Windows Analysis Report
GlobalProtect64-6.3.1.msi

Overview

General Information

Sample name:	GlobalProtect64-6.3.1.msi
Analysis ID:	1543859
MD5:	ee67a64e6eec29580597358a7860c706
SHA1:	493877cd3362a44d59eda084b444455f755c3d29
SHA256:	eaa5e4fb71791a360bbabdf007f50861213ead504c649c26482d6529d9fb50dc
Infos:

Detection

Score:	28
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Signatures

Creates files in the system32 config directory

Modifies the DNS server

NDIS Filter Driver detected (likely used to intercept and sniff network traffic)

Sample is not signed and drops a device driver

AV process strings found (often used to terminate AV products)

Checks for available system drives (often done to infect USB drives)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to communicate with device drivers

Contains functionality to delete services

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to read device registry values (via SetupAPI)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the driver directory

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

Enables driver privileges

Enables security privileges

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries device information via Setup API

Queries disk information (often used to detect virtual machines)

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: CurrentVersion Autorun Keys Modification

Stores files to the Windows start menu directory

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION PanGPA.exe			Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION PanGPA.exe			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_JAPANESE.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_SPANISH.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bmp00001.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaresource.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedInternal.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Lato-Regular.ttf	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_GERMAN.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.inf	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHip.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_busy.ico	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.inf	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bitmap1.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPSupport.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.ico	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\license.cfg	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PsvCtrl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\WdfCoinstaller01011.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.sys	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_32.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedNone.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\uninstall.ico	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_64.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedFail.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaheap.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE_TRADITIONAL.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gp-public.pem	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwalocal.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.sys	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bitmap2.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\close1.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwautils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Connecting.avi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanVcrediChecker.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\WebView2Loader.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_FRENCH.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanMSAgent.ico	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\app.sig	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\DEM64.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\res	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\res\help.chm	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\message.bin	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_ok.ico	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Lato-Semibold.ttf	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_ok_msg.ico	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanSupport.ico	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\res\Panw-Logo.png	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Decimal-Medium-Pro.otf	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Connected.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd64.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bmp00003.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Connecting.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\close2.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\close3.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_stop.ico	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\debug_drv.log	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanProxyAgent.log
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pan_gp_event.log

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62BC3D77-3D5D-4821-B162-5BF52C6B11AF}

Jump to behavior

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

File created: C:\Windows\INF\setupapi.app.log

Jump to behavior

Source:	Binary string: e:\workspace\GlobalProtect\Release6.3\globalprotect-release-6.3-RELENG_2\gp\release\6.3.1\win32\apps\PanMS\x64\Release\PanGPS.pdb source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: X509_NAME_ENTRYRDNSX509_NAME_ENTRIESNameX509_NAME_INTERNALX509_NAMEcrypto\x509\x_name.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1g FIPS 21 Apr 2020built on: Sat Oct 15 03:31:49 2022 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not availablecrypto\fips\fips_post.crand_drbg_selftestType=assertion failed: len <= FIPS_MAX_CIPHER_TEST_SIZE0123456789abcdefcrypto\fips\fips.cFATAL FIPS SELFTEST FAILUREOPENSSL_ia32cap_OPENSSL_isserviceService-0xno stack?OpenSSLOpenSSL: FATAL%s:%d: OpenSSL internal error: %s source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Code function: 8_2_00007FF8B8AFF950 FindFirstFileExW,	8_2_00007FF8B8AFF950
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Code function: 8_2_00007FF8B8AFFAD4 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	8_2_00007FF8B8AFFAD4
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E148E4 FindFirstFileExW,	19_2_00007FF8B7E148E4

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Local Storage\	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Local Storage\leveldb\	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\	Jump to behavior

Networking

NDIS Filter Driver detected (likely used to intercept and sniff network traffic)

Source: gpfltdrv.sys.1.dr	Static PE information: Found NDIS imports: FwpsFreeCloneNetBufferList0, FwpsAllocateCloneNetBufferList0, FwpsApplyModifiedLayerData0, FwpsInjectNetworkSendAsync0, FwpsReleaseClassifyHandle0, FwpsAcquireClassifyHandle0, FwpmFilterDestroyEnumHandle0, FwpmFilterEnum0, FwpmFilterCreateEnumHandle0, FwpmFilterDeleteByKey0, FwpmFilterAdd0, FwpsConstructIpHeaderForTransportPacket0, FwpsInjectNetworkReceiveAsync0, FwpsReferenceNetBufferList0, FwpsDereferenceNetBufferList0, FwpsQueryPacketInjectionState0, FwpsQueryConnectionRedirectState0, FwpsFlowAssociateContext0, FwpsFlowRemoveContext0, FwpsCompleteClassify0, FwpsAcquireWritableLayerDataPointer0, FwpsCalloutRegister2, FwpsCalloutUnregisterById0, FwpsInjectionHandleCreate0, FwpsInjectionHandleDestroy0, FwpsRedirectHandleCreate0, FwpsRedirectHandleDestroy0, FwpmFreeMemory0, FwpmEngineOpen0, FwpmEngineClose0, FwpmTransactionBegin0, FwpmTransactionCommit0, FwpmTransactionAbort0, FwpmSubLayerAdd0, FwpmCalloutAdd0
Source: PanGPS.exe.1.dr	Static PE information: Found NDIS imports: FwpmFilterAdd0, FwpmSubLayerDeleteByKey0, FwpmFilterDeleteByKey0, FwpmTransactionAbort0, FwpmTransactionCommit0, FwpmFilterCreateEnumHandle0, FwpmFilterDeleteById0, FwpmFilterDestroyEnumHandle0, FwpmSubLayerAdd0, FwpmFilterEnum0, FwpmGetAppIdFromFileName0, FwpmCalloutDeleteByKey0, FwpmTransactionBegin0, FwpmFreeMemory0, FwpmEngineOpen0, FwpmEngineClose0
Source: SET8C10.tmp.19.dr	Static PE information: Found NDIS imports: FwpsFreeCloneNetBufferList0, FwpsAllocateCloneNetBufferList0, FwpsApplyModifiedLayerData0, FwpsInjectNetworkSendAsync0, FwpsReleaseClassifyHandle0, FwpsAcquireClassifyHandle0, FwpmFilterDestroyEnumHandle0, FwpmFilterEnum0, FwpmFilterCreateEnumHandle0, FwpmFilterDeleteByKey0, FwpmFilterAdd0, FwpsConstructIpHeaderForTransportPacket0, FwpsInjectNetworkReceiveAsync0, FwpsReferenceNetBufferList0, FwpsDereferenceNetBufferList0, FwpsQueryPacketInjectionState0, FwpsQueryConnectionRedirectState0, FwpsFlowAssociateContext0, FwpsFlowRemoveContext0, FwpsCompleteClassify0, FwpsAcquireWritableLayerDataPointer0, FwpsCalloutRegister2, FwpsCalloutUnregisterById0, FwpsInjectionHandleCreate0, FwpsInjectionHandleDestroy0, FwpsRedirectHandleCreate0, FwpsRedirectHandleDestroy0, FwpmFreeMemory0, FwpmEngineOpen0, FwpmEngineClose0, FwpmTransactionBegin0, FwpmTransactionCommit0, FwpmTransactionAbort0, FwpmSubLayerAdd0, FwpmCalloutAdd0

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.5:51418 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 162.159.61.3 162.159.61.3

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://127.0.0.1
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://127.0.0.1Software
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://captive.apple.com/hotspot-detect.html
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://captive.apple.com/hotspot-detect.html(P%u-T%u)%s(%4d):
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html(P%u-T%u)%s(%4d):
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: https://gp.test.com/big_file
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: https://gp.test.com/small_file
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: https://gp.test.com/small_filetrace

Source: unknown	Network traffic detected: HTTP traffic on port 51654 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51653 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51650 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51650
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51651
Source: unknown	Network traffic detected: HTTP traffic on port 51651 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51654
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51653

Drops certificate files (DER)

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\pangpd64.cat (copy)			Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\SET6E48.tmp			Jump to dropped file

Contains functionality to communicate with device drivers

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

Code function: 19_2_00007FF8B7DF5F3C: EnterCriticalSection,_snwprintf_s,_snwprintf_s,EnterCriticalSection,_snwprintf_s,LeaveCriticalSection,_snwprintf_s,CreateEventW,DeviceIoControl,EnterCriticalSection,_snwprintf_s,LeaveCriticalSection,GetOverlappedResult,CloseHandle,_snwprintf_s,GetLastError,EnterCriticalSection,_snwprintf_s,LeaveCriticalSection,_snwprintf_s,

19_2_00007FF8B7DF5F3C

Contains functionality to delete services

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

Code function: 19_2_00007FF8B7E033D4 OpenSCManagerW,OpenServiceW,QueryServiceStatus,Sleep,EnterCriticalSection,_snwprintf_s,LeaveCriticalSection,EnterCriticalSection,_snwprintf_s,LeaveCriticalSection,_snwprintf_s,_snwprintf_s,DeleteService,GetLastError,EnterCriticalSection,_snwprintf_s,LeaveCriticalSection,_snwprintf_s,GetSystemDirectoryW,DeleteFileW,EnterCriticalSection,GetLastError,_snwprintf_s,LeaveCriticalSection,GetLastError,_snwprintf_s,CloseServiceHandle,CloseServiceHandle,

