B96C099EE5D15E5D60F3853451146BAB0
C:\Windows\INF\prnms011.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1220 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5974A86FBEED1B603CEB1847C0FB4D02	80790AE76D87D72C0B731BD004DCFA702D948074	1C0B2F1DDE30700EF8A1EFC5058DC062C6FEF43E4DBD2EFC7790915AFFB2C298
C:\Windows\INF\prnms012.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BD744067962BED5215FC43CE0EAE020A	21644BFF3EB12E519239C690141E856347BD5A59	CCBF645689165F3B0E701F5EDCC935F707912BEAF93EC670EBBEF8A8D99339BF
C:\Windows\INF\prnms013.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1028 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	ACB94CEAA8215A8337F9BEF4D7992532	D2CAA3E9859EC9AA072B0AA26397005C28523192	CFEB299A1DB5615D77D23CD516DB47F869F8EEBFBA1AA77222FC449718E0EFBD
C:\Windows\INF\prnms014.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1250 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9DBA1C8D82D58D7C7657C8FE0C9D0F30	EA3097DABAD59A21CE14C0370963170E03349683	61562B3A5F1EE31313FD2B64E59AB239E3597ED4833CEF46EB0CDF916B214371
C:\Windows\INF\qd3x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2760 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	90A1FC8422660356B3C38B0685B53723	A0D5A43DE49099DCC5282E4F6FE0150ACF1844BD	7D2B595C72709B406685143FD0D9866CE4A079BFC1E5BD9D5D2DF4375938B250
C:\Windows\INF\rawsilo.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x17a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F0F6F268E11B26D94917CB824167E205	3696615963C414A11BD45297052EEEB1423BEA91	49206C0CED03716269498497EF7A7E950887060C00AA818D892351671F47B2B5
C:\Windows\INF\rdcameradriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2678 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E443ADE25E4C5297A4A32B5172F8241D	A995AC8FC01B573383F283402184C225842D3634	1DAB5D526B7A81237F747F2ABB104FF46E8B1A48F0EE5941D0EEEE39E6C0A693
C:\Windows\INF\rdlsbuscbs.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xec8 "Signature", at 0x68 WinDirPath, LanguageID 809	89933926165972E876FFFC7206FC8526	504A377261CCAB1508EFC97A611DF5F7E0DE2332	8DC5EFEA52584523CB3A3A999A438286990B31E50861780EC0D4E69311A8C0A8
C:\Windows\INF\rdpidd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x23b0 "Signature", at 0x68 WinDirPath, LanguageID 809	5A3FCB27E3969B86A2D22D9C0C9C8944	B9C42539B82247C409361673D1F3585BF05D8BB7	0E217F1AE08A0C8077A3F9C0D36B1BD7113B1354B19614224C354D176C3C9F96
C:\Windows\INF\rdvgwddmdx11.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5620 "Signature", at 0x68 WinDirPath, LanguageID 809	1AA287B88333A647A6049E5277C7F455	2629B219E6A355940E248863B940CA75A4C7BE97	EDB74797E6A9C3388A48BC5470D2BBEC8FB5EFD79D710B54F183408F7CD7202E
C:\Windows\INF\remoteposdrv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x18f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	363CD7FED48FD42DDEF0AC8C83D3CB17	675435D3FF69A2F3685DF31DA112C5EFFF5B1EE4	15FBC4523052185C3035E219F050504D5F9A27544F95E03CA53380A0A362C1F0
C:\Windows\INF\rndiscmp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3436703782CD44DA066AAEF680A0C448	D4111CD1B741FA935F01B2F9D7C32246E1EF1C66	69C71C6BFAD897FE94FAB3960A1C9D4E4630854441C69F3876A416394E7FC1E0
C:\Windows\INF\rspndr.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xed0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A9B7DF9EABB4D171F1B998D344EACEB4	3DF2B730F2157314BCA9D570A4EE446695CC9AFF	C20EEE197E3BFE2E70B2838E3BAEE6C6BAD9CF7A2D4CF27820A52C0496D64BE7
C:\Windows\INF\rt640x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x13948 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DBAAB261698AC436F8785AFD11125779	7D651957F53135DDCF957C430630DD8A14A802CE	CD6229F661C7203A259FA5F3AA16FAB00CFF7F3C3578B59A148A810E108EF297
C:\Windows\INF\rtux64w10.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8f48 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	430F79D35CD36DAB31CD693BC7653F84	A18E9D823800E8DA3BBB210338326AA6EE185A52	F4AD085B06FC188445263FB820F1C1BBE5E2CB203397E0219759B5AD5445D27C
C:\Windows\INF\rtvdevx64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1178 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6C264E3A5A63F3EAA36804F5599CFAF5	C1B6FFEFBF7E3659CB3C1BA228DAEE8E10310102	BC52EB76632F789553FD766AC421160625749C73DF8D57DECD636BD3447F8B24
C:\Windows\INF\rtwlanu_oldIC.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x131c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B1539CDF31B9130EC2F9AB9101A9E545	5A52FDF1F3565888AF9C72B172C121FBCC5A66BA	1DFBB80021B94F0C66BCEC05F0E1BD6152DDC6458FE489ADCF23EF121BE0BE67
C:\Windows\INF\scmvolume.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	675632C3D7FA8FAB77984EC51B5522CF	EDA7AE78681893D8578D5E20709E45E50357218E	BC6C5645B3F8F0A759107546591B463FFFA6B52E3D5BEEBD80DBC579EA508624
C:\Windows\INF\scrawpdo.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe40 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3D911C943E2A792DE3DAE444ADDCE30D	CE2B60DD4A51CF1E0CD891600D7F246916C4515E	D1EDD1F7AD718F03B66E3DAACA370235C12302B557061BF8A666B4E9336252D7
C:\Windows\INF\scsidev.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf310 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8F8F17C45353783FD22BF5BFF5E563BA	839DFF67FD58D51C9AE9D7FD1CCC134D6C692F97	F9F9574883EF2A68CECE79FB9F6FA4ED2BBA5A07D5FB49A62A27BC24E1F2FCA3
C:\Windows\INF\scunknown.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xee0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0FBDAC65D7EC84325B5F70CD6C9CB2AB	EEEA425B8D19FA34B37A8816923F0AC75453F03E	6B65649AB019E54B4CB5E71EC3F0F1BEA546C8E20F27283695E25F18C3F3F524
C:\Windows\INF\sdbus.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7c18 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6D0C86D422842823F769C51BC90C4459	F5644A23C4574695F84E089A60B033AE4EDEFF88	7647AEA41B6D0668BDB2B21A58ACD8BFA1E721BF8AFA9CADDA07C06A2FD650C7
C:\Windows\INF\sensorsalsdriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2338 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	82148A1881C381C26C64E8BDADD5F22B	CF41AC8F56E0AB5D4A66F83718A07D12060D733A	27C359AB4243BF588749F7BAC7CA582B2A5412833D6E195631750ABFE00D4604
C:\Windows\INF\sensorsservicedriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1d20 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C8BCDE54DD996B626004F8C12139A4F0	08835D26D8AF287D1A6548B26C1F851296FA4225	3EA2885D0857F4252D1D25C10CF15D92C03C4A81A592162A8E40F41B8E4E4806
C:\Windows\INF\setupapi.app.log	Generic INItialization configuration [BeginLog]	97D925CCF8B640605120FE5579D59ECA	763149FE3AA54F414658044FF0A8B10F9F45531D	056A181475E949C76986EAAD986CE792FFD8E41331CC1C16DBF34A4D78ECD0C2
C:\Windows\INF\setupapi.dev.log	Generic INItialization configuration [BeginLog]	15EA421EC7B311CA5E2166891A9B7E3D	5528ED85B59F46FE7161BC521B7F4A06AFC5477F	EF08B843E0847F146DA0318A8A79ECDB9AEF9CC3ADE7E96A0E307969763AFAE6
C:\Windows\INF\sisraid2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a78 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8CA0FE0C1ABECE50F938B1B88ED3BDD4	E69A298EF07CA246233D50B767CCABB20CC18CEA	6D7289F83D844DE0A64572BAC12F88E4CCF8216F839926F2FDF92789D9004DE9
C:\Windows\INF\sisraid4.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x17c0 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0BC70A867825C7124DC8B89050BE1847	3EC3515DE57AFE301BA0862F42AE255551B5CBA5	1D422F8720FC2F2B0A52605896213012D479A0AFD13CE7C27DFEFF0A9EC4CF42
C:\Windows\INF\smrdisk.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe00 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2E026077AB9DAC39A65FEE9A9A71AFE3	EDAF4AEE7830B8BE580A85435828FA11628C2C09	E4C59DEDF2A425DC923EA5BF472B321D8AEFE75FB8E6B7237A2933158DCEE508
C:\Windows\INF\smrvolume.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	78D3A5BCC1741076DB6FA2AEE9A71666	DAB002AF492E3D45C8E44597EA3C98BCBDA136EC	08C05848BC2E56FEA8B9DD62D1B1F323BF134AC15E76F8B324114945ED15D1B6
C:\Windows\INF\stexstor.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3158 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	AF8B80CAEE82428A2AEBEE3B9B83FB2C	777217C6B55EC33121978F0B3DD3CD4DBE12369E	7781D64F793AA87620E604293B060ECA5F989460291F76604057354552C6A3B9
C:\Windows\INF\sti.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x32d8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F540B9FB85F7D37B1A81BC4BEB90AD22	D81BA54ED038DF4BFD15430CAC2E591F8A2E8AAD	C0F53B12D344788D9CCA5B9FA4B6174C4E4EA696F712D046BA839CB96AEA60EA
C:\Windows\INF\storfwupdate.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x16c0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A57F85B33726FAFAD689982F85C1B2EA	0D39552C16FC48C8796D0C8F0A8B39515D7A4C50	4031646D2A7D72F89ED50056CE56A145AF7E6599F0535E503DEE6E600E17616A
C:\Windows\INF\tape.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfd88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C93CF8A132FA19CCB7E6E6D2A6F475E3	DF311B9FB4D8D8719435C5A1F19B049286142692	71202FFD3F0B1B6A6FD1F7038929A01C1EB9D33D9D46AA294C3BCF49C019E7AA
C:\Windows\INF\termkbd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1550 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E723D913CD65A667DF698D4328BC14E3	8A4C4A66E7E3F4036174C51F661D1C9B91088A88	0FC4488834A2948D8BDDC88AD80EE85404A511196426E242962BDCA434C4F703
C:\Windows\INF\tpmvsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1e78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4CAC3B4687E1F4B9CDF571C7655C4C25	4A878A2193D5FA64B1715AE0B5289B5CCECD8337	836A78A403FC83181B76764B8E9386F2253F0D43A94606A878A480B904915A3D
C:\Windows\INF\transfercable.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x14b8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E1FB4FF585F6CE455BE814AC98106C5A	64D33A9E7AF3079953FE8AF2EC36DC374A11087B	200EBC5B6A8652BFD6D2B04CEFDABDA8BA650EE13FC0DDFEED5FCC11B502D83F
C:\Windows\INF\ts_generic.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a80 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	70F848D6DF579A0CBAB4F267EA178749	16295E98614C37C6F3F3A44B7A894D10219F2A71	D5FFA5ED189AA80AE2EC72A80F842EA7E4368E1A3C92D942C1BCCBEB96FEC786
C:\Windows\INF\ts_wpdmtp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2260 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F717C9B4463326CE2E7457374298C0E7	E6A77AD63A0FF689772B7ED4BD0110DEDB6D6EAF	A2484A43B07ABE721FF638112CBA68FA41430273B10F3151DC9E09EDF4E4E642
C:\Windows\INF\tsprint.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1298 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	22275BD5EBAD5CB84888E2F6524C843D	83F735A94DFCA18AC84215A46FB03C67AD3DC110	BD59ECAC2D1E82F386591B828A25AC93BF8573565629AEE0DF5FD9CB6B9401A6
C:\Windows\INF\tsusbhubfilter.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xee0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	337B10BBF14C6EDE6BB75C9550D723A9	0A9D33278AFD8BD07F3E68A30E9BEBAA38A6412C	C85D5A6650F52FC7682349E0B3D9835423E3E0A62837C8FB961E051774A62D7B
C:\Windows\INF\uicciso.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1EF03E29745D3B5AB0A3B0590A6610EB	F297A9916A4D0964AC7AC012FD8EB2D7E816953C	A2583D42C740E335535BF9D95F5E21403E1721ACDFB745675F6E842EBF0A2EE5
C:\Windows\INF\uiccspb.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1658 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4ED4E512B576FAAB8F45CE8C7A3B5BAF	05D123A2AB7B89E5A988EFB3709BDF3D642C687B	FD43DEB57999067CFBE30407EF367A13E36C7F9A027DA21A03F65AFBAB8F4D82
C:\Windows\INF\unknown.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf18 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6C4B9DE3C0B36E5A0F37FE5809B9E228	1AF34EA4108EEE6084F556972AD210D40437BC52	C461EB58D825BA9C185AE12D71307C58B19B5AE3F63FB6E80C76E8A794ECE242
C:\Windows\INF\usbncm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a00 "Signature", at 0x68 WinDirPath, LanguageID 809	F0B6F0CC511C240A8D1F020A3B4E3BAF	0FF4560699752B6035FD9F903BEAACCE00F8BA3E	F45C8863CDC9045CE9FAE1D24E0EF15720EF0C9A1C30659E0BAB605C9298C3A8
C:\Windows\INF\usbnet.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2fa8 "Signature", at 0x68 WinDirPath, LanguageID 809	4F295F4109110AD15810F2B18C8E38CD	A1418A32DFE1F73C0911F0D208341C2C55D169AD	A17C509903B6750F45CF47DD88A13A29E60E647DFF754C3D78C33F5892E38A80
C:\Windows\INF\usbvideo.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5338 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A3720C1B071CAC7A024F3C43747AC68D	61036D92F512287E0503081AA3E8521D726A08A1	2A198530CDE195AA5B3216076D3292E5DF36E64DB5AE3050426FA1B1AA5FE100
C:\Windows\INF\v_mscdsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a30 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5F8A8E79D799C48CA46932B94F6261D4	0ED5231424F61093C9B526426FBA0DB178C4F275	D5C0D30732466A9D9B6E98C0EE818DEE506015C883C6C26CD1DFB2D84B9B17D3
C:\Windows\INF\vca.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x19f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8B60D0F1E6D856683B5DA5A8807749DD	85FA2FD96338284FA924BBF2331E9E42D0263318	A45D9066DFF81AE6B96EC8F8EDA7FC607F835FE1017F37A4C3B854163FB07709