19_2_00007FF8B7E033D4

Creates driver files

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.sys

Jump to behavior

Creates files inside the driver directory

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

File created: C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF

Jump to behavior

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\48bce9.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{62BC3D77-3D5D-4821-B162-5BF52C6B11AF}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC68D.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\PanPlapProvider.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\PanCredProv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\PanV2CredProv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\PanPlapApp.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{62BC3D77-3D5D-4821-B162-5BF52C6B11AF}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{62BC3D77-3D5D-4821-B162-5BF52C6B11AF}\_853F67D554F05449430E7E.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{62BC3D77-3D5D-4821-B162-5BF52C6B11AF}\_F385DCA0A7C7248F54C3CD.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{62BC3D77-3D5D-4821-B162-5BF52C6B11AF}\_2AE9C45021E1A96BA1E33A.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\48bceb.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\48bceb.msi	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\3ware.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\61883.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\acxhdaudiop.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\adp80xx.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\amdsata.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\amdsbs.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\athw8x.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\avc.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\b57nd60a.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\battery.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\bcmdhd64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\bcmwdidhdpcie.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\bda.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\btampm.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\BthLCPen.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\bthmtpenum.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\BthOob.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\bthpan.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\bthprint.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\bthspp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\cht4nulx64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\cht4sx64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_1394.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_61883.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_apo.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_avc.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_barcodescanner.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_battery.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_biometric.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_bluetooth.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_camera.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_cashdrawer.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_cdrom.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_computeaccelerator.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_computer.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_diskdrive.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_display.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_dot4.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_dot4print.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_extension.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fdc.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_firmware.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_floppydisk.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsactivitymonitor.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsantivirus.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fscfsmetadataserver.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fscompression.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fscontentscreener.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fscontinuousbackup.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fscopyprotection.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsencryption.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fshsm.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsinfrastructure.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsopenfilebackup.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsphysicalquotamgmt.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsquotamgmt.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsreplication.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fssecurityenhancer.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fssystem.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fssystemrecovery.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsundelete.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_fsvirtualization.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_hdc.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_hidclass.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_holographic.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_image.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_infrared.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_keyboard.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_legacydriver.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_linedisplay.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_magneticstripereader.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_mcx.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_media.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_mediumchanger.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_memory.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_modem.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_monitor.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_mouse.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_mtd.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_multifunction.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_multiportserial.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_net.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_netclient.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_netdriver.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_netservice.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_nettrans.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_pcmcia.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_pnpprinters.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_ports.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_printer.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_processor.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_proximity.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_receiptprinter.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_sbp2.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_scmdisk.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_scmvolume.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_scsiadapter.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_sdhost.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_securitydevices.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_sensor.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_smartcard.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_smartcardfilter.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_smartcardreader.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_smrdisk.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_smrvolume.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_sslaccel.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_swcomponent.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_system.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_tapedrive.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_ucm.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_unknown.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_usb.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_usbdevice.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_usbfn.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_volsnap.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_volume.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_wceusbs.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\c_wpd.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\dc1-controller.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\dc21x4vm.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\digitalmediadevice.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\displayoverride.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\e2xw10x64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\eaphost.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ehstorpwddrv.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\fidohid.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\fusionv2.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\gameport.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\halextintclpiodma.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\halextpl080.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\hdaudss.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\heat.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\hidbthle.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\hidcfu.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\hidirkbd.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\hidscanner.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\hidserv.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\HidTelephonyDriver.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\hpsamd.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\idtsec.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\image.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ipmidrv.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ipoib6x.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ItSas35i.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ks.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\kscaptur.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\lltdio.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\lsi_sas2i.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\lsi_sas3i.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\lsi_sss.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mbtr8897w81x64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mchgr.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdm3com.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdm5674a.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmadc.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmagm64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmags64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmairte.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmaiwa.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmaiwa3.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmaiwa4.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmaiwa5.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmaiwat.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmar1.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmarch.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmarn.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmati.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmatm2k.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmaus.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmboca.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmbsb.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmbug3.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmbw561.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmc26a.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcdp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcm28.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcodex.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcom1.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcommu.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcomp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcpq.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcpq2.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcpv.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcrtix.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcxhv6.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmcxpv6.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmdcm5.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmdcm6.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmdf56f.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmdgitn.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmdp2.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmdsi.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmdyna.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmeiger.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmelsa.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmeric.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmeric2.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmetech.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmfj2.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgatew.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgcs.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgen.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl001.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl002.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl003.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl004.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl005.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl006.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl007.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl008.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl009.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgl010.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmgsm.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmhaeu.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmhandy.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmhay2.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmhayes.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdminfot.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmiodat.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmirmdm.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmisdn.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmjf56e.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmke.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmkortx.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmlasat.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmlasno.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmlucnt.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmc288.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmcd.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmcom.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmct.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmega.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmetri.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmhrtz.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmhzel.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmminij.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmod.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmot64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmoto1.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmotou.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmmts.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmneuhs.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnis1u.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnis2u.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnis3t.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnis5t.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnokia.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnova.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmntt1.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnttd2.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnttd6.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnttme.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnttp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnttp2.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmnttte.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmolic.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmomrn3.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmoptn.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmosi.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmpace.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmpenr.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmpin.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmpn1.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmpp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmpsion.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmracal.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmrock.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmrock3.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmrock4.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmrock5.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsier.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsii64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsmart.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsonyu.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsun1.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsun2.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsupr3.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsupra.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmsuprv.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtdk.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtdkj2.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtdkj3.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtdkj4.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtdkj5.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtdkj6.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtdkj7.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtexas.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmti.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtkr.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmtron.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmusrf.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmusrg.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmusrgl.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmusrk1.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmusrsp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmvdot.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmvv.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmwhql0.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmx5560.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmzoom.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmzyp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmzyxel.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mdmzyxlg.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\megasas.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\megasas2i.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\megasas35i.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\megasr.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mf.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mgtdyn.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\microsoft_bluetooth_a2dp_snk.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\microsoft_bluetooth_a2dp_src.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\microsoft_bluetooth_hfp_ag.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\microsoft_bluetooth_hfp_hf.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\miradisp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\modemcsa.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mrvlpcie8897.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\msclmd.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\msdri.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\msdv.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mstape.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\msux64w10.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\multiprt.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mvumis.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\mwlu97w8x64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ndiscap.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ndisimplatform.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ndisimplatformmp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ndisuio.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net1yx64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net44amd.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net7400-x64-n650.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net7500-x64-n650f.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net7800-x64-n650f.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net8185.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net8187bv64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net8187se64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net8192se64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net8192su64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net819xp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\net9500-x64-n650f.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netathr10x.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netathrx.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netax88179_178a.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netax88772.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netbc63a.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netbc64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netbrdg.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netbxnda.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\nete1e3e.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\nete1g3e.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netefe3e.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netelx.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netg664.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netimm.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netip6.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netirda.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netjme.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netk57a.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netl160a.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netl1c63x64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netl1e64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netl260a.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netlldp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netloop.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netmlx4eth63.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netmlx5.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netmscli.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netmyk64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netnb.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netnvm64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netnvma.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netnwifi.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netpacer.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netpgm.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netr28ux.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netr28x.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netr7364.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrass.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrast.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrndis.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrtl64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrtwlane.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrtwlane01.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrtwlane_13.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrtwlans.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netrtwlanu.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netserv.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\nett4x64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\nettcpip.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netv1x64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netvchannel.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netvf63a.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netvg63a.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netvwifibus.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netvwififlt.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netvwifimp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netvwwanmp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwbw02.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwew00.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwew01.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwlv64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwmbclass.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwns64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwsw00.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwtw02.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwtw04.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwtw06.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netwtw08.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\netxex64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ntprint.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ntprint4.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\nulhpopr.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\nulhprs8.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\nvraid.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\oem0.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\oem1.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\oem3.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\oposdrv.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\pcmcia.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\PerceptionSimulationHeadset.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\PerceptionSimulationSixDof.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\PerceptionSimulationSixDofModels.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\percsas2i.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\percsas3i.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\pnpxinternetgatewaydevices.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnge001.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms002.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms003.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms004.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms005.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms007.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms008.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms010.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms011.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms012.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms013.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\prnms014.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\qd3x64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rawsilo.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rdcameradriver.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rdlsbuscbs.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rdpidd.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rdvgwddmdx11.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\remoteposdrv.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rndiscmp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rspndr.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rt640x64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rtux64w10.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rtvdevx64.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\rtwlanu_oldIC.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\scmvolume.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\scrawpdo.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\scsidev.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\scunknown.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\sdbus.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\SDFLauncher.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\sensorsalsdriver.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\SensorsHidClassDriver.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\sensorsservicedriver.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\sisraid2.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\sisraid4.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\SmartSAMD.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\smrdisk.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\smrvolume.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\stexstor.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\sti.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\storfwupdate.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\tape.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\termkbd.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\tpmvsc.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\transfercable.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\tsprint.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\tsusbhubfilter.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ts_generic.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\ts_wpdmtp.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\uicciso.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\uiccspb.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\unknown.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\UsbccidDriver.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\usbncm.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\usbnet.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\usbvideo.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\vca.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\virtualdisplayadapter.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\volsnap.PNF	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\INF\vrd.PNF	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\48bceb.msi

Jump to behavior

Detected potential crypto function

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Code function: 8_2_00007FF8B8B05168	8_2_00007FF8B8B05168
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Code function: 8_2_00007FF8B8AFF950	8_2_00007FF8B8AFF950
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Code function: 8_2_00007FF8B8AFFAD4	8_2_00007FF8B8AFFAD4
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Code function: 8_2_00007FF8B8AF27AF	8_2_00007FF8B8AF27AF
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Code function: 8_2_00007FF8B8AF2035	8_2_00007FF8B8AF2035
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Code function: 8_2_00007FF8B8AF7468	8_2_00007FF8B8AF7468
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7DF90F0	19_2_00007FF8B7DF90F0
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7DFBDB8	19_2_00007FF8B7DFBDB8
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7DFBBB0	19_2_00007FF8B7DFBBB0
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7DF1250	19_2_00007FF8B7DF1250
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7DFD154	19_2_00007FF8B7DFD154
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E148E4	19_2_00007FF8B7E148E4
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7DF4750	19_2_00007FF8B7DF4750
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E16F30	19_2_00007FF8B7E16F30
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E146D8	19_2_00007FF8B7E146D8
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7DFE6A0	19_2_00007FF8B7DFE6A0
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E1265C	19_2_00007FF8B7E1265C
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7DF45D0	19_2_00007FF8B7DF45D0
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7DF3DB0	19_2_00007FF8B7DF3DB0
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E01D40	19_2_00007FF8B7E01D40
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E1BD18	19_2_00007FF8B7E1BD18
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E0D3DC	19_2_00007FF8B7E0D3DC
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E003C4	19_2_00007FF8B7E003C4
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7DFDBD0	19_2_00007FF8B7DFDBD0
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E1735C	19_2_00007FF8B7E1735C
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7DF8350	19_2_00007FF8B7DF8350
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E19B18	19_2_00007FF8B7E19B18
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E11234	19_2_00007FF8B7E11234
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7DFC9D0	19_2_00007FF8B7DFC9D0
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E05160	19_2_00007FF8B7E05160
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E0D174	19_2_00007FF8B7E0D174

Enables driver privileges

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

Process token adjusted: Load Driver

Jump to behavior

Enables security privileges

Source: C:\Windows\System32\svchost.exe

Process token adjusted: Security

Found potential string decryption / allocating functions

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: String function: 00007FF8B7DF1F54 appears 79 times
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: String function: 00007FF8B7DF2990 appears 115 times
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: String function: 00007FF8B7DF39FC appears 219 times

PE file contains executable resources (Code or Archives)

Source: libwaresource.dll.1.dr	Static PE information: Resource name: RT_RCDATA type: COM executable for DOS
Source: WdfCoinstaller01011.dll.1.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Microsoft Standalone Update, 897290 bytes, 4 files, at 0x44 +A "WSUSSCAN.cab" +A "Windows6.0-KB2685811-x64.cab", flags 0x4, number 1, extra bytes 20 in head, 31 datablocks, 0x1 compression
Source: WdfCoinstaller01011.dll.1.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Microsoft Standalone Update, 794777 bytes, 4 files, at 0x44 +A "WSUSSCAN.cab" +A "Windows6.1-KB2685811-x64.cab", flags 0x4, number 1, extra bytes 20 in head, 27 datablocks, 0x1 compression
Source: wa_3rd_party_host_32.exe.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: wa_3rd_party_host_64.exe.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

PE file contains more sections than normal

Source: WebView2Loader.dll.1.dr

Static PE information: Number of sections : 11 > 10

PE file does not import any functions

Source: PanGPA_SPANISH.dll.1.dr	Static PE information: No import functions for PE file found
Source: PanGPA_FRENCH.dll.1.dr	Static PE information: No import functions for PE file found
Source: libwaresource.dll.1.dr	Static PE information: No import functions for PE file found
Source: PanGPA_GERMAN.dll.1.dr	Static PE information: No import functions for PE file found
Source: PanGPA_JAPANESE.dll.1.dr	Static PE information: No import functions for PE file found
Source: PanGPA_CHINESE.dll.1.dr	Static PE information: No import functions for PE file found
Source: PanGPA_CHINESE_TRADITIONAL.dll.1.dr	Static PE information: No import functions for PE file found

Source: WdfCoinstaller01011.dll.1.dr

Static PE information: Section: .rsrc ZLIB complexity 0.9922124359783254

Source: classification engine

Classification label: sus28.troj.spyw.evad.winMSI@24/837@4/2

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

Code function: 19_2_00007FF8B7DFFFD0 CoInitialize,CoCreateInstance,CoUninitialize,

19_2_00007FF8B7DFFFD0

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

Code function: 19_2_00007FF8B7E04778 LoadResource,LockResource,SizeofResource,

19_2_00007FF8B7E04778

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files\Palo Alto Networks

Jump to behavior

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe

File created: C:\Users\user\AppData\Local\Palo Alto Networks\

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5356:120:WilError_03
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Mutant created: NULL
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\GP_InstanceChecker_user

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF0981B5E01843200F.TMP

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: PanGPA.exe	String found in binary or memory: <SIZE>15, 14</SIZE> <CORNERS>2, 2, 2, 2</CORNERS> </LAUNCH_BTN> <LAUNCH_ICON> <SIZE>8, 8</SIZE> </LAUNCH_ICON> <TextNormal>83, 84, 89</TextNormal> <TextHighlighted>83, 84, 89</TextHighlighted> </CAPTION> <SEPA
Source: PanGPA.exe	String found in binary or memory: <CORNERS>2, 0, 2, 16</CORNERS> </BOTTOM> </BACK> <CAPTION> <LAUNCH_ICON> <SIZE>12, 12</SIZE> </LAUNCH_ICON> <TextNormal>255, 255, 255</TextNormal> <TextHighlighted>255, 255, 255</TextHighlighted> </CAPTION> <S
Source: PanGPA.exe	String found in binary or memory: SIZE>100, 17</SIZE> <CORNERS>3, 0, 4, 4</CORNERS> </BOTTOM> </BACK> <CAPTION> <LAUNCH_BTN> <SIZE>15, 14</SIZE> <CORNERS>2, 2, 2, 2</CORNERS> </LAUNCH_BTN> <LAUNCH_ICON> <SIZE>8, 8</SIZE> </LAUNCH_ICON>
Source: PanGPA.exe	String found in binary or memory: TTOM> <SIZE>100, 17</SIZE> <CORNERS>3, 0, 4, 4</CORNERS> </BOTTOM> </BACK> <CAPTION> <LAUNCH_BTN> <SIZE>15, 14</SIZE> <CORNERS>2, 2, 2, 2</CORNERS> </LAUNCH_BTN> <LAUNCH_ICON> <SIZE>8, 8</SIZE> </L
Source: PanGPA.exe	String found in binary or memory: <LAUNCH_BTN> <SIZE>15, 14</SIZE> <CORNERS>2, 2, 2, 2</CORNERS> </LAUNCH_BTN> <LAUNCH_ICON> <SIZE>8, 8</SIZE> </LAUNCH_ICON> <TextNormal>115, 131, 153</TextNormal> <TextHighlighted>115, 131, 153</TextHighlighted>
Source: PanGPS.exe	String found in binary or memory: The old interface cannot get un-installed. Please reboot computer and install again!