C:\Windows\INF\virtualdisplayadapter.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1328 "Signature", at 0x68 WinDirPath, LanguageID 809	498F4990E3313B96C3CFBF24028D6010	E1B22DEDD99DBDD85B9D19B77572160B16689039	D7668B8C3E7E5650968307F98AC6B6FC10BEDB503D980F33CC7AFF255BEDEB1A
C:\Windows\INF\volsnap.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1008 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6254A6CA502D6404502A221A7D2E5552	278AB01BABF8AB3C5D68B5B3A05883ABDDA5AF5B	8C5A37D53A21D9B027A76E60E11C6000D43D9982A06BA4BD1F28900B85D7D326
C:\Windows\INF\vrd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1898 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E38C4CB0AB8D797FAC4374E3D1539995	F51D928EE6EF972C6E3217A4B5F74B7E4E9D44CA	F342A7CA9DE3BE8F09D875D1414ABDBD2ED2CDB8BDE812CF6FCF7E2FAA3877B8
C:\Windows\INF\vsmraid.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1cc0 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	09AD63AE2930AEA4CD6C485F5E7E91CD	925F7ABE61EF951081E1C7B370DEA9963C6E4F6D	C799EDDDCB46322A886ED4CD7807896B1137896D5F84B8B5CABE2848D9893E10
C:\Windows\INF\wave.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1ae8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D6342B7A9E1F718DE8B55ECB35C3214D	A54B74A5AF972630C9D26252CF019C4F836D11C8	51D4C01C38CD76BB8318D281F5A5D65C08321364AF726A919BE392FCB36BEE77
C:\Windows\INF\wceisvista.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf00 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F1F60C5C4D4986288849E98DB96211E2	B560B1F57C33F0C2874BD4CB0834F26A0C1047C3	A0DFB4BE01CEBEE622F6927CAEA110684198B990C2E3499D7175427AF139BB2A
C:\Windows\INF\wdmvsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D361C95612D094662D2904876853BD20	B19F900ECFB3219577BA06C647BEE972CD520B42	7419A0C0C48A1A2B68491E3A27D428B2BFA12B9C28A3E66566A04F726FA15051
C:\Windows\INF\wfcvsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x19e0 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5999E5DD3D87EB7933E338E9C7BF17AE	E059F76F95FB4CF11373E6CF0FC5A39BA908CB03	E95F662253F29AAC88F274D506ACD0DE4C8B18B97904E757A993DC2DF8707CCA
C:\Windows\INF\wfpcapture.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1338 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A926076232309B9B1F59E16416C4CFC3	E51D5BEF8C968DE7BBF8C1B48D81C64920D0344F	7186A71C46F18749EDEAC57851D6B47587D578E90527C4546BDB8A4B3FF98D69
C:\Windows\INF\whvcrash.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1308 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BA712A345A460FEE783F50FCF32C6737	28BCE9ACB60AE88CE48D7DD613ECC9A6273CF469	1418F6BD644237E125C1076AAA0B25DB5BC9F87169DCED2F7965BCD90FF565DB
C:\Windows\INF\whyperkbd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x13c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7D35E08B6B876AD5C606245DF7C09288	04690A647D4574AAE53F49079E01D9DFDE244CE5	D1E02BB53E422435DA184DA510A1E4C5E6B4B9DF56831FF331ED5866782D3972
C:\Windows\INF\wmbclass_wmc_union.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x21c0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B676CFF7B4E2BBF83680C597D64A4AFB	2CCF7CC3FE5CBD25F7D3A611040226A85773B6A0	EEF3967AC9956C7D42CBF10526BBACAE14D1B984CFEAC4BC46480709F303ECFF
C:\Windows\INF\wnetvsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5c08 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B61031DA6E5E2F22A0837939CA31F27B	82FBD2B31FC269A58A68A1913D39E6940E380402	E9F952935BD8961776701C10410D6C5AF38E2C5D6CF26DDF68BE47ACA5FCD527
C:\Windows\INF\wnetvsc_vfpp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x14d0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D6097A2212EF8E4B376D74B4DB49633B	A5282916FA52FA19EFAE2F81D1B0DD2D02D2DB10	BB81E9D348463C7CBB0941C68DCBA1C4A19AB6F4B3F99F9C75D55575130779D7
C:\Windows\INF\wpdcomp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x21a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	ABAB7BCD1AE2C9D2129FAEA4D8C31B7F	7A347471D95981433FAD57888C837BE414ED7FF1	42480816AC4F00FDDCBDC9CA2B22F375DC3AAD01860A21384A4607E4185A312E
C:\Windows\INF\wpdfs.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1ac8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	86DAEFA1A19CBF3E2C3FF1309A7EBB13	F55F446834FBEACDA2D4B264BDB34C70860ED593	63948B636232222F71E9894919BA2776C6827D645D0CF0466BCDE353BEFDD356
C:\Windows\INF\wpdmtp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x32e8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0EA73A132F41CA880B5D54B8B274B195	8B87B699619585857FAEF9C06ED83E9F4BD4E06B	24F5338009402C9ADDC50AADCBD3D61B4E0B1E10C443E4F0DAB980D00A3C8DD3
C:\Windows\INF\wpdmtphw.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	14EB616776407B255B0A713EC7AA4A91	1986BC37E6305211D24AC8F983D46D0D1C5E5953	3086B5AB83BB7DA61A431783378DC1063BCF8EA31FA20E432E1A510280AEDEE9
C:\Windows\INF\ws3cap.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1520 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	ABD8E4FF1957560FC1235D13D07F3E28	82213C807708845904D74A17FF9FD05BD5FEEBEE	B9F4DB58E6715501622E9E0B450192660ACEA20328715F0F4339CAFB02AFFA5E
C:\Windows\INF\wsdprint.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1798 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	87D57549E0DC5E37EB25FDC1B6913945	0067A84A7C0E9B64CF75EE3CEF3B12D6DF43569D	FAF14B6ADD81A70FE902099C7D3F7427197B59139E7385A356A2CD7F93AA3A37
C:\Windows\INF\wsdscdrv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1df0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4900CE92C9E3B01918ACC66494AC8C49	3769033FC1D8C6F3BE2893C0D3FB8F7C56EEC542	D1E34F42A7F264F0FC90C09FD6D468C89C1334B14A05322AA080F49D1CD2BDF8
C:\Windows\INF\wstorvsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1778 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BE4D690B862C81E5B36B40E1EB7D5B06	EEF623BB72E2FAB96D6C5304F7B91BE24E9D9B1E	AC1FED8771AD3736856AEBB45E7C34BCDBA8445717CE6202FACAC2FAD9949690
C:\Windows\INF\wsynth3dvsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x16e0 "Signature", at 0x68 WinDirPath, LanguageID 809	4530F04F39A6DDA94415910610F5BFC1	7619D9C7725B9ECA00DE02E080BA9D8BD484CDAC	1E370616E27D43DABDC3F6D0ADE052D462E73AA69F36D379D15BE2C821ECA1FB
C:\Windows\INF\wudfusbcciddriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x32c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	172F4DA325789EF385CBBCE191908DD3	ABB80C86D3470F73DDFB6B6C1C3D300AB8A79D4F	99F2681F7906D69F6732C3B196DA2CEDDFE8BB0E944A04BD262766DBB4162BA7
C:\Windows\INF\wvmbushid.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1500 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	43092BBE09E591AC4A6DD1705518AAFB	88E12F479441E4095B8FEDF5B1CA324B2F918501	CA1B07EC6ACF2A8ED4CABBE9FBF3D616B05D09CAAB28E11442B67382E02F623A
C:\Windows\INF\wvmbusvideo.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	98DB4C78EFCBDA854EB5A505149630C9	38EB97BA0D3A8B346E3E6044E679072ED2A3182E	D6C869491C06FE60A370BFEADDFDE2EB23B1D211E0CE805C73A04FA5C77F43A3
C:\Windows\INF\wvmic.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x18d8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	90551311637EFA899049B77987A431B3	FAE814FE67C66D908B1E4AE29A2FB14F319522FA	039A61ED40F808D36D30074AD6E81780CAD0B434D879E22D44C3922CD74435CF
C:\Windows\INF\wvmic_ext.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1668 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	45382BB1815594B08FFF427D3C608FAC	78B65EFE01927420D5E7868AEE8BE359B86145C7	496FE17B8D8511AF306DD4245B6F3FE7B2F24EF19EDD5148B4AF37650B7ABB01
C:\Windows\INF\wvmic_guestinterface.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x13f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F01ED9D2C37DCA2AC5C84711D7651560	D94794ACE1B5C90C5C08F7816FA35DE4B6CF80CA	E5A2197F7ACEA3CEBAC9D53598FFDFE4DBFA710D7F19B595FE4018094434781B
C:\Windows\INF\wvmic_heartbeat.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1358 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E0621DFDA3DF26C302775638E7FEA5C3	E683F95E397E30E872267D10408DDDF7BB873475	5250D378DCC7998B7EAEEE584A0FDD97B2EABB2B63DA722E71B8FB08DD23C906
C:\Windows\INF\wvmic_kvpexchange.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1398 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BEB8900FFA9ABC8C284531F7C253A16B	0B87182EA2900306C94E6AA7B09D46CE0C16D811	0D056E3F73DC14DBDBA4493D62D7D00539F12E2344601701B3195CC45F7A7414
C:\Windows\INF\wvmic_shutdown.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1360 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B1B07F1E56F9579AC6ADF95251CBA412	E5B1FCFF1E1170379B59697030DEB34EC2AABA4B	D47080B9486350D294AA81F50B44492E34DD86259A3293D76A6AF0A653FC2D2C
C:\Windows\INF\wvmic_timesync.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1378 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4458D1CD36E5BEC94C2ABB00EBC61F0E	693B571DDEB5BCA8D8BB2F1E157145CCDB3E48E5	5C4B1BFF3B023B5AA45E318F2EF975110271311EF56F84FA2F45575DDA9974DB
C:\Windows\INF\xboxgipsynthetic.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	B2B38F1B1F04F53297BE54F191934800	2513BDF8907DE38C18545CAFDB8364A2C48C2F3C	D70498A319AA5A40C2C57966339C59F014D9CD22285EE14590EE2B78A9EBBA16
C:\Windows\INF\xusb22.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b38 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BB7DCC0743059DA80CB16D62D3737C5C	EAC7C13B189E78F58EFF38673946D639976DF056	154BF30D05C3CB487D9AD4BD9632F6A7C43B71D33E3714E7FC86E05C4F2A6C90
C:\Windows\INF\ykinx64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x47d8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2CE24D4E5C41EDAB68E186197362283C	6095BFEA80D6A4DA931F31F26CFB49ECCB7E5075	549109BF8F138E55B8B1ABAD8A8B0151C0A328E0D6A2313084FA96111E11CBAD
C:\Windows\Installer\4b3415.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: x64;1033, Number of Pages: 200, Revision Number: {5D472A2C-CE80-443D-93F0-388510C2DB55}, Title: GlobalProtect64, Author: Palo Alto Networks, Comments: GlobalProtect 64bit, Number of Words: 2, Last Saved Time/Date: Fri Oct 11 08:10:43 2024, Last Printed: Fri Oct 11 08:10:43 2024	C06338506A75EA329E0C892AB255594B	C7CC6729C09B0486BA7171481BDB1B15B13D52CE	2EDAA177AC6D8E50464699E96C092E95ACD713B48006D0CEB0853366D93B7020
C:\Windows\Installer\MSI3D69.tmp	data	286831AA49DB22425F5663F717BD02F6	203A01E788FCB6F0C7CB1789822410310DC633EB	BC1E2B8678DB5BE27F5FE38C9BA33F1952AB6B39F3A795438ECCD7EC417F5380
C:\Windows\Installer\SourceHash{D6DDD103-F4D3-4123-A9A2-E61CFE9FBCD0}	Composite Document File V2 Document, Cannot read section info	B96ED4685EC7A60A71780EE2961B3914	4AA06A614C3934691E1F133AF75F84D345CA756F	645C06585FB6F2C97FAF6C8430A082522CD9A75BE78F7B33B95DCCAEB01204C7
C:\Windows\Installer\inprogressinstallinfo.ipi	Composite Document File V2 Document, Cannot read section info	7973C681CA1384DCF67D105FB30C06C1	EC36E6E0FBA5331754A9A2EB6AF9A33F6FEB46F7	5A2CA76C891246C190E35850B028066D38C5F97072D1AE83C6702A2C5FBCE7B6
C:\Windows\Installer\{D6DDD103-F4D3-4123-A9A2-E61CFE9FBCD0}\_76ABBD49E711C599777E87.exe	MS Windows icon resource - 5 icons, 13x256 with PNG image data, 256 x 0, 8-bit/color RGBA, non-interlaced, 18505 planes, 21060 bits/pixel, 96x96, 32 bits/pixel	C9B3419C73FB8A7863C7C84A20B458BE	37BDC9D287BD4D6656C27D45EBA5EC3D611899D8	8D77C27F2EC9589B9BF797AB8F36045BE5AB76DF5478F4CDDF953B893BD68563
C:\Windows\Installer\{D6DDD103-F4D3-4123-A9A2-E61CFE9FBCD0}\_853F67D554F05449430E7E.exe	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	F1814A363433ED1E413AD7C650414C42	C0DCBE7A66F8AD0B83FD0873CB01D6B4A57A30DA	2237534A7E9F656C859A5802007FF17E4649D6FFE4F30A844DAE582C14DE260B
C:\Windows\Logs\NetSetup\service.0.etl	data	1B1D39762F3987C209A9DC2885396A97	53EDE1DFC9BA0B89696E27B542DAB2FEFAA6C04C	84C1D2592106B0A625EA1798F1B585D53EB4154181227B3CB0946EE3B5B5D96E
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	E6BE5C0A034F04962D88A2F22A37D4E5	5FF84DAD10554E107B644E8A67759476345BD025	59BF668E571E8620825FD0200BA0D0EC9EC117D11FC5B68F6433D68DB09F494F
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log	Unicode text, UTF-16, little-endian text, with CRLF line terminators	97F50926D6A979C2D82881C2D90A387E	D3623F7CE0C3ECDA735FA4A809946FA497CD32B1	4F8293226FF24EAE45EF938250F4362478420BE50D613151E58275CFAE14C433
C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x191e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	AB1F198BA95CB7D77B4A3BC3B1BD4134	ADBB3D4668729B3193C311D76EA3793B4045FFD6	F9C29206097F9C1DD47269BA1B6AE70F4B84F0BC324558C76D7B245952FE4C5B
C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2da58 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8B507EC94852245A018352619E382942	28EC6F8BFDAB57F0B97E1DE73286E079E0E7682F	C0EA9569FC82CC4979AE3788E0F35535E98C913713F427F1D7D879D36BA9FAFB
C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6718 "Signature", at 0x68 WinDirPath, LanguageID 809	68036A2BDB71744321B48B2BB0F950A5	DCB30F8F37F28AB512C08C80D6429A044479B1AD	C3BA5E04CE39E935112871ED353024A9881B6693E38F20CD3F0FE552C92D52A0