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\GlobalProtect64-6.3.1.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe" -commit
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe"
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-376 --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=5408.6692.18028064762265798369
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x110,0x160,0x164,0x140,0x16c,0x7ff8a7a58e88,0x7ff8a7a58e98,0x7ff8a7a58ea8
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1792 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2516 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=3000 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1730120263967503 --launch-time-ticks=4791055134 --mojo-platform-channel-handle=3408 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=MojoIpcz /prefetch:1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "1" "C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.inf" "9" "4473c0673" "0000000000000158" "WinSta0\Default" "0000000000000168" "208" "C:\Program Files\Palo Alto Networks\GlobalProtect"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
Source: unknown	Process created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe" -commit	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-376 --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=5408.6692.18028064762265798369	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x110,0x160,0x164,0x140,0x16c,0x7ff8a7a58e88,0x7ff8a7a58e98,0x7ff8a7a58ea8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1792 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=MojoIpcz /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2516 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=MojoIpcz /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=3000 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=MojoIpcz /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1730120263967503 --launch-time-ticks=4791055134 --mojo-platform-channel-handle=3408 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=MojoIpcz /prefetch:1	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "1" "C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.inf" "9" "4473c0673" "0000000000000158" "WinSta0\Default" "0000000000000168" "208" "C:\Program Files\Palo Alto Networks\GlobalProtect"

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: psvctrl.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: cryptui.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: spinf.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: devrtl.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: drvstore.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netsetupshim.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netsetupapi.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netsetupengine.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: spfileq.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: tcpipcfg.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: cryptui.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: winbio.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: webview2loader.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: winscard.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kbdus.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mdmregistration.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mdmregistration.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: omadmapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dmcmnutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iri.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dsreg.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.security.authentication.web.core.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mf.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: hevcdecoder.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dolbydecmft.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mfperfhelper.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ncryptprov.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpnpmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netsetupsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netsetupengine.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: implatsetup.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netsetupengine.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: implatsetup.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: spinf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: drvstore.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: psvctrl.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: userenv.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wininet.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: powrprof.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: msimg32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: oledlg.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netapi32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: secur32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: cryptui.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: msi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: pdh.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: oleacc.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: winmm.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: version.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: netutils.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dsrole.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: samcli.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: dpapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: umpdc.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: winsta.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: amsi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: profapi.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: devobj.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: devrtl.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: spinf.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: drvstore.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: spfileq.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: wldp.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: cabinet.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Section loaded: samlib.dll

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B035261-40F9-11D1-AAEC-00805FC1270E}\InProcServer32

Jump to behavior

Source: GlobalProtect.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\Installer\{62BC3D77-3D5D-4821-B162-5BF52C6B11AF}\_F385DCA0A7C7248F54C3CD.exe
Source: PanGPSupport.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\Installer\{62BC3D77-3D5D-4821-B162-5BF52C6B11AF}\_2AE9C45021E1A96BA1E33A.exe

Source: C:\Windows\System32\msiexec.exe	Automated click: Next >
Source: C:\Windows\System32\msiexec.exe	Automated click: Next >
Source: C:\Windows\System32\msiexec.exe	Automated click: Next >

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_JAPANESE.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_SPANISH.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bmp00001.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaresource.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedInternal.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Lato-Regular.ttf	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_GERMAN.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.inf	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHip.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_busy.ico	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.inf	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bitmap1.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPSupport.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.ico	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\license.cfg	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PsvCtrl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\WdfCoinstaller01011.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.sys	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_32.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedNone.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\uninstall.ico	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_64.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedFail.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaheap.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE_TRADITIONAL.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\gp-public.pem	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwalocal.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.sys	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bitmap2.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\close1.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwautils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Connecting.avi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanVcrediChecker.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\WebView2Loader.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_FRENCH.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanMSAgent.ico	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\app.sig	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\DEM64.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\res	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\res\help.chm	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\message.bin	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_ok.ico	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Lato-Semibold.ttf	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_ok_msg.ico	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanSupport.ico	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\res\Panw-Logo.png	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Decimal-Medium-Pro.otf	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Connected.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd64.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\bmp00003.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\Connecting.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\close2.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\close3.bmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\tray_stop.ico	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\debug_drv.log	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanProxyAgent.log
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Directory created: C:\Program Files\Palo Alto Networks\GlobalProtect\pan_gp_event.log

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62BC3D77-3D5D-4821-B162-5BF52C6B11AF}

Jump to behavior

Source: GlobalProtect64-6.3.1.msi

Static file information: File size 66512384 > 1048576

Source:	Binary string: e:\workspace\GlobalProtect\Release6.3\globalprotect-release-6.3-RELENG_2\gp\release\6.3.1\win32\apps\PanMS\x64\Release\PanGPS.pdb source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: X509_NAME_ENTRYRDNSX509_NAME_ENTRIESNameX509_NAME_INTERNALX509_NAMEcrypto\x509\x_name.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1g FIPS 21 Apr 2020built on: Sat Oct 15 03:31:49 2022 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not availablecrypto\fips\fips_post.crand_drbg_selftestType=assertion failed: len <= FIPS_MAX_CIPHER_TEST_SIZE0123456789abcdefcrypto\fips\fips.cFATAL FIPS SELFTEST FAILUREOPENSSL_ia32cap_OPENSSL_isserviceService-0xno stack?OpenSSLOpenSSL: FATAL%s:%d: OpenSSL internal error: %s source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp

Contains functionality to dynamically determine API calls

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe

Code function: 8_2_00007FF8B8AF3B59 LoadLibraryW,GetProcAddress,GetProcAddress,FreeLibrary,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,

8_2_00007FF8B8AF3B59

PE file contains sections with non-standard names

Source: wa_3rd_party_host_32.exe.1.dr	Static PE information: section name: .didat
Source: wa_3rd_party_host_64.exe.1.dr	Static PE information: section name: .didat
Source: wa_3rd_party_host_64.exe.1.dr	Static PE information: section name: .gehcont
Source: libwaheap.dll.1.dr	Static PE information: section name: .gehcont
Source: libwalocal.dll.1.dr	Static PE information: section name: .gehcont
Source: libwautils.dll.1.dr	Static PE information: section name: .didat
Source: libwautils.dll.1.dr	Static PE information: section name: .gehcont
Source: WebView2Loader.dll.1.dr	Static PE information: section name: .00cfg
Source: WebView2Loader.dll.1.dr	Static PE information: section name: .gxfg
Source: WebView2Loader.dll.1.dr	Static PE information: section name: .retplne
Source: WebView2Loader.dll.1.dr	Static PE information: section name: _RDATA
Source: libwaapi.dll.1.dr	Static PE information: section name: .gehcont

Persistence and Installation Behavior

Creates files in the system32 config directory

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Palo Alto Networks\
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Palo Alto Networks\GlobalProtect\

Sample is not signed and drops a device driver

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.sys			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.sys			Jump to behavior

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanV2CredProv.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE_TRADITIONAL.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanVcrediChecker.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PsvCtrl.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\pangpd.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_GERMAN.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwautils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\WebView2Loader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaheap.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_32.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Jump to dropped file
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\system32\DRIVERS\gpfltdrv.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\WdfCoinstaller01011.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\SET6DF9.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanPlapProvider.dll	Jump to dropped file
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\system32\DRIVERS\pangpd.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.sys	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_FRENCH.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwalocal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaapi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHip.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_JAPANESE.dll	Jump to dropped file
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\System32\drivers\SET8C10.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.sys	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanPlapApp.exe	Jump to dropped file
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\System32\drivers\SET80A6.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaresource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_SPANISH.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanCredProv.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPSupport.exe	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanV2CredProv.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\pangpd.sys (copy)	Jump to dropped file
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\System32\drivers\SET8C10.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanPlapApp.exe	Jump to dropped file
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\System32\drivers\SET80A6.tmp	Jump to dropped file
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\system32\DRIVERS\gpfltdrv.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\SET6DF9.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanPlapProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\PanCredProv.dll	Jump to dropped file
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	File created: C:\Windows\system32\DRIVERS\pangpd.sys (copy)	Jump to dropped file

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

File created: C:\Windows\INF\setupapi.app.log

Jump to behavior

Creates or modifies windows services

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PanGpd

Jump to behavior

Modifies existing windows services

Source: C:\Windows\System32\svchost.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage

Stores files to the Windows start menu directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks\GlobalProtect	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks\GlobalProtect\GlobalProtect.lnk	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks\GlobalProtect\PanGPSupport.lnk	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GlobalProtect			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GlobalProtect			Jump to behavior

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Process information set: NOOPENFILEERRORBOX

Contains functionality to read device registry values (via SetupAPI)

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

Code function: 19_2_00007FF8B7DFBBB0 SetupDiGetDeviceRegistryPropertyW,EnterCriticalSection,GetLastError,_snwprintf_s,LeaveCriticalSection,GetLastError,_snwprintf_s,_invalid_parameter_noinfo_noreturn,EnterCriticalSection,_snwprintf_s,LeaveCriticalSection,_snwprintf_s,SetupDiClassGuidsFromNameExW,SetupDiGetClassDevsExW,SetupDiGetDeviceInfoListDetailW,SetupDiEnumDeviceInfo,CM_Get_Device_ID_ExW,wcsstr,EnterCriticalSection,_snwprintf_s,LeaveCriticalSection,_snwprintf_s,CM_Get_DevNode_Status_Ex,EnterCriticalSection,_snwprintf_s,LeaveCriticalSection,_snwprintf_s,EnterCriticalSection,_snwprintf_s,LeaveCriticalSection,_snwprintf_s,EnterCriticalSection,_snwprintf_s,LeaveCriticalSection,_snwprintf_s,EnterCriticalSection,_snwprintf_s,_snwprintf_s,

19_2_00007FF8B7DFBBB0

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\PanV2CredProv.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE_TRADITIONAL.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanVcrediChecker.exe	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\pangpd.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\libwautils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_GERMAN.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaheap.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_32.exe	Jump to dropped file
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Dropped PE file which has not been started: C:\Windows\system32\DRIVERS\gpfltdrv.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\WdfCoinstaller01011.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\SET6DF9.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\PanPlapProvider.dll	Jump to dropped file
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Dropped PE file which has not been started: C:\Windows\system32\DRIVERS\pangpd.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.sys	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_FRENCH.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\libwalocal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaapi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_JAPANESE.dll	Jump to dropped file
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Dropped PE file which has not been started: C:\Windows\System32\drivers\SET8C10.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHip.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\PanPlapApp.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.sys	Jump to dropped file
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Dropped PE file which has not been started: C:\Windows\System32\drivers\SET80A6.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\libwaresource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\PanCredProv.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPSupport.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_SPANISH.dll	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	API coverage: 3.9 %
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	API coverage: 7.9 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\svchost.exe TID: 7136

Thread sleep time: -30000s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Queries keyboard layouts

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe

Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Last function: Thread delayed

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\wasm FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\js FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Cache\Cache_Data FullSizeInformation

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Code function: 8_2_00007FF8B8AFF950 FindFirstFileExW,	8_2_00007FF8B8AFF950
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Code function: 8_2_00007FF8B8AFFAD4 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	8_2_00007FF8B8AFFAD4
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E148E4 FindFirstFileExW,	19_2_00007FF8B7E148E4

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe

Code function: 8_2_00007FF8B8AF4D2C VirtualQuery,GetSystemInfo,

8_2_00007FF8B8AF4D2C

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Local Storage\	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Local Storage\leveldb\	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File opened: C:\Users\user\	Jump to behavior

Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d vmware, get our adapter name is %s
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netvsc_ppp.DeviceDesc = "Microsoft Hyper-V VPN Network Adapter"
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d DLSAV6, numVmwareIf = %d
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d try get vmware information
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{152fbe4b-c7ad-4f68-bada-a4fcc1464f6c}\ChannelReferences\1",,0x0,"Microsoft-Windows-Hyper-V-NETVSC/Diagnostic"
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: DiskId1 = "Microsoft Hyper-V Network Adapter Installation Disk #1"
Source: PanGPS.exe, 00000006.00000003.3006710182.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ; ConnectX-4 Hyper-V VF
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d pangp virtual adapter switched by hyper-v
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d ignore 3323, an vmware adapter???
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d DLSAV6, ignore 5006, an vmware adapter???
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netvsc.DeviceDesc = "Microsoft Hyper-V Network Adapter"
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-NETVSC/Diagnostic","OwningPublisher",0x0,"{152fbe4b-c7ad-4f68-bada-a4fcc1464f6c}"
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netvsc_eth.DeviceDesc = "Microsoft Hyper-V Ethernet Network Adapter"
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: CPanNetSetup::TrfExcludeLocalSubnet(P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d Traffic Enforcement: %s:numVmwareIf = %d
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: CPanNetSetup::RefreshDLSAV6Needed(P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d DLSAV6, numVmwareIf = %d
Source: PanGPS.exe, 00000006.00000003.3006710182.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ; ConnectX-4 non Hyper-V VF
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d found vmware adapter or virtual box adapter: %S
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d ignore 3982, an vmware adapter???
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-NETVSC/Diagnostic","ChannelAccess",0x0,"O:BAG:SYD:(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)"
Source: msedgewebview2.exe, 0000000D.00000002.3441253117.000002590DE46000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netvsc_mbb_gsm.DeviceDesc = "Microsoft Hyper-V GSM MBB Network Adapter"
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HyperVNetworkAdapterName = "Hyper-V Network Adapter Name"
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ; Hyper-V Network Adapter Name
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: VMnet(P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d found vmware adapter switch: %S
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: VMwareVirtualBoxVMware Accelerated(P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d new vmware name inside windows, ignore it now
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-NETVSC/Diagnostic","Isolation",0x00010001,0
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d found vmware adapter switch: %S
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-NETVSC/Diagnostic","Enabled",0x00010001,0
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d ST,PANGP, found it, switch by hyper-v???
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: Switch(P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d PANGP, found it, switch by hyper-v???
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d DLSAV6, ignore index %d, it is a vmware adapter
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d PANGP, found it, switch by hyper-v???
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d numVmwareIf = %d
Source: PanGPS.exe, 00000006.00000003.3008694933.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: GenericScsiVmLun = "Hyper-V LUN"
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d ignore index %d, it is a vmware adapter
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netvsc_wifi.DeviceDesc = "Microsoft Hyper-V WiFi Network Adapter"
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d Traffic Enforcement: %s:numVmwareIf = %d
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netvsc_mbb_cdma.DeviceDesc = "Microsoft Hyper-V CDMA MBB Network Adapter"
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{152fbe4b-c7ad-4f68-bada-a4fcc1464f6c}",,0x0,"Microsoft-Windows-Hyper-V-Netvsc"
Source: PanGPS.exe, 00000006.00000000.2978860740.00007FF6758FF000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (P%u-T%u)%s(%4d): %02d/%02d/%02d %02d:%02d:%02d:%03d new vmware name inside windows, ignore it now
Source: PanGPS.exe, 00000006.00000003.3009033545.000002861A5A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-NETVSC/Diagnostic","Type",0x00010001,2