C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\bcmwdidhdpcie.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x54e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	03353E9ED9E287D593DCB52E047C8187	3FB6BC85C679241B280197EDED78160492EDD977	057021F8D5D50B3DBE02DF438F248ADE6DC2570737BAA4C6979B9B89079FA869
C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\c_net.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1550 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	D603BF3D7EBC5C53BEAD176607F4C6F1	052C73A77CE2070BBBDFA0DF63C0F987AA948949	15547CC57337A764667EB123CB77D70ED6AA209CBA1CE3C489F8DEEF0D8ACD93
C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3328 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	AFEBA254F8E8F4B5CA93E983D7C8F962	F644737BD79D336888290D1A0863A88C7536CBA9	24729EC049798C64BD7D5A530FB2F610C995516582BB34551D147FDD68210B28
C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\e2xw10x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4ad0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D897C5C057532A74D3DD2670D4C2C469	98270A41C787EDA7F48A5BD2878131A1810E3962	D3FFBB70382970670CBACCCC355F06ADF5DE58C850B12D7540EAF03E64FF75AE
C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7b50 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3D6CC017568F231C6776BFE9206BBE02	62AAC57E308CF27EFFA8DE201B3CC7F83FF6EBBD	E22878133B134D7463666E6691D33BBA9D51003AB000AD4AE776EBB87AE2DAAA
C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a60 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8E779B19FC35E21F7457FC089F5671A2	12168B6C4514B405CC1A0535A8A338C5637B1658	7479C3DAB6EF8D1365ECDF3257C86D37B96033AED42D5F55BD15669D67DD481D
C:\Windows\System32\DriverStore\FileRepository\mrvlpcie8897.inf_amd64_07fc330c5a5730ca\mrvlpcie8897.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3080 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A81ACADDBEF812773D38EC426FC538A1	A22C979741F9A288AE24E71C0133853A99F61959	10277A429C77DC8A3021F2B7871B8907C9325C039386482DED45CBF724EB2950
C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\msdri.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1390 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5E048F4F28BF41C7F16DEA29927616E6	927FAE7F6170D3180613B04FA8574F3031EECFD9	9BED41F951EFD0ADABC1CBD70B3433D6CB9F15496E57085FDBAC3E07D4C34CAF
C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4900 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D1829FA342A479C8E998EB446495B32A	F546AE96D7337426E6C749D8C7B358555E16A6C9	3D12A55CFEFA8BA9D4F0A0F601E07F10D28541DD8BEEB316AEE5F5926979ECB1
C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2a98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	55BB914F5679FCD7E323BFC624073F85	AA9FF36A31FA2B1C66788E5698A7CB3CCC7A955D	28428F5ADE54841EE484AB221415C0BA51624040F1FDCCBD67DAB2B7A49A8C54
C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ndisimplatformmp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x32f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FA968E0CA580A2EF1FCD98AD4C780F2E	101702AAB8AD7228962A8E0D551DA3D58F24CA1D	8A1CD286E54436B2C62FEF3E062E7E693F5DB899A526D201090C430C1DD8EA1A
C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\net1ic64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10650 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B218FF8A66AE357C026E1B3FAB0319BC	A9C8D06F82F227208138EBB900DB4008A4247FE5	F50B8671A21606C9CFA0A126D17119708C902B6809E171F976E371446BBC812D
C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5520 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D7EAD4052D6033A5FDEA4BA965AF0C63	A9C198E611B7B1DE2584AE800D0133EE3BC0E0B9	8DB11E8B96BF67C642F4ADAFD538AD5DD68A43AB573F89E29C6D7939233573E6
C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x59d8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F191962711092F8BA9AB3C9BDE4A58F1	25B994ECCC47F7924F837EF51DEF59FB06112C35	B76AFFDE64629FB32E148E06FE80E5D7E3F2A91CF511F8A62DA732D0F3CFA279
C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5bc0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9D163764C83B11639F2DBFB5B9A216C5	7C9CDBA5612C110BF9AD7D7D680B251B8919537B	BBCCC7B8FE7BA85093804E6490F2B3E52260D2B59D9703F7BE791E1B04C0D922
C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\net7500-x64-n650f.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x47c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B3C01DA823CC830A0F6F2A57E018B147	8C2FEED4F7FAD6C02A72A47E7C190E4840B729A6	BCF234EC67F8A7738F19ABA474956C3A2769A3F4A62F6D1D0E7AF532CEC3AD48
C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\net7800-x64-n650f.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6198 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	625022264C7E84DF3868061F51CC482D	CEA033B02A70BCE92A242655740106C16F02A41F	0D6F12447744F7D02930ED0F55A361E1BF37788D27097D9665F5438B5780AFD8
C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2890 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	AC8A0174148D6FBB8811230C9AAD04DB	A043939FC0B1AE32FCC041B172142F8AFEC60690	E7B25E48F1E7D42EF53C116B80989C1D91A4AF9727AFBDB8D1525039E3C07FD5
C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3290 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B3E50D482C19D91DDD7B1D85069BEC1A	FAC43975E7F3E83940831FC8135C50E29F67D806	C849DB5426AAEEB794FFB1A8189448D25A363DB4ED9111538953BEBDA3347569
C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4058 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	245D319A7DE29CBAE18AF29054C41424	963622E1842173FDA0787E5517104F658E4741FD	2BB04AB9270FF7B30BC5C8A01B090D6159B7D49CAF4E32DB66AC97E5270D1943
C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8f88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1F17EAFF7F346AD5540C085F8113CA90	42EFD210B41DEAF677E9F09D812CF28E71C3EC81	45629BA830FD8833292EF46FCE14C2C0D1C0A6331277027112CAFC816EBFF79F
C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xbc10 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	46F0884D3CF508C96FF03411802FF8F3	FC7188FA3D53EE8A15860C8761EF8B417AEF4524	73F96FD922BACA9446AC60F801B4FBEF365B58192BDF731C697D0E27C6FB819A
C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5900 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7FF948C4CCCF730D2FD8F3DD59827695	2666D03C9CE1E1FC43668C50C7B279985430F2F0	FA7A9FB56E2BA0D9FF5CC358B906E074A74E43D2EAFD252C91A2E019EC31A5CF
C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5f48 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B2E6A81CB8CBBDDB389D6822F2BA4005	46D284EECEA63BE91A21ADD09113AA4895B3FED0	211AE29DB1136AB9ABC58CB90DC5DB2506CFDDA90EFB20A9E30E0743222337CA