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe

Code function: 8_2_00007FF8B8AFE648 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

8_2_00007FF8B8AFE648

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe

8_2_00007FF8B8AF3B59

Contains functionality to dynamically determine API calls

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe

8_2_00007FF8B8AF3B59

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe

Code function: 8_2_00007FF8B8AFCF80 GetProcessHeap,

8_2_00007FF8B8AFCF80

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Code function: 8_2_00007FF8B8B00EC8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00007FF8B8B00EC8
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Code function: 8_2_00007FF8B8AFE648 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF8B8AFE648
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Code function: 8_2_00007FF8B8AF438C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF8B8AF438C
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E0EF30 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_00007FF8B7E0EF30
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E07A24 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	19_2_00007FF8B7E07A24
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Code function: 19_2_00007FF8B7E081FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_00007FF8B7E081FC

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe" -commit	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x110,0x160,0x164,0x140,0x16c,0x7ff8a7a58e88,0x7ff8a7a58e98,0x7ff8a7a58ea8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1792 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=MojoIpcz /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2516 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=MojoIpcz /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=3000 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=MojoIpcz /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView" --webview-exe-name=PanGPA.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1730120263967503 --launch-time-ticks=4791055134 --mojo-platform-channel-handle=3408 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=MojoIpcz /prefetch:1	Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-376 --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=mojoipcz --mojo-named-platform-channel-pipe=5408.6692.18028064762265798369
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview\crashpad" --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x110,0x160,0x164,0x140,0x16c,0x7ff8a7a58e88,0x7ff8a7a58e98,0x7ff8a7a58ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1792 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=mojoipcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2516 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=mojoipcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=3000 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=mojoipcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1730120263967503 --launch-time-ticks=4791055134 --mojo-platform-channel-handle=3408 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-376 --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=mojoipcz --mojo-named-platform-channel-pipe=5408.6692.18028064762265798369	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview\crashpad" --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x110,0x160,0x164,0x140,0x16c,0x7ff8a7a58e88,0x7ff8a7a58e98,0x7ff8a7a58ea8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1792 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=mojoipcz /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2516 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=mojoipcz /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=3000 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=mojoipcz /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\palo alto networks\globalprotect\gpaedge\captiveportalurl\ebwebview" --webview-exe-name=pangpa.exe --webview-exe-version=6.3.1-376 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1730120263967503 --launch-time-ticks=4791055134 --mojo-platform-channel-handle=3408 --field-trial-handle=1800,i,11688773997540430424,5847246775237165280,262144 --enable-features=mojoipcz /prefetch:1	Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe

Code function: 8_2_00007FF8B8B04F80 cpuid

8_2_00007FF8B8B04F80

Queries device information via Setup API

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

19_2_00007FF8B7DFBBB0

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\pangpd64.cat VolumeInformation
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Queries volume information: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log VolumeInformation

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe

Code function: 8_2_00007FF62C3EE5EC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

8_2_00007FF62C3EE5EC

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

Code function: 19_2_00007FF8B7E04BC8 GetVersionExW,EnterCriticalSection,GetLastError,_snwprintf_s,LeaveCriticalSection,GetLastError,_snwprintf_s,

19_2_00007FF8B7E04BC8

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

AV process strings found (often used to terminate AV products)

Source: PanGPS.exe, 00000006.00000003.3017385751.000002861A5F9000.00000004.00000020.00020000.00000000.sdmp, PanGPS.exe, 00000006.00000003.3015609756.000002861A5F9000.00000004.00000020.00020000.00000000.sdmp, PanGPS.exe, 00000006.00000003.3017683829.000002861A5FA000.00000004.00000020.00020000.00000000.sdmp, PanGPS.exe, 00000006.00000003.3017563730.000002861A5F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PGSETUP.EXE
Source: PanGPS.exe, 00000006.00000003.3017385751.000002861A5F9000.00000004.00000020.00020000.00000000.sdmp, PanGPS.exe, 00000006.00000003.3015609756.000002861A5F9000.00000004.00000020.00020000.00000000.sdmp, PanGPS.exe, 00000006.00000003.3017683829.000002861A5FA000.00000004.00000020.00020000.00000000.sdmp, PanGPS.exe, 00000006.00000003.3017563730.000002861A5F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 123.exe

Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION			Jump to behavior
Source: C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION			Jump to behavior

Stealing of Sensitive Information

Modifies the DNS server

Source: C:\Windows\System32\svchost.exe

Registry value created:

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
162.159.61.3	chrome.cloudflare-dns.com	United States		13335	CLOUDFLARENETUS	false

Private

IP
127.0.0.1

Contacted Domains

Name	IP	Active
chrome.cloudflare-dns.com	162.159.61.3	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://chrome.cloudflare-dns.com/dns-query	false	URL Reputation: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Config.Msi\48bcea.rbs	data	3BFE94E346AEF2BF07BCDECDA16D5303	8CFE23AA091221C29880F01AD4B7CDBA28C224DD	FB6611094A71E7F1005FABE8FEF397E0244CE720DA1DB25DA9E759267B3687B0
C:\Program Files\Palo Alto Networks\GlobalProtect\Connected.bmp	PC bitmap, Windows 3.x format, 106 x 112 x 24, image size 35842, resolution 5668 x 5668 px/m, cbSize 35896, bits offset 54	9ADB0FBD8A5A08422AFFF58D27B5DFB5	57E3084A8CB347679AB21B901D3E281BB6759325	5827D6F83617DAE8FA63963C318F36BAA978E66C532A5EF34FC38FA6E7AB99EC
C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedFail.bmp	PC bitmap, Windows 3.x format, 106 x 112 x 24, image size 35842, resolution 5668 x 5668 px/m, cbSize 35896, bits offset 54	FAB748173122877AFF2FFE9BB46C5515	88AE0759F4858C08BC24FA9D21439F0A272A536E	12F12EAAC7630DA461D5532B7F7C06E13F615C7B8542C0A9FAC31696A59F1F17
C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedInternal.bmp	PC bitmap, Windows 3.x format, 106 x 112 x 24, image size 35842, resolution 5668 x 5668 px/m, cbSize 35896, bits offset 54	619F1B08AA639F872325BACC337C07B9	B4164EE2619E14CB450F2DB6AAD5F9D805DA3010	C16E81075EA202363D6870FB0F2BB7BDF7006AC46EEE554C9C6A6B242EBE28F2
C:\Program Files\Palo Alto Networks\GlobalProtect\ConnectedNone.bmp	PC bitmap, Windows 3.x format, 106 x 112 x 24, image size 35842, resolution 5668 x 5668 px/m, cbSize 35896, bits offset 54	8772D53AAE99B7CE8E2D764D9E39E8A6	5982EB1F521F47FF3A04D3611A04620EB02DD57E	9FB7DD4B421EF3EF199BE518031AD615F488EE4C44177B471B068C6053D18BAB
C:\Program Files\Palo Alto Networks\GlobalProtect\Connecting.avi	RIFF (little-endian) data, AVI, 88 x 88, 10.00 fps, video:	73D63A2508E2DFFC0AD80010FE97A47A	CB6F2F4D77DF3CA95B0E64DF7A67DC19B3471121	8F8C4EFB5F546E71A6928627B07FDB7FCD9FAC1AB8CCC7EB6C0CA7D16C52C1E4
C:\Program Files\Palo Alto Networks\GlobalProtect\Connecting.bmp	PC bitmap, Windows 3.x format, 83 x 83 x 24, image size 20916, cbSize 20970, bits offset 54	F5BF14AC5EEC10973A49C4E78225910E	79D8DF686F52FE5D2464D771BC003D4406ECD5E2	D9A94BCDA2A5B2E90DDD97494E361C27B68ACB18D9AEF2267F1F774CF8C35FDD
C:\Program Files\Palo Alto Networks\GlobalProtect\DEM64.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {F9DDF353-9E3A-4895-8363-68BBB8975543}, Number of Words: 2, Subject: Access Experience, Author: Palo Alto Networks, Name of Creating Application: Access Experience, Template: x64;1033, Comments: Installs the services required for the Palo Alto Networks' Access Experience., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200	C86935C1387D036155663CB74DAD53D6	8B00E951D3036409C165CF5B7FDD08D4AFF3A9B9	43932B3E084870B7C25EAEFB5547BDDC463973066F655699BCCC84A0251B9A6D
C:\Program Files\Palo Alto Networks\GlobalProtect\Decimal-Medium-Pro.otf	OpenType font data	A754D31D11186B8F1370B8382ACB1118	36955F22EB4CD9CB9C8820418B59B808DECB5275	A8AD7F4D6E1FFB353CC1BB5AB32C4B0D5C9F75451A21A0D374EFEBCA745B8B5D
C:\Program Files\Palo Alto Networks\GlobalProtect\Lato-Regular.ttf	TrueType Font data, 16 tables, 1st "GPOS", 30 names, Macintosh, Copyright (c) 2011-2015 by tyPoland Lukasz Dziedzic (http://www.typoland.com/) with Reserved Fon	3B9B99039CC0A98DD50C3CBFAC57CCB2	F59F9E4F3CBEE981A5E6F58A279F9B9613F22599	6F6940BE0835C3DDEC9199E5FC42BE4CBC61EBCFD58C623FDF719366253F1780
C:\Program Files\Palo Alto Networks\GlobalProtect\Lato-Semibold.ttf	TrueType Font data, 16 tables, 1st "GPOS", 34 names, Macintosh, Copyright (c) 2011-2015 by tyPoland Lukasz Dziedzic (http://www.typoland.com/) with Reserved Fon	3C6CFB1AEBD888A0EB4C8FBA94140FA6	96569E2CFCC3A298BB1AEA21103D0D1E3C7E2ED4	2DC5D31E2CF1E29F3430EB2DFA1BA9911E08EE401B61DD12F40E0ACB047A17A3
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe	PE32+ executable (GUI) x86-64, for MS Windows	300C8D493829B89674AB840CF163A111	4565D4EBE4B34EB6F8AE9DFB55DB64987227E8B5	F464A8BC54F677A89511CCF543061738349961E5BD4CE1D0C2A8B5E227370CB9
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	B9272CBEDEAA100A55E5002DC0301C6F	8349D7352840CD594A37ACD601607A37EEF4A715	A8A3B7400D8A3C66B856FE2F30F6BA4AB7595DEF8453D2D1564B5822CBBB07BA
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	6D0BAD081A48FB5757F9C2A3FC3C8D53	4C016451AC022B9403484BD3EBE66C818AFEA54A	5640CEDBF1084B07B7D7663D960E73573A00C2262924051F6B98A58FDCDAC576
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_CHINESE_TRADITIONAL.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F964A6B4FB93C30473F94D7ABA3B35C1	ED075BD9679F48CA0DC0461CD6B1F6D37EC70A2E	524BE2565BC48FD52674C20FAB40871B424B499392195C9F1A8498706D80C68A
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_FRENCH.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	A5F8B2F5F96B2C53B3DE8E424E8EB94C	D95334A394DE5435876753D420F9C3135B4885B7	8813AEDB39EB257B89D6708C86FD5F570E7A85D0A35BED184D19AE1A645D4F3E
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_GERMAN.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	919ACF2095C071B01D1AF8E297598DC4	DE2220BE899408440054CD3C60C7FBAAAB2EAD19	822AA3B7A15A3FFD4945EF68C3CC2FE2F25B451F9A1F46895424EF5394B474BF
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_JAPANESE.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	48613CA9D7D0CA65FD7AE4A68D31AB62	FD0EE3CB065DF9BFB591CDEC2544249C1EFBF220	CC05F4095534A71DD9D4E3DB80C9A5EB5DB9D577552F7AF6F7DAA266F8931EF1
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA_SPANISH.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	E4216FFCDE360D8E4C49C95F4287C0FD	AB2F569FBA48C9A198B8F6F722009DA8DC6218E6	9EDA20F2B986E0421D86A20A67796EBF9732CB2A7023D13D4C3EF2A55532E808
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe	PE32+ executable (console) x86-64, for MS Windows	D9A82015A96F7EBEBD1B30F6B0BA1F86	3398107DF3BBC951663DD3B335AC52B64FDF62ED	8A5D9B33B6881595A84BDF4D04E9CD924F1891FAB6313E354191E6FF39D8CE9F
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log	data	288B9B5F2DA66CA3EC8CF90721D5A575	A111F028C2D2B1E974B202A6D380C3A8558B203E	9F848126E46BE867676E0EE58544A2F4A0801204459ACAC08731EBD59820679B
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPSupport.exe	PE32+ executable (GUI) x86-64, for MS Windows	2293718D82A76F30435E9825BB0AE92F	91ABEA6E0BC45D08F9BC760A4A55966CCEA2BCFC	20D6302A70AE3A9D62429DF8311EDA68B0DD18ADC6B6E12959E7C619BBB50168
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHip.exe	PE32+ executable (GUI) x86-64, for MS Windows	E8159542741FC0F7F695EF2B956CA6B2	C477AB578825FD695A0986CCDCAAE48AE593C750	C2FFDA20D713C38D3D4D43591F347C0A183AF1F909A69B2BFF48CF4B080E9884
C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe	PE32+ executable (GUI) x86-64, for MS Windows	C9E1F407BB029DC73412D60129FFA1BF	7BD79D0008289A3852085914F494F1ECF6D22E5B	06F6FD00C8B152612ECD02C476A23FA4E3D836C7D9B87F70ABA04D3DCC80B4F3
C:\Program Files\Palo Alto Networks\GlobalProtect\PanMSAgent.ico	MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel	2FBC3DDD9597EA3C6A621CC3832CEACD	69A53CEAB84D786D30FDF38BFFC8862873CE6CD8	FCB8A6C4CEC48D4B67C504C32A0964AB570705CAD1E627C90BA800349BEFCFF1
C:\Program Files\Palo Alto Networks\GlobalProtect\PanProxyAgent.log	ASCII text, with CRLF line terminators	A3718A9CDF82F2CB317D215BCB0AB124	EC10330CBA2A84B2536BA5E55E33EEEFCD35BF73	CA40750B7AFE2CB9A369D5D69BC711E4D0FF1D7175691DA0EE81A18E9DE8E82D
C:\Program Files\Palo Alto Networks\GlobalProtect\PanSupport.ico	MS Windows icon resource - 5 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 96x96, 32 bits/pixel	4ABE455BAD5FFFFA43741DEBBCBD07E5	C66B072E967EBAFF3B7F6F9A96C41602F5E75CE9	2E47D2B23A1954EDA142FDE7012F2D9F68DD92FC358F90A099A1C03A20BFF7D8
C:\Program Files\Palo Alto Networks\GlobalProtect\PanVcrediChecker.exe	PE32+ executable (console) x86-64, for MS Windows	6E994B7F3FB71C1F25BC28640AB4098D	BD683799CA682874B3320B73DDE04967CF57588A	8E6152304A7D486D01014F10C0BCD5CC5165F786A27CF4BE270804E9057A2C44
C:\Program Files\Palo Alto Networks\GlobalProtect\PsvCtrl.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	C1AD035030D04609CB3091C888609801	7808449F0707CA20A5C2E728FB69764C2C06402E	4DA8F3661CBED7E9EE2080FF58F1E78C59561870A48F2C2C6AEB9E2D6F420FD3
C:\Program Files\Palo Alto Networks\GlobalProtect\WdfCoinstaller01011.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	B7B997EEAE8FD59A0566F9875D38782F	39EB78FD8A27B574E0C26EB07DC77F66D8EC7650	F3C2024FB36DD8F56213E568918C6FEC41D133AAD79A2BA8A47B190D6348AA02
C:\Program Files\Palo Alto Networks\GlobalProtect\WebView2Loader.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	A811DC19F3F87E30A3B41B23A4D4095F	3166B82C20060EA0FFCB653E574E86F6BF81D2EE	96690E989A8EEE97D93DA058A91EA2A98F715DEDD15E3B255852BC1724CA2BB0
C:\Program Files\Palo Alto Networks\GlobalProtect\app.sig	data	84E394F5952229EF69E944B39637292C	FB7F6B738237A72E9F2F16592938AEB6CB2BC88A	CFA5099D0E96332C6912A861FBE610A8BD1D89E5ED40415CD82A870BA9B415EB
C:\Program Files\Palo Alto Networks\GlobalProtect\bitmap1.bmp	PC bitmap, Windows 3.x format, 10 x 9 x 4, image size 72, 16 important colors, cbSize 190, bits offset 118	20CD4FE4ED54D9529F198B7984E79EE2	C09067019768C47F675CC8794CBB2E5475CC4BEC	3D8FCA9479647B5676AEE59D91E8B5FE939EA0F07C0C53F30A7B0BD93C75A7B3
C:\Program Files\Palo Alto Networks\GlobalProtect\bitmap2.bmp	PC bitmap, Windows 3.x format, 10 x 9 x 4, image size 72, 16 important colors, cbSize 190, bits offset 118	7B12BDCE40352F5835B47A97F60B6C7B	281966975816DB21B38991EB7A1FDD10DF26950E	18A6A8E7452DD319587EFD4A48206D7D6CECC0DA22FBD92354211A52F499E6A0
C:\Program Files\Palo Alto Networks\GlobalProtect\bmp00001.bmp	PC bitmap, Windows 3.x format, 10 x 10 x 4, image size 80, 16 important colors, cbSize 198, bits offset 118	11A6FC5112B16C750CE9C435B9D9ECDA	30EC46FE5B5EF72BD3318714E1F2BD950E561325	F9EA18599390E773A66A1B7351DBA4E9ED912405B706EB5938B1E53B38A50157
C:\Program Files\Palo Alto Networks\GlobalProtect\bmp00003.bmp	PC bitmap, Windows 3.x format, 10 x 9 x 4, image size 72, 16 important colors, cbSize 190, bits offset 118	7B12BDCE40352F5835B47A97F60B6C7B	281966975816DB21B38991EB7A1FDD10DF26950E	18A6A8E7452DD319587EFD4A48206D7D6CECC0DA22FBD92354211A52F499E6A0
C:\Program Files\Palo Alto Networks\GlobalProtect\close1.bmp	PC bitmap, Windows 3.x format, 10 x 9 x 4, image size 72, 16 important colors, cbSize 190, bits offset 118	12378638D5D9629DF029B8680F66F623	A9AC4D707781A6BBA1D9890F2BE6981CD51FA4BF	BAE5470B6825A087B88449D189152807D32DAEDCE5C6D4C4724D4AC60A31E1CC
C:\Program Files\Palo Alto Networks\GlobalProtect\close2.bmp	PC bitmap, Windows 3.x format, 10 x 9 x 4, image size 72, 16 important colors, cbSize 190, bits offset 118	6C08943777106D71DBAD1C57832F7BD6	726CAE4D66D7470BFAEAB7D7A9756813B0ACD542	654B7A31ED9A0A532BC3851427BACA56BF98B803A34CEED715F7A9C66285378D
C:\Program Files\Palo Alto Networks\GlobalProtect\close3.bmp	PC bitmap, Windows 3.x format, 10 x 9 x 4, image size 72, 16 important colors, cbSize 190, bits offset 118	12378638D5D9629DF029B8680F66F623	A9AC4D707781A6BBA1D9890F2BE6981CD51FA4BF	BAE5470B6825A087B88449D189152807D32DAEDCE5C6D4C4724D4AC60A31E1CC
C:\Program Files\Palo Alto Networks\GlobalProtect\debug_drv.log	ASCII text, with CRLF line terminators	4D70D3A5B0D8C4E6D60843443C977482	1EAD7618CDC8B324A2E35539F5DBF68ED3845596	C418633DEDBFFD324A646053C31FC533EBD2804880C1C204D06BF80F2EBCB15F
C:\Program Files\Palo Alto Networks\GlobalProtect\gp-public.pem	ASCII text, with CRLF line terminators	55DE7241A5CE4738FFDB2B090820A47A	6F5CF924183158EA6A564BF09B3179DFDAF23453	8763DC9A8CCC052DFF63C04C4DC0333B68E1860B7BDAD824FBAF096275B9F859
C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.cat	data	0FF3F46C852A8809AC12AF4AF492D833	B93073ACB1DB35A4DE9475AEDE68766EFB3A4E77	99A812D309E6B40F75BAF27FACC44880AD4A04F65D9731CDA2F94CAADE530510
C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.inf	Windows setup INFormation	083330FA0340784145012D1210630F6D	5C9F3DCB0F3CA0050124A372527EDB5CA5EF42CC	C6D158F7747DA61EB40A21BDAC1EF3DFC852806F6080306E191F29F55749109A
C:\Program Files\Palo Alto Networks\GlobalProtect\gpfltdrv.sys	PE32+ executable (native) x86-64, for MS Windows	D9B1F383AD60E687B7A8347241683C50	293FE84008105EFF5AB9ED1D0338EEA32138A3D5	8E438A6E3C6FFE966644E02691CF15D1FAABC522AEF8BA1D6E969A4FB0B650EA
C:\Program Files\Palo Alto Networks\GlobalProtect\libwaapi.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	98E05F30B856E880453418A67DAB6740	EFA381338AEE5A0FAA4A4BD6CD80DC104938FC74	25081B547184615E9E9E4E79F18D09135BA15C0C23F0B0E2BA45B87403A6AE04
C:\Program Files\Palo Alto Networks\GlobalProtect\libwaheap.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	92CCC4179E359E9CCAD1130948D64330	829ABBBE9E56BF0DB696A95744F2E4E1D5EF8C0E	0BEDB14AFDD123A59743B51B7A1AAB8AD46110F73C280C58A5869B22A7D788F9