C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x16aa8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BF4A18F73371E36F791438B936259379	4B9DCFC006B6CA6D4019017E8ED967D0DB8ACEFE	FA92548CBD09B8F86422C1227FDFAF0B9FFB3676F2E3B6C9F7BD3B8388C7AB2E
C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2e6e8 "Signature", at 0x68 WinDirPath, LanguageID 809	8B1EF1D243DECC2C4C9F6E42D250DA28	761207AD6FA92A33871C5E1CD5728849EB9743B8	C5AD07A1AFD658CABC0AA2BD343526EB2C7090C5B98E324B93CB7DD46DD69D08
C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\netavpna.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1420 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D303FEC04E8478C7696ED716B26814D9	A0C9ACECC0BD093CFCD59F425C756C2DA6DE4C10	36322F02F006ABD771B5A334F31CBFFD2B97D592A567901D4201CD113C19009D
C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\netax88179_178a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4470 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E00DAB66819EDE97E87FFE1AC7952D00	56C5D4F71955EB00906C2EA168A33BC6C17A3F99	4CA08A12F5BB38B7753088C267394AB114D01C67F25070D0C3AB1928A3FA939A
C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\netax88772.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4358 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C73070BAC58A8713FEABCF9D4AE9B2CE	51507816D58B79E0062387A49DC09FCD5A6CBC98	C6E73B23AB6868B674643CEABB14FB2656976E80BE0E949E5ECCFA9CA4ED4039
C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc618 "Signature", at 0x68 WinDirPath, LanguageID 809	35F73E7F02BE5EBC35B07497B20496D9	38D8C42E186518FD8D61BCB38D494BCE7FA148B7	8C9F0BD32BD848C218589033D7C6E88E6ED567238B46E1B9CD89010CA3CBF2A8
C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6e50 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E4AFF2C6DD0899AB7592CB6FAEE82079	31E34ED8518A20F4AD0BCB26418FCB7209B62C91	7C5C10B0EB560785DD3D74AFBF022948C88CC8A4F5A8F2AA88F002BFED4D6113
C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\netbxnda.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x27528 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	41222F66E5E28D821DF299850B2E9F9D	E71E406E21F9D684F5C4E50A3B610A6A1305620A	FA2AB1C85A021E84FC78F91AB063258EE6A39BE025001BE0D39D178F7DD67649
C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9120 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7198CAFC6B5B276B1A4A4F5ADBF95269	BAAF629D0B106279D4188C797C0A82DDF4E4DC46	01F6484B1383F88574798C329F027B4C4B9D6840F7A6CBEF23B21D362CC46052
C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xab88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0E58F9FB5DA8A2363FDC61C29F79EBED	4496C6BE7A8E769BDCD9C98A5C03863897816A87	696A67CD560F389961475755C73010571F1F8F0A2C4E210A02131CEEC8994FA8
C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd820 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	15F0D6F8D0D5A3E8017709EDC494DB3C	5B4D96B941A31318CD9A71304C9C3638DFC2FFF2	5F4104727B99AAB9FDF2A087345CBA2877821CEBEA178C7151D244AC050D20AE
C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5dfe0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	22912F5984EE4E5F84DBAE4DF944CEB4	016A388BEE504F363C2700F1FC1602111AD8C235	7BA88C9343105535F2297E854E6C1372FFDBABA8531B35F84667DC818E710E2C
C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4988 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1C01A84C05CAB68B4679D7DCED742C53	D54EF471E8CCF56C7C3373D5FF5989564D3B6527	1FBA998361D53D78048F881B93D5414EA7D15C3F73F5FE5E3EE11A11CE0E19E5
C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1028 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	95A5E2C2B8EB7A862D61C8A84E2DE0B5	927E25519E0213655D5CA787E0E614D5C1788ECF	C1A4BE5BEBB43FCBE99A947FBF875B1AAF27A8F8C0B25FF76C2D029EE448C0C8
C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x47c0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1FF59A05D4E64143CFCDDC6358BE6134	D6080CD58047AE977BFB73E7EF603515298952B5	08513548964EBC22430FF2E89F32706B55B7D111C62B9ADCE6357BD47A203149
C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc088 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1BCD080160BF8A6A99AE64C15508CDB4	16401F064F21226D8C12B15404E627C10604D319	6A429DD9E661CB111CD2A2D6A0B55BE33943FDAC29DB90F3B2229EE6D9434B95
C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2e78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A1C6487C3B0436DF1616ACFD9B23FE28	41A9111E931F2C2172ECC57EE20F79E4CE92B2E7	280EF096E934672DCCA77BB44282F3357DC25668AEC5FB5E92990B4004C9906E
C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x20300 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1EAF281BCCFF61659E0965E39DA62081	6D16B4C83161A65C8A433B7DC5D80E7C038E2C40	DB0B2FD6FB49EC392B3857D7C19A8BA198445FAD5BC53B01C4513F96FCE75A11
C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\netl1e64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4e68 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8E4F802A007C7FC22973516C99DC4FE5	8DF2FE4C0B00CE5CFCE6FB09C9BE96F1C8528175	82B0ADACE41E1021332DEA5200D5DB5C8EDEDA7DA0748001F812E393320E22F6
C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x27e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8539B8CB56848300E578BB2BC7B836B6	ADF1CCDCD9AA5478944F6EE44A0BFD21F460033D	D59A1C34E988393618461BDE8A6F1C979297576245F3B06668EF70C69F31B645
C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1950 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	AF5039C07A94D126DF41E28DCDB121A9	8D1E7CB33BC708AFDDB33A91B8EF8EE554BD03F4	20CBF6BE44E89EC5CB5A62D3E4E691DBB2EDCA1B7B0DAD8B7B6DB678AA163356
C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\netmlx4eth63.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc290 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D36D4A126FFBF7F440DBB3AC08983708	6A1C384B05D30AA01CA4B032AD20DD0927C0AC99	E235C61CE81EF545D9D6F1A5B7738D16067F7D01339BEA8EBE5D2EF15FF812F5
C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_101a408e6cb1d8f8\netmlx5.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10f90 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	CECD8817CC0E7DC3FE89DCCF56A6D4FF	07EC8134AF1311E8193F67572C95077959CC2AD8	3CB40AC5C565A2E74E9A6F119D171EE1CAACD9CE05E6051D0B11FFD2CB9720BF
C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x20c40 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	00620C8463682F1C609FF01B75F1B546	54A35FEF5FAFB9C4898828A049BA5BBAA25A110D	9F62F663F31F8705F55ADD7FD6988D9FE101228429A20E1CE82F14CF24EFDBB5