C:\Program Files\Palo Alto Networks\GlobalProtect\libwalocal.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	951778E5CC38970B1CDF6B9169C641A5	C7A5624F24ABF4890735751DCF560FC857F37767	864166F27ABA6FB7149C57FB5EEB8569459D211A9A4E055D032CF0F16C628E95
C:\Program Files\Palo Alto Networks\GlobalProtect\libwaresource.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	738DCAC532DE76944843D91633A5133A	A062B74368781A6BF035E5738D446E43162300E7	5DE59EAFAF1B243BE786F48304BD0A1718CC265C474C5A80BBCEA87EB759C0C1
C:\Program Files\Palo Alto Networks\GlobalProtect\libwautils.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	C359466310A578FA11D16AD05F4774B1	6D628FE726A48DC27C8728C968728EB73FD85A84	FAD827890CC73A50B639085E2EAC05EDC0DC135E3FC8BAACD9C42C6EE4A3AD47
C:\Program Files\Palo Alto Networks\GlobalProtect\license.cfg	JSON data	68C9C3FED0718775973952E8EA2BDF82	1F6A66A905EEDA7C8450202B301741B4649C69FB	28B72358D00A0380F22A5C60F7C8AF6B9D62DA3F2C419FBFDA809A7226C39C15
C:\Program Files\Palo Alto Networks\GlobalProtect\message.bin	data	8B1870BC7E7914D528927EE60DF8DB32	63B92F21223FE76BD4369BBCB5FFFE8193E6195A	269AD59FF16566940EE349E1B79A922D011D94C882081362C3F6D4BA25E581B2
C:\Program Files\Palo Alto Networks\GlobalProtect\pan_gp_event.log	ASCII text, with CRLF line terminators	6DC292C79D71268EFFA76DB7062D55D6	B83A3BD5B80FD4A9CF5070E35F97E987ED5A70DE	7F74B32645D9D6D3F58BA02B6BBA32D55B0B7F8C6A5A33D151B3E64312875D52
C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.cat	data	A17145CED05A0C6F38AB3C0425701732	4EF64B143BBE05FBBE0D053B80088C0BBAF1FFE9	BB0FF85E3D7E8B12EBAEAEB2EE77CAA702E5439718609C1D62074D6F594E3CF9
C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.inf	Windows setup INFormation	FC97A101113D88276C58400BBA7AAF77	814D0C9FBDEE6B3DABA6D18389536FDE536D3B2D	20B44F3859A6FF1B7C644FC90CED4E7AB37CCF5CB50EC21D59A92906932A4842
C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd.sys	PE32+ executable (native) x86-64, for MS Windows	6CA91596CFAE2079BA66BFBB099F41E6	12729569CA22D782630E988C56A6472D8CFB96AA	9CC08F70555E3958E1676FBA56B12D482EF961F8FDBBA9E69DB7A44F3B007A02
C:\Program Files\Palo Alto Networks\GlobalProtect\pangpd64.cat	data	6F4E74E781E6BCF142DD838CFEBB41C7	F4943F6168827C6E6E5CB4F9E7D34B35398D66C9	F6F9275BE2DA16360F7498DD1B4631F9B19FFF816D8A025B0146C20572B1A1EA
C:\Program Files\Palo Alto Networks\GlobalProtect\res\Panw-Logo.png	PNG image data, 497 x 69, 8-bit/color RGBA, non-interlaced	FB91B28E8398A4ECDA31A0AAFFEB2B82	F5D7F15476CBC090DB457C52069BBF77C013EC07	304E8284FC9DFDB620216A10E76C7FF7EC1025E10B49D26A1E0B81C4881ECA9E
C:\Program Files\Palo Alto Networks\GlobalProtect\res\help.chm	MS Windows HtmlHelp Data	530E871CA76D7DAF1BCEAF6A3F91CA2A	87554907394F32689BAD4AE02362EF58DF726C5E	D17AAD0639FA874F2C9AE69D5DA43A237BB162A2397B20ACA813B13421756137
C:\Program Files\Palo Alto Networks\GlobalProtect\tray_busy.ico	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	5E3A3BD61AB39532B1BFB045066F6ABF	063E92D47F1E2C7381916336736E557EAC49C88E	DE96FF2264AF2B47289AD255FA68B2790433298916231226B4B83D3DE6D859A5
C:\Program Files\Palo Alto Networks\GlobalProtect\tray_ok.ico	MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel	5CE27F3AE8EBE259AB7C07E5B3FCDBFF	9C47C6D079C807AC2BDED50FEF226F1D00F13FEE	FBF8BFD212ADF90ED0B77A9F925EA1A54048E4E30F85D7B33FBEA016066507AC
C:\Program Files\Palo Alto Networks\GlobalProtect\tray_ok_msg.ico	MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel	73EAC94B0F95147466F346156AD520F5	DE51716E7E17686DA59C1BCA9AE40517A89B91BD	91F2C66868A593185BEB0284A602AF85B098C576ED0190B6D25BFFA7B538BDD1
C:\Program Files\Palo Alto Networks\GlobalProtect\tray_stop.ico	MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel	98D1ED97265CD2F09211A006F896D145	11CCAB22535BDD2EE25DA99F536C4B52A06B66F1	97A5443C3FA89AF6A971E42CBDBFA6280EC79624AC942E2580F21519F34F1CB0
C:\Program Files\Palo Alto Networks\GlobalProtect\uninstall.ico	MS Windows icon resource - 12 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel	BB92CF1770EE4753DE901FFFB459B10C	1792E3C335B123317643561AEE8BAE0EA4FCC99A	46F7E20DDD21BAC0C45B01F0DB1C5458FFDA24CA61F9D03B874DBFC3A2DBE41B
C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_32.exe	PE32 executable (console) Intel 80386, for MS Windows	FBF3F390C34BCBED6BEADDB22DA21925	F25A4655C55F46FE4A8AD453CA1CDAE4490B0132	8A0186470697C903944F194AD4C7B6A5F1062AB420F3CF33CC53305ACD10F6D3
C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_64.exe	PE32+ executable (console) x86-64, for MS Windows	B484EC47569E3F315AD7087F69D2B230	60A77774FCFF9AD4F77A3559BB27BA14DB932956	7FE717EDDAD5176E525C3B5A66711A8121D7A09D61178A9DE99FF0EA03648962
C:\ProgramData\Microsoft\Network\Downloader\edb.log	data	9E2DF59D67B604737E1E936078DE0396	6EFECBBB8D843F0B5E782501D0DCE08523D90E32	AA897DDB2B48E90B8D3E6C7C2806681AA606BF1504DE3CFC353F3E7AC0FDA15C
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db	Extensible storage engine DataBase, version 0x620, checksum 0x9ed53046, page size 16384, DirtyShutdown, Windows version 10.0	D18C2E1B79CFF2544BE795809B598B24	E1B3223F3AAC10045176F06285F946AE526C4329	C33B81287658D3EFCFD93F607F955566C577EE856650BE99DE51C295ECF9C2C4
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm	data	F13B341FC572C6BDD6A4624B1533EBDB	8F03F13E578592DB382F875DF060B98E5B1B83D6	2603186EB81E01588EF267CAE22561ACF945F71BBE67E2A369099CA4B0E8B494
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks\GlobalProtect\GlobalProtect.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide	0C070B9BAF164D8D4A0FCDF4105D4003	8D3DB81256DFEE7FE9C70ECEBE7FCB6561AE7E77	946668AF1E595790ED79F9BC5CD634943131E75D986416A8974734F3961B86A8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks\GlobalProtect\PanGPSupport.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide	855A989498313154B2F31113886CBAE8	3C9E6EA3D858D820856DBAACA7F76511A6110B11	9FE583482555579F11665082F54AFB10B7CD2754A6674BC0C79B1711BA816DF7
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\1bf33a02-f4dc-428a-b8a6-f5eb9dde1474.tmp	JSON data	853EEE2C56907EE962C494B631F386EC	1AC92AD371B448D71BEFE26C903FA206E932C3D1	C5DF2B53980E8FF7CB3DB2FA4C15F029502427CDC50A94AC5E664F107F2A998B
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\5b1008cf-42f4-4961-bfa0-57a7ed4e3ae7.tmp	JSON data	892CCD8595A8BD46AEC4117C3F35BE28	78FFA6639E437E4EB98680EC544ABA5517B9E601	0829349B10B000EB9BB884ECD36D529E9B0E8A5CC2AE32B388F1FC5721746F57
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\BrowserMetrics\BrowserMetrics-671F9CFE-578.pma	data	28FDFA86040BC21D5FEBFA181B3C67DE	8D5E02428562ADA1F31B45E74214C5C3867C6031	AB7CA73BCBBB956767623985E1575A7A6DB5C4CFBD3C1E2CC04CF98E1EB9602B
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Crashpad\settings.dat	data	E17F12CF68D08BDBAC228FE580FC5C1F	A26EB34365BF50D6E964B07C41281D786905389C	0A94C85088FC49E0076A5C731058D40DA4365BA05A6B62E17AD203A89011D0C8
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Crashpad\throttle_store.dat	ASCII text	9E4E94633B73F4A7680240A0FFD6CD2C	E68E02453CE22736169A56FDB59043D33668368F	41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Cache\Cache_Data\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Cache\Cache_Data\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Cache\Cache_Data\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Cache\Cache_Data\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Cache\Cache_Data\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	F3B9B7E4F634D6192DCA62E96046C17F	E67AEC7F63C47C61BFC9F6A74EB660A9952AC3E8	7731C61DA3395E87DEA67DB7BF6E3F16C99AD8FF76224E217BB9D8F8C9333FEC
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\js\index	data	54CB446F628B2EA4A5BCE5769910512E	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\js\index-dir\temp-index	data	4D0CB186B7935FE5BA0D074D42FAF8C2	1A31CCB9BE9725C488645A39D0FC4747E15E0AA1	1AD7194F7ACD2DA5A347FEDF0B000695D6CC7F6679CD2A8FAF5FB2B6D1B14355
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\js\index-dir\the-real-index (copy)	data	4D0CB186B7935FE5BA0D074D42FAF8C2	1A31CCB9BE9725C488645A39D0FC4747E15E0AA1	1AD7194F7ACD2DA5A347FEDF0B000695D6CC7F6679CD2A8FAF5FB2B6D1B14355
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\wasm\index	data	54CB446F628B2EA4A5BCE5769910512E	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\wasm\index-dir\temp-index	data	4D0CB186B7935FE5BA0D074D42FAF8C2	1A31CCB9BE9725C488645A39D0FC4747E15E0AA1	1AD7194F7ACD2DA5A347FEDF0B000695D6CC7F6679CD2A8FAF5FB2B6D1B14355
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Code Cache\wasm\index-dir\the-real-index (copy)	data	4D0CB186B7935FE5BA0D074D42FAF8C2	1A31CCB9BE9725C488645A39D0FC4747E15E0AA1	1AD7194F7ACD2DA5A347FEDF0B000695D6CC7F6679CD2A8FAF5FB2B6D1B14355
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\DawnCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\DawnCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\DawnCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\DawnCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\DawnCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	491B130011A7003FA65E0964A22FF327	4100A89B7BD7E49813CFF125B69586A02FFBDC96	04C29A3FC07675DF464DF996767CB196EDE42B7F142A714A79199CBDBC1F13F1
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension Rules\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension Rules\000003.log	data	51A2CBB807F5085530DEC18E45CB8569	7AD88CD3DE5844C7FC269C4500228A630016AB5B	1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension Rules\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension Rules\LOG	ASCII text	5C15F20F4AB653286EB88B5F2B7217EB	B6CD3F942C2E5CFC2C5CAD275B4F57CB1A1BB107	93F2508852BF96442E4F1F0732AA440763D524A087330EEE645C27B5754C3DEA
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension Rules\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension Scripts\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension Scripts\000003.log	data	51A2CBB807F5085530DEC18E45CB8569	7AD88CD3DE5844C7FC269C4500228A630016AB5B	1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension Scripts\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension Scripts\LOG	ASCII text	EA0CD158644D162CC3BB56745C20F22A	B05BE662F4BD33475B1FEC2ECACF5E5D28FCB90C	0C800D534FCCAA2C128877AE948F5035E46AB74005548C60F2353731CF61555B
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension Scripts\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension State\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension State\000003.log	data	891A884B9FA2BFF4519F5F56D2A25D62	B54A3C12EE78510CB269FB1D863047DD8F571DEA	E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension State\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension State\LOG	ASCII text	70B0535FE749571E3532E63676AA5165	D4CB255456FBE035DE6B83A4EC473D5CD431EA7A	A4C92D3B51F0E676BD0E563EC90522D7F1F1A7F115E71F36A82F28067CAB06C9
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Extension State\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Favicons	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1	F5BBD8449A9C3AB28AC2DE45E9059B01	C569D730853C33234AF2402E69C19E0C057EC165	825FF36C4431084C76F3D22CE0C75FA321EA680D1F8548706B43E60FCF5B566E
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\GPUCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\GPUCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\GPUCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\GPUCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\GPUCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	6714B696C8B19E9DC3E8A9A6798B9ACC	04DA8AB26168502C9581D1305F72A8711F281068	7354F060DA519C782BA4459374423DF52051D85E7E0B47F6B39846DB1D4A32B1
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\History	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1	7B955D976803304F2C0505431A0CF1CF	E29070081B18DA0EF9D98D4389091962E3D37216	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Local Storage\leveldb\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Local Storage\leveldb\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Local Storage\leveldb\LOG	ASCII text	6D18A5EEB5EDA546094FBF9CD45E5A54	906144F0F24A37113C74955A99D29E31DB77C223	D6B2AEAE502A9A7869F570B530CE59BD0DE9B3C6CF6C718A70A9E28C6BA7EB4D
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Login Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 21, cookie 0xc, schema 4, UTF-8, version-valid-for 1	FB3D677576C25FF04A308A1F627410B7	97D530911F9CB0C37717ABB145D748982ADA0440	A79300470D18AF26E3C5B4F23F81915B92D490105CE84A8122BF8100EC0C7517
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\8ff8253f-6b68-46e8-8f4c-2409e7add71c.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\9027cd4e-491b-4d2a-bad3-d38ca88a2101.tmp	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\99277476-34d4-4b90-97f2-35d8c7a1d2f7.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\Cookies	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\Network Persistent State (copy)	JSON data	2800881C775077E1C4B6E06BF4676DE4	2873631068C8B3B9495638C865915BE822442C8B	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\Reporting and NEL	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4	9AAAE8C040B616D1378F3E0E17689A29	F91E7DE07F1DA14D15D067E1F50C3B84A328DBB7	5B94D63C31AE795661F69B9D10E8BFD115584CD6FEF5FBB7AA483FDC6A66945B
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\SCT Auditing Pending Reports (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\SCT Auditing Pending Reports~RF491dc6.TMP (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\Sdch Dictionaries (copy)	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\Trust Tokens	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3	25363ADC3C9D98BAD1A33D0792405CBF	D06E343087D86EF1A06F7479D81B26C90A60B5C3	6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Network\aeb49034-d027-48bd-824f-cbaba04607bc.tmp	JSON data	2800881C775077E1C4B6E06BF4676DE4	2873631068C8B3B9495638C865915BE822442C8B	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Preferences (copy)	JSON data	DC92F638DDDCF0F15FDEA6F5DA306084	BCEB07885376A01E7C11CBC182F6AE807B9CC0E1	26C066615C968DC1ACBEADB1D393E0A5A096B9C59CA1E624CCE3E3FBC641D19F
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\README	ASCII text, with no line terminators	643E00B0186AA80523F8A6BED550A925	EC4056125D6F1A8890FFE01BFFC973C2F6ABD115	A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Secure Preferences (copy)	JSON data	C755CECBCFD865EB9EEFFEDD916671A6	A49F89D34A8B7F140417E042D20A573A0DB24375	4B0DBD5DA257BEE9085A0F3D4843FD22EA7D5BD009A4C16C92747909BB1AF564
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Site Characteristics Database\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Site Characteristics Database\000003.log	data	148079685E25097536785F4536AF014B	C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41	F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Site Characteristics Database\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Site Characteristics Database\LOG	ASCII text	85988E782E23040711C47C9ADBE2D7F3	59D9E70D23EF7FD08D0073700B0439D6FE8EE545	FD8565CF305F775CA0829E6C87B1D8F95C290A4BAE0355FB02183C1BB462710E
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Site Characteristics Database\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Sync Data\LevelDB\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Sync Data\LevelDB\000003.log	data	90881C9C26F29FCA29815A08BA858544	06FEE974987B91D82C2839A4BB12991FA99E1BDD	A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Sync Data\LevelDB\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Sync Data\LevelDB\LOG	ASCII text	C5D692B99189A53D22FA6AB90EB9193C	BBA12975D0BFBF2521D134EF0627CC5A2EFA6490	6AFF3FC95DACCE7E912418163905BFBBEB98A909442C42630D2DD3D30596DACC
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Visited Links	data	EB0A70F03C0737E9E5F5BDA5E4DE961F	FAADAE16508EBB0C818DC2B6C954887FB78B1E0B	72E16163A57423AFABDCF1AE9E0F96AA3C510F82B22E22CC4C72F80EF98500AC
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\Web Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 87, cookie 0x36, schema 4, UTF-8, version-valid-for 3	6B2D5ED0A90C99FD05D58FE8E924C886	34E1103E18E57E9D1769C89DFB2DAD84BFDD54B5	2873E973AB5B91CD07405FD5D35E2A843A408AD53696372BEC794F4582368E49
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\d1941063-6f88-439b-a677-13f57d0e2c89.tmp	JSON data	C755CECBCFD865EB9EEFFEDD916671A6	A49F89D34A8B7F140417E042D20A573A0DB24375	4B0DBD5DA257BEE9085A0F3D4843FD22EA7D5BD009A4C16C92747909BB1AF564
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\fc8f09c3-9971-4c52-beef-f140f31879f3.tmp	JSON data	DC92F638DDDCF0F15FDEA6F5DA306084	BCEB07885376A01E7C11CBC182F6AE807B9CC0E1	26C066615C968DC1ACBEADB1D393E0A5A096B9C59CA1E624CCE3E3FBC641D19F
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\shared_proto_db\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\shared_proto_db\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\shared_proto_db\LOG	ASCII text	F99EC253D8EF9DF8201E9CB3EF8BD6BA	3ECE3A6EFF05A79FFFA5334720ACE731CAFA3B2C	326B559E546EF227BAABA6DA4C0AD85C61C8259B2B183D8E01E6DC68882D693D
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\shared_proto_db\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\shared_proto_db\metadata\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\shared_proto_db\metadata\000003.log	data	AF826572446A866B993052AEC9760422	2BA6EF209765B9CEB75F4C7698F20A0992119565	FE6EC58485FFA98BA4F69C7B67348F8F8128DD58AD3DAE577F993C32EEFA48ED
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\shared_proto_db\metadata\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\shared_proto_db\metadata\LOG	ASCII text	56269630B06ECD76CDBCEB6E1043B4F5	932D6BFF866EFCA455E26CE0922D0E833AFDAE18	87E6F38C487AFC3D6588589541D4C63C160B1680EB2685611BC0E144EB8BCB69
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Default\shared_proto_db\metadata\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GrShaderCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GrShaderCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GrShaderCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GrShaderCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GrShaderCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	8CD9D50EA9DCD046F73D71E908987126	95ADB47D6E64AC20D5BE6B5DB3A1CD1323E87158	7790A3FDE96989C8E39E4A46296113F187F206FBC4156DF4CA4BBA8A67DF79FA
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GraphiteDawnCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GraphiteDawnCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GraphiteDawnCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GraphiteDawnCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\GraphiteDawnCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	CF95F367B98B6745AA448D12B6282478	FB1EEE09B2532E27339AF73AD6AFD710AC9C8319	E4AA75FB3F3EE468D47BDE0F02CDB80209D4B561035DDFBAB111C19B3216E31B
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Last Version	ASCII text, with no line terminators	BF16C04B916ACE92DB941EBB1AF3CB18	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Local State (copy)	JSON data	892CCD8595A8BD46AEC4117C3F35BE28	78FFA6639E437E4EB98680EC544ABA5517B9E601	0829349B10B000EB9BB884ECD36D529E9B0E8A5CC2AE32B388F1FC5721746F57
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Local State~RF491876.TMP (copy)	JSON data	892CCD8595A8BD46AEC4117C3F35BE28	78FFA6639E437E4EB98680EC544ABA5517B9E601	0829349B10B000EB9BB884ECD36D529E9B0E8A5CC2AE32B388F1FC5721746F57
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Local State~RF491895.TMP (copy)	JSON data	892CCD8595A8BD46AEC4117C3F35BE28	78FFA6639E437E4EB98680EC544ABA5517B9E601	0829349B10B000EB9BB884ECD36D529E9B0E8A5CC2AE32B388F1FC5721746F57
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Local State~RF493fa5.TMP (copy)	JSON data	892CCD8595A8BD46AEC4117C3F35BE28	78FFA6639E437E4EB98680EC544ABA5517B9E601	0829349B10B000EB9BB884ECD36D529E9B0E8A5CC2AE32B388F1FC5721746F57
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\ShaderCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\ShaderCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\ShaderCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\ShaderCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\ShaderCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	6C8BAE8E844C81EF55AA8489EAD9D416	B4A7C596A0CF400188D89439449C9C199261E525	63A61B5A6ABE834461E4043A005B17FC14A7DEFAC5A66425CFE7879C0C899C6B
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\Variations	JSON data	961E3604F228B0D10541EBF921500C86	6E00570D9F78D9CFEBE67D4DA5EFE546543949A7	F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\d08dbfb9-0357-4081-8a94-60f729b73bac.tmp	JSON data	369D3C1818810A30B1CC4105FF8C5ECC	C535AEF30CADAB25D84D043976828A341284C714	EC98C566478B03543895F6B8E2DBA283FCE2FE4AA9BF5ACC6A9B7CD192E8CDB3
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\GPAEdge\CaptivePortalUrl\EBWebView\fd017f07-a120-4a38-a571-0c78ac643f5b.tmp	JSON data	8C11F831779E51B493944E38DF03C31C	DBED13D46784C179C22DA3442A0D3E9B0C31BE2F	5F19DE5862E77D50C2CA61DDCF7B48818B7F2502B19FFA39685E422A5F717A29
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\PanGPA.log	ASCII text, with CRLF line terminators	CAFB384CE7BE514D05A12AE601D70FA2	1E65438044A237C4B382F6443084F0D3EC6F6F37	D042162D9B1E844A392CC56F9D4C5B051C0F3343F1CE5EFBC8DA9E957390AF76
C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\pan_gpa_event.log	ASCII text, with CRLF line terminators	F0DF7F885E5743BFB2FF634658AF8380	3B1BDC5AEC2B339487150A4AD521E1271D3EAFF8	BB40B47B3BB907C80052A56D2427FD4B1B2456B3757E0C6BF562A2FF3324FD00
C:\Windows\INF\3ware.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b58 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	10E8D5FC036FBD505CE8140631C899E6	761545FB6C61918CBF311AEE2835F7BCFF7906D6	158027CDABF2737A9BEE7CC433BE69B4A45580323500F95C5C2B3095CF376336
C:\Windows\INF\61883.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x18f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	847765E33765BEE645BD25AD8673266F	59742670ADF30BCC6CB07EADABABE9DEE57AB69B	41A9016299EB3590ADBEF19B383F326AA7C1871B1698F069E91486C773A5ED16
C:\Windows\INF\BthLCPen.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	155BACAFF609DDEBC381E0B22D0B8E7F	8A98E5EEE76BA58893070956AA3FCA65715E9CE5	5974191AF180B5DFEF79F9B6D7ED18DAAEBBEB85C03B4D28DCEAFC2314776D09
C:\Windows\INF\BthOob.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10b8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3436BD243AC26DEC62587B05D0E4B7F7	7263FCC2D2EBE18C052E2A601F2380FC84FC9B5B	DA30462B777671F7DADD21D42A4D92C6E5E22EDCAF9C2E4F9B110AF6A2C9DDA9
C:\Windows\INF\HidTelephonyDriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1980 "Signature", at 0x68 WinDirPath, LanguageID 809	ACFE08733795C22AF938F98DCD558AC6	BDDC6B7B6CDF90F39F24234DF93D6FEED47B2934	F7F0866A39F6F96633BB10AD872A25897AFEF12FF6161957D7A04B063D9441AC
C:\Windows\INF\ItSas35i.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5150 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	042A940CAE6F074CC539EA0C47D7CAD1	9DCA2E9652AF0A8BBF1527B54A051E91A5922B87	6CB221C06B8A67905AE9CF6B5699D2376FBC0E5D02230F9E71BBAF739BB24FFE
C:\Windows\INF\PerceptionSimulationHeadset.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b68 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	51243BD426A7A7999F58D1F68F53701C	E66F0FDE43C3D17A085E36B9544BFBA1193AAD45	587ECE0A00DE23C5811EF73F1E2BBB0AB7588E9BBA6B11450DB9C0B4BD06A655
C:\Windows\INF\PerceptionSimulationSixDof.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1fa8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	79A5DB440F0B9D9008850FA5DC9DDF01	32EAE6BAAB64831CDE7898D131607D38435084A9	201746D60D8F456F2EE7C85DF97BE8ED283603A3FEE2791B0D5E5EC19D7621B3
C:\Windows\INF\PerceptionSimulationSixDofModels.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1968 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	331688BB61A0C865943BB5A077311D6F	A4DA9C67CC2A9B3898AA06F2BA677936EEE08F07	D26BCD495FD6096EEB083AC8CBFFC97E30D80C49F08B1BDFE8236160689FBB16
C:\Windows\INF\SDFLauncher.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	29C506C089EBA3D196F897196D976563	E5245B7049754555AF67F5561FDF58E6E8A906ED	0ED73A4DABAB10CF905C66E90A25E0007E6C4C568E6A9AFB666FC559ADFDE969
C:\Windows\INF\SensorsHidClassDriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4b48 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9D256B65925921E9A7CC0490CEBBD0FC	EB6E90A99FFFF8817FBA9DA47ADAA00775183387	F0D34B1407B4C67F2C31102AF886147296C3D24A0AC33E7FB702EE5049B2A64A
C:\Windows\INF\SmartSAMD.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2400 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F0B8BC76465458EE6F5B540FE48AA3B3	0A06B49F5646B0A94D1B1EA81FE9333467770F1B	A7128E95039237BDACEFEBCBC8CCA4A0440FB69D912796A7F4183EF82FDB2AE8
C:\Windows\INF\UsbccidDriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2d80 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	998A07E5C65EBCD18FB204539C29F826	6F916068035A8768E17ABE2DC5F48FC46BF0BD94	E5378F3411986AECF8F55D50CCF8DC3BD16D369409C8A43A80F1E24602B96853
C:\Windows\INF\acxhdaudiop.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x94d0 "Signature", at 0x68 WinDirPath, LanguageID 809	12F7FE12DEBA235AF61C9C87EE056C4C	42922490DCAF5AB0B6A75CFDFA7DF03789649BC0	810027B1C0B6B3672C7F9DF6CCD4F5A1ECEBDA503D3454695CF78838AB4D31AF
C:\Windows\INF\adp80xx.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5138 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	58EA231A0DA660D73F4EB42A73F8AB9B	4AF5DDE49F1B421EA09771FD8A4777C07A49BC6E	97418477EF87981C210760A1AC4F402FBACDFF45E06B06B0571D97D9F838DB6C