C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\netnvm64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6ac8 "Class", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6220B9BFA55BC6AB4F59FB571A9B1752	871617F73F404ED6DF00D6DF5A314A82ADD238B7	B118EC0215EF2EB47F0F86FA953F2EE84161073DF2CAC83A5B7E4543BE3C81E7
C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\netr28ux.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x28fb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9300469B0B83EDECAC97E430AF896428	FE763CE08E201F3C42E2C30725359A757EBC8D44	E306AF08E5854D140BCE5F6CE40A8D2601D8C6B069BF144E70B4AF27BE598EA1
C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1d828 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6DF426DEFFDCADE2963A55C73E47E47D	AE036BF5267F6A1F0419E65825248FBB19BD6C5C	E40E7CCB8FFD9DDCD83EC2F709FA8BA8142243630989D237DD4C0E7BE4826538
C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xa820 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BFE4F18B1A9F8B54C62A1544825FE924	E78ED56EADAF1CB5DF6D0C3438946D01259B74EF	D18362FCD998E5B1AFA5F6402A4385233A2684DB26C131FBBFC8CFE1E46177EC
C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\netrndis.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	71914538E2F252554F8D352B3257AC6E	4517E404D90CB735DE8448520741A49AA9B557E2	FDED4851BB05A462AD0785BF45E1A18049DBBAB1C305E741303913E95FAD68EF
C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x76a8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3B09B7DBAF64C50A3D321714CD1DB8C0	5DF5A43F298C304EB908B08C101A3EA4DB430E75	2E408A35DBDC716BA47ADCDDB1D05C4D9C5E8DD1D28E24424A189A725F0D48DE
C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\netrtwlane.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc8b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	CB9ED8BF157DEAC46CCD0467DBCA6BF3	F36FE1378DD0D21998DE1A0EC3658277A226737F	F2D8B79636B30C55C5FF497166031265B0BEA32024CD2D6DA8942F4CE02CEDB9
C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xeff0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F796C8B72A6036C105502DA820FF6AD2	77F8C1F99A0083EDBB0617B0E8109D8D73B80D07	7A7F1340D420C6C13EDF0764D0DFD60D5CEC948F09A0A4D324E1FD31FF78ABE7
C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc078 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	55E5AC2637AAE6C6C1B26CB946955206	38C957BF22941D7498B0AFD43A5245D4740ED5C0	BD441C5F40DC17794A45980EA7CBB32C8CE29E1407770140B8B465082E333A5A
C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\netrtwlans.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7668 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FA5EA40BCE3712BE459A45885D992F8F	F64AC8B011734C0B7FB7141702A8575AEE9A270B	5E2B631C52EC48B8080025B2D4A68407C36CD7FCF39FB2E97D5AAB2DFB1EE9FC
C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1cab8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F3E4EF7C0F84649D4F0BC5FE67D01AF0	FB88F657762C2CD5434C92A1ACB1B31555633D9D	CC2FB72D8744ACCFAEFD26530D9269AEC7627BA0E68BB68B56E05A372892E811
C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x13b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3CD92E41A908D678930FA96DCFBE9896	7813F968B7CD5142BF5739F2A6E45CB43D0CC1A7	D208EB36E651293CC42B4063EDAFD59A020970E169A0EBFA58501930D19CAE9A
C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\nett4x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x69b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4A84F298CF76245598D743AF24EF3BD6	D743D0D7E0CFDEC030A483224A5440EC958E1CC9	859208D97E7A39758153A4174BE313F570CB106779CE576B15D8CC1E3FABC7CC
C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x36d0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	56CB4A186E55E4FB3C0BC5766DC681F9	5B9007335D89F640986FE2E6C12DA18D6C513A4A	5E39F4513FE9AA2DB640C9D52C415C78B77EEEB20AFA15AD64DA040BC797D678
C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6658D017953D73AE67CE0B9EF2E4698F	7D3F3503B3696D43E2BB476E86A4B70F3E6A4505	86B4DACBEF65E8E29DEBEE7D300F01C51D4E7974D9976B25DA307A124B0EE4FF
C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe6f0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	75692231B3B0D6E4D62AC669200EF0C6	F79F229A4DDAE0A33B8A8C9097D8EF8A0E84F04D	3E8E584652DE43A5F9B728C5854C1DB66148DE965698DD58098833B14D09D33E
C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\netvwifimp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1bf0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A702C765CC31673D1FE76B6233E7B45C	7E4EC03133339C1116876E57330B6321DC15EE1C	3B24CE10DDE4B5F4559E71BFF3711BE914B0C2EA13428796212346A34C167359
C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E2930B6412721786198D129B98BE9279	A4A8C7362487C51F5085C498F9EBD5B238B309BF	DEAA4BFE1DC6C73A76C000DA7E91A8B93BF0D62FEB97F700D0EA42207CD44F38
C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf730 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DD6A3B484A37339E029C3B75E7DBD5DA	B5AF405CA8733E10D009DA230729D3D09F18A0A7	784D134F75A75327A227A4B28A091758C9BE3819C51A5B48E6A7CFDBF6A9FB54
C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x29320 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2427F671F31E6BAF2E042C3828FAA36D	95C87D45C0FDECA5B0C653E0E2DFEABD8DF081F5	3F958E0CCFB81D2E38D9EB7E835141D908BC90663AEB28F8DE3B7361DC9E6508
C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\netwmbclass.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1c60 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4EB0DE848ADAB3A9A458B288D7DC74AD	F22C3C966D0A17F64B38D362F370844FD8E92B04	EEB5C431D1262E82A179DF86A328A4B5F6C8CC783A2BD53F97C44CEC03CA6F22
C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12018 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F23F95A79E60959BB472586206DECD19	B45D13C2B8C761655D3AFF3755DF2E5FD773AFB9	369CDC464A8DEEB225F0B02AF9D7131244E5EB8AED9B5F546E483F706C9C381D
C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10c10 "Signature", at 0x68 WinDirPath, LanguageID 809	2B57C77C30533BA17FDB0079ACFC8246	D6B20F3C8AD0EDCFDD1C83000A13FBAC839DF0B4	ABEEFF6D163162D9EAE132FC0F3679D14A79F085A76F08450C07DD6CDF3E11F4
C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2d860 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E532821CFB8F335E59857F0F531628DC	C70D83D2E645E5FA7F9B0FCFC75925340612E0DF	06C965D9CAB2837C94B44889289BA0A94EA3CAADD148B2C53E5E0BDFBDEFDD4E
C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x188c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5F2BBF2E444FF48671251638183E628F	D52938CF711C561BC53BA205713B3CCAFE7CBDF2	E72AB26EF973A6E198FB31F7E98FEAE95E82BEBA0311B75FDCC620F0AB89B12A
C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12d70 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B36AF95AC5E6A73A8336378903F38DD5	1AD0A6700B258964696BAD811321B3290C16E68B	AFAF16AEDA9B7558B48A83BAA1BD2B1017C691DE0B4DD16F6702D3425552CF3E
C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\netwtw08.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b7c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	EE34588C84BA88754627545DFA7E7F5C	2D2A7DEBE7D45EA1A4831F240A7AEE24B43E5690	D9B4BA0714DF4FAC01F0601AA50FC03F64D0840C6BCC477B1D14A9963EF678D7
C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5b28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A4578D11F32DA6849491327D414766FB	6A9C499003D4EB7E75AA82B9E8A28DDFE9AB86D6	78B225E71294AEE0B32592FCD1F25FA306972314AF9ACA2324DA5CEED54204B6
C:\Windows\System32\DriverStore\FileRepository\pangpd.inf_amd64_395e590fee2fe205\pangpd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1940 "Signature", at 0x68 WinDirPath, LanguageID 809	E9E739EE3D56573C5AD510A589B20DF3	E81A8506DBC704890CCFCA70F15AA9682080D47A	898D1BFDC3B6899587E67924B59BC36ED2C9BA94D60B06757B05EA58CF32685E
C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\rndiscmp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	30A634E83B1BCFAE54B90E3F2943F989	90759CAC85B50851824D6B7B04078AD6927AFBBC	E8434E917BCBB342A19E16F064E4374D203DDF350DAE33596AC89F0E31816F72
C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\rt640x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x13948 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	CD2D1DD87B959F28E408A275D12C75F6	2C479DB083F0E520D04C4625EA3CC44BF6C663CF	3DE553543D18AF82DACC44DA88FF59A8CD41E98F0C8C75F0F756645FB3DFB584
C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\rtux64w10.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8f48 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BA9F63F0DA63EFED91C4FE6AC86F40A7	7E86BB7A6D8CD4A68F4EA5DCA7BEE087A015F7C0	76E2A49942DF3560E3C9B37963ACCEFE63DDC43E5E2B85449E5117FAF7833C2F
C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x131c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	CF10616E84AA8EC7C0407E7205A3C309	8E21FB795F5C96FDF2AC8EFB90B59A1C6B8B8FF2	05EEAB208480E8475FEB6D092082E277E91C03587BE0B9D2A42BAE1B064E07C2
C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\usbncm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a00 "Signature", at 0x68 WinDirPath, LanguageID 809	46F8920C969CBF434C0466C4C6B394BE	34CA9E2B8048587ECA478AB8F7AA6F4497527367	9E0F83C4B3AC7FBD85C6FFEADD921372D5DD50273988951152CF5CA306939B74
C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2fa8 "Signature", at 0x68 WinDirPath, LanguageID 809	46FD84F7A6CFD4233B40FA996FF4B576	5BF57EA6B27CB1253A222C774D1DE7C20BA38121	4C3E63A3BA92692534F3A9B6A20A8C28292A604C130CD0662171B5BE818BCA70
C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf00 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A84FB77DD7A03DF991BAB70967B021B4	BE49113DA1D1B9FC4CBB195A7757BE898BE299BC	C87BCE6E89B0C7B15981660B04AF6D1BFD0CEA6D0DB017948ADD5E770A2C4A54
C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_268e58b44338d192\wnetvsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5c08 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	08D24524CFF0205D92E86C37D410A6FE	AA8595C19E788B4D31D65CD60E9E55AAD9207B48	7659603AD1368925EE010F26D32C44534758342984CDB50EBBA3EA14937CFBD9
C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x47d8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6BB512A217C91B75CD363CDC3D0F7AC0	0655A5195C943DFC46D4D80D13F4B6DEFD5C0723	B05E09C09A3663B3E92F9F305DE1C46BFB2AE3976161416A8FD340F4731DF4E7
C:\Windows\System32\PanCredProv.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	B4B88B7A1A06A506ECF3EF15D89FE827	9DA7118283CE3CB2BEA3F3764276F7E2315FAB33	2805EFF4318B185C22CED81F8B66D66166EDDE3456159A5F358F479151AA5B57
C:\Windows\System32\PanPlapApp.exe	PE32+ executable (GUI) x86-64, for MS Windows	0B61D82EAEAFA9A65EBA026AB389C0F6	8F15DA13328432FCE1EA22360787130D22414F41	B4E1ADF07150AF9A04BB32A635FBEE77F9CB1D5A08448D81B3930A24FC847AEF
C:\Windows\System32\PanPlapProvider.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	15BD7BFE4A3861BECBB11E4656640664	7FDE8297C47E63E66C16F75897AEB226F0DE6A46	C1B4C51D4CEAB6972822D84E7A2A4588B9B011644B8DD7A079F845352EDF2986
C:\Windows\System32\PanV2CredProv.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	6AB76CF13ECFADE95A572BDD12F37F4C	041C57641688E44C407F5B44BA603DA35E1ED384	3E9703F9928275C2702231E57DD686F062E1F8D38A3C991A7BD91215E595D061
C:\Windows\System32\catroot2\dberr.txt	ASCII text, with CRLF line terminators	69AB8732F20B67F33B820F669FED9935	B14B6248818E6D6849AFD3D77DDCAD8884D0C946	CD6D817A352E89FAE99661F109015D001E4E8B0B645FC065C98751E523DBE5D6
C:\Windows\Temp\~DF955B425E2344DFB2.TMP	data	D19D65AA840550986D6EE4BB27C7807D	BF06BF4A3F2EF546FCFA48A31BC2446524710E34	89AE106FF988540A11736C8B3735A2728ACFA6A295B901A211FCF1DE68B68130
C:\Windows\Temp\~DFAA546FE8654BE70C.TMP	Composite Document File V2 Document, Cannot read section info	F1D1C440FB59876B249E3905F642B23B	04412E2C6D915A446EC631B3E8D2A04ED46890C8	69A1F9661B61FD6E2D722A7D79A739701D2656563FE62A311611E7024833C464
C:\Windows\Temp\~DFC0DD21B77A9AE9CD.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DFF51EDDEA7403F7F5.TMP	data	409DCF2850BF1E68BE5E90838B252588	B5EE96F63FAF0E9B37C0C33AA736897F910DD995	39ED84DA5D2967FC715A9BD0BFB56CCF7985E699D732D5A6B397A30320A8D200
\Device\Mup\user-PC\PIPE\samr	GLS_BINARY_LSB_FIRST	E467C82627F5E1524FDB4415AF19FC73	B86E3AA40E9FBED0494375A702EABAF1F2E56F8E	116CD35961A2345CE210751D677600AADA539A66F046811FA70E1093E01F2540

ID:	1643489
Product:	CloudBasic
Start time:	21:05:36
Start date:	19.03.2025
Sample:	GlobalProtect64.msi
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	c06338506a75ea329e0c892ab255594b
SHA1:	c7cc6729c09b0486ba7171481bdb1b15b13d52ce
SHA256:	2edaa177ac6d8e50464699e96c092e95acd713b48006d0ceb0853366d93b7020
Filetype:	Generic OLE2 / Multistream Compound File (8008/1) 100.00%

Windows Analysis Report
GlobalProtect64.msi

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

Bitcoin Miner

Compliance

Spreading

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report GlobalProtect64.msi

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

Bitcoin Miner

Compliance

Spreading

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
GlobalProtect64.msi