C:\Windows\INF\amdsata.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2500 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5356BB0C973BBC4E14FE3F87EB1A12EB	9BD6B081127D3513C274BE2D0929DF44A5B6C519	3B34E121D38C4D054F55252C844ECDF7C47739C7E0862FDF2E7A9991C25DD418
C:\Windows\INF\amdsbs.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1f20 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FCD5AE961D0A54A2544C133331A5961C	1E05C993E561317853101B9B72B1DA521DACF822	F5BFD522E0F5626B2FAF158065519672DB746437E8DF0D0F44BB638CABDAC3B7
C:\Windows\INF\athw8x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x191e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	102DB2D2B3920BC832B4B9ECCB98274F	DF6C2D87A5E48535CF50029FF0DAB36738A55F71	A802FFA38AAF1D951CF99F8D74589EB45F46AED313F2535168933E6E6AF6F449
C:\Windows\INF\avc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1d08 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FAB123659AC24F1D0BA558E013562859	D9A0B3A0CA916D05953387A6D22C3CB76CB32511	A680E312DA48E4C73F86A033C0B43213F8814C9A224487FC0D74D6D7FE65AE37
C:\Windows\INF\b57nd60a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2da58 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2DEBCF6D745AF29EAE7823FE3F314932	D10CD0D2C3879F1EE6A815CD3D26EE00B1989D9E	7D637A1B563A92713CE7A71F36D0A145A5C96762DC6924D2FD276720C485D9BC
C:\Windows\INF\battery.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1528 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	366BF8F2DB914A0847F1E5787E7C5BAC	92CFFA69209744A02CB13C1E864EBF9F17CCE63E	AEC6D964857BA8506FD2E4D13DD0F5BABB907FCE7DC327A47F26F6054AAE9E5C
C:\Windows\INF\bcmdhd64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6718 "Signature", at 0x68 WinDirPath, LanguageID 809	CF370977933D87B22307A9BB2A04D343	84C0FB7E92294A833ED9ED3522841F64671BAED4	E028A9B96A99D0D0ABDC4E0AFC55C98016F5CED390D19AA620B36D535BCD4FFF
C:\Windows\INF\bcmwdidhdpcie.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x54e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A7C342BF2486E8154FCEA2FD09C3A2F3	94C3BED49B84FA581B844C790F23835E8E641A23	C647C7A931CAEAF641A6F9A305DA7FD0FA6477A90DF1E69B5F9E4B3B70414A09
C:\Windows\INF\bda.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1fa0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	553F598FC8F0505E448A5EBB7B337C65	E812E5F9BC0FEFD40098D5D01228161E431BC664	E88960C0558898809E14E383E64B4E56D22AF604998CF6F2D5E1C3676C394365
C:\Windows\INF\btampm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	59CA480369A146D590AE3C2DEDEA00D6	77D47D6C55C2E5FCD6BDB5313062C42879593F53	7DBC4FAB4CF597A6BA873783E3C83CEBF29BE0FD5A9EA87885EE0F4B52A487BB
C:\Windows\INF\bthmtpenum.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a40 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	926A3A79DE4D3F3C06096A360DA706CD	4AC8C74CD158B71F85681D019EB3401E5B8CBD5F	F52BB497E7AD7CEC9BD01CBA4D72316322D06F4806B40264FD035345ED6CBC9B
C:\Windows\INF\bthpan.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1e30 "Provider", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	03E708E0C1771CD7AEE92C31C0D020CE	663EC4A3C16B9F29FC3F9F4532596660F11C9B93	5D2A82A32E6AA51BC48D8A47AF5F7DD00833A12AA285C70CBEAEA9A6175E882B
C:\Windows\INF\bthprint.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1600 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8F1DB4B4F7027C1893F712433B629676	DE0688EC84DF968AE02F9A564C36F7766DC0E6B8	369E6C8F9D67C1C29DE7544EE752487FAE0918C9A95C7A902A50B72C3933F905
C:\Windows\INF\bthspp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7110C8D2E13707220D131F8D6860D8BA	B63D784795AD985DD7DB254E164E0395E78685CB	86F41D75157EF30D4A4F460D2106D31C19F7D46B250ED798CCD32AC4F836CEA4
C:\Windows\INF\c_1394.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe18 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	38C6EE75B71217BF24F05AAD95C9DB1E	F5ADFDBB7BB80DE328950F978A09A818FCB01E23	2A7B425110FA791A39BB3F7EA2563643EA6D6C534CD50461060671AA0B063D3B
C:\Windows\INF\c_61883.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	505C69581D7AC91C7419D6531A380C45	1586AD3AB288C9D6D1D1EEE1FC5680F6091D6ADF	FEA4BAA46CE2C07A8298A331F7AF8F1B8BDC27F7B3AD2E15769CA26A5F0DD954
C:\Windows\INF\c_apo.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1418 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	50ED4B2949D4ECDAEBB258010D98D05C	B2B0C02F2FF8EEB7AF2F4E92FD782EAFEB4E0C58	444382D5EA503C8A4F940B81172988C47B7D05FB2BE2731691B402DAD5464697
C:\Windows\INF\c_avc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd90 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0CFC750F3CBD831E7E7FF562DC825A23	5B89A7D7037D879A89036AC1706FA05DC84CE9A3	5BEC8D5879C006DE64AF183E8455FE33E908F0149D9464547766D89D38ED6F56
C:\Windows\INF\c_barcodescanner.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5F7FEAF81B2344757C857B0E240727CA	2176B826271E477FD5FFA38DE85FDDD8ED2663C5	DE46A5C8B7AE97D5AC9DA3D2AB4D80DB64CC557E129CF396B5DAAC10546E12F7
C:\Windows\INF\c_battery.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B1AF8D548BE9EE386D9C4EE82C7D5B27	78BF920E59A645858ABE41804FFD0BE531FEFDE3	D0AB2FC1980601BA58297280035BB59B7A7735352A4F96BBCD6AEBD429992831
C:\Windows\INF\c_biometric.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xda0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B844E696227133ECEBBE8E5481BFC2E0	19C3142B297B1496D9744A818C2D83D2A1DE3C2C	189514401A73525A6D41F2638CF7EDB1C745BF80E385FB940273C1AA1427C735
C:\Windows\INF\c_bluetooth.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe00 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FED67D0F84DFA096CBF3D0630BD0FC9B	22492874953509504AACA316526432FA12A8DF60	2ADE048D2491CA6EFC39D26019A054965B0094353B4229D759BB061CC78A4490
C:\Windows\INF\c_camera.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1728 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	F1A3165DF48876C2EF5C412554FEF22E	E7A1ED95EEB6D91EB23B9C55A25CD2E7BA244EA7	FCEC2CFB91D2196C2669AA88335A12564A57A9022A45E16691C6C77269ACE824
C:\Windows\INF\c_cashdrawer.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D2BAA0C5C20D20393B4436981ADDFD1A	204A7F740D1EF95FB7C9BBA24F8B3C889D17A70D	5A865A380C8E6BC97159D2128979CB470B743EAC2BAE651CFF6084A6BD3284B3
C:\Windows\INF\c_cdrom.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1118 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9999E296D674A39BE39930AB6EBECBDF	F504846271E3A1CC1E2FE5D6E2971E9C12D1D1E9	05EF58D11B23FF8A22ED3089340890971C160172ED405F9F540461CC6F06B724
C:\Windows\INF\c_computeaccelerator.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A7D075F2D766FB9E512FBDF8B85DAC56	D99144EB9E845608CEFD16DC9EFAD9E76E619682	C9593F62950440BC241236CC52DEA736605F2876FA9099B98DE1E5B0F007C269
C:\Windows\INF\c_computer.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdc0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6AFDB82A09647DCB38F25A0C062313A1	8C2257D472A9D279D07C274AA8773DDD1A5A0348	6A42248B606C24DC8F39F80B24A1008EAE2662C9053D8A17BE3534D056A7AE74
C:\Windows\INF\c_diskdrive.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1248 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	799661C11F5A2A85A0DBE653F3227144	4925B4EB1A50E6D8C38EEA242DF5EBC998DDEA8E	457156B0C563C06E21177CE14583D309FCB138C8124558D008F3C1B23D224A66
C:\Windows\INF\c_display.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15b8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	91136D59B339C34E62BFBB536BF2B39D	4A32B30C8875B99947AB2D5F0164E7046DEB8DE9	820D9F328D7A4B3ED2B7EC7ED423CE4BF644C27B45F3B1DF3F3730DC8FC98F0E
C:\Windows\INF\c_dot4.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd68 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	401DE67E26D8D484B0714F6464E821C9	BB1F0ABC977A3C2924AA32AA2BF733DE1A31769F	6D3E5DF98F53E90865C321080CA2A7F75130079129978AB5C8E834E30EA5E530
C:\Windows\INF\c_dot4print.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd70 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	92C55A6CAB9AFCF09A74431E12464C93	809AE57659657CD88961949B534360182066C897	7A84F52255AD858C0A74355190B761087F3FF61C208D4CD9EACD3B530E559578
C:\Windows\INF\c_extension.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	39EA04A40A9DAD1C64CD4417E722DE45	A4B0333BDF33B4152434091CD54B17354492B378	32237E334248551084AAEB2014BE26EB07A34D76060A29CC1C521EC73DCA5ACF
C:\Windows\INF\c_fdc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe80 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	87FBC0F7D8D96CF7C2785CB02CC56397	34F550E0FDBE745957914551F3D4C2B5601B0641	2F1C000ACBB62F9F9E2110881E33E07CC4E0876AE60B5B4BB50994600E36E0F9
C:\Windows\INF\c_firmware.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15a8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	C780D2AE2FA78A54F63A036797BF399E	CFE736C829A1C8D2423206832F1380D51C4134FE	0218683605CDD6970DDB0A8C7F2873F75BB1582D01529A186670084E8B04556B
C:\Windows\INF\c_floppydisk.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3240123A6A0D5E15193D00A11FFF24CF	11DD5107E80C0C94E81F3280D342DFF7B2807D76	78342DB2B18665ED0B9CC5E565C53665178334E1D088A3C9092321F58BD33D2B
C:\Windows\INF\c_fsactivitymonitor.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	EBC46C17D35057AB3068D0E57AB1BC81	B7CCF745D89BE7521E8B630CA282A29C6171D701	949D85863B5F4139D94783A7DA389AB9C49073A23B976A75EB3AA88D38AB8153
C:\Windows\INF\c_fsantivirus.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdc0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	AAFEC387E149B28F8B5EF57389D0EA91	8AF408176D78A6BA105AE94B50B517BA3B6F77A8	793BD7859553F2F0C8DB0EA537D2A3454649236F55D0C6709416029172B41E28
C:\Windows\INF\c_fscfsmetadataserver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	334653419AF0F2C5B7C206347EA43EC3	B6C9123EB56CFB0C40113D391EE228FD02562202	92E0F5C4F77C61222F339E3127D638209E1FB0FBB4292568B091F35CA49F679C
C:\Windows\INF\c_fscompression.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdc8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BBAB8A98AF25AE27237FB5D9FB6EBD98	8FDC71106E925C494F81B047F4BC894AA5A37E3E	70E2542A02656DDD596AAE7509622D4E525D6812BA8BD917B9598879DDF27859
C:\Windows\INF\c_fscontentscreener.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	87F795D4E647D6BA714D61F1F7993AFB	E9E3326FE22094E3B386F42D06623DC69717D0ED	768EEFDAE8BE8E52865CA3565791E31B9FAF6DE01BD010EAAEED780398380540
C:\Windows\INF\c_fscontinuousbackup.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DF6D27BA2EA915F4F9C57D4D294B2B1B	D36B2AE81EB862CF66F9918677F38052FD4E4BF6	7E4D73674B3742069A0FD0203936763B7C655977135D28E601C49AF1BB2668D4
C:\Windows\INF\c_fscopyprotection.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1B13F244122AD5F1E251E20F79D81C8A	22662FCC09CDBA5C78D66351FA7C0115857D5D8A	35D2D9AEF3AB2700A19851B62EA77FE25CEC2D04F5B14156D5D9214F7C0AFCFB
C:\Windows\INF\c_fsencryption.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdd0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7E33917A9D1E0CD9A82D572C55F1D403	EFDC2E00AE871888A2D1954B812D7F0C17871F4D	C1881FAA82285BB831F540A0E0B6BCAA4FCF012D97C6DEF8937C723FC382710A
C:\Windows\INF\c_fshsm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xda8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	AC5CB43E255B48A7A0609620AD0281A4	398D73E1189B7B8CC0BC35F84F3E613DD2EFBF17	7F43313849F3EDF32B35A74A6FB90ED85096DB8F39DFB303D172C5416EB92751
C:\Windows\INF\c_fsinfrastructure.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdd8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9D88E903F597B445E1D9754C1EAC2625	21BF8B692F8945F165A6CDF0C0C52DD6D0C48E4D	D6FF48EFBFD0C6AF2D5BC6ABC130CB21FF4F378A21E042DC515BB0EA430F434C
C:\Windows\INF\c_fsopenfilebackup.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdd8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1F48BE3C0D64A2D1DD0A7BF25166B09C	1180EA473061B4D88D01B91E5D709D3ACC2B9841	8594740024188A75B8A9D3FE64829FFD51A02EB751270C92E7D8522F22078A8A
C:\Windows\INF\c_fsphysicalquotamgmt.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe00 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7644FF2DA132C5A183FCB3287453B92A	15225CC2A67AE39123486B73C854F8E395D1B662	830730654EBEA32572DF80A5CA346F20CC473A55E8259BA48E7EB4FA1512FABB
C:\Windows\INF\c_fsquotamgmt.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdd8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C01385E867A7699942394ADC947270B5	D40D7676B2073967668C4877B271923D685FD992	B5410F105D594408532BA47265487E4B22DBF42C3922D6CE4F84AE4EAE4EBBCF
C:\Windows\INF\c_fsreplication.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdc8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	065BA15447DDE038D2553FACF8F24ACC	14B8AA1E01EA9975EFC6E3051C52E10DC6FF23DB	DF71828AE01DF6E76332B7F5F89D830B59B15493552520D519638924AF602308
C:\Windows\INF\c_fssecurityenhancer.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	224E0970A364FEC3DF9A25D488F595AF	1CB6C524175F41F7D157FC7BFC099D939F0EA6DD	F1F006C5AD7697952E727172C8F202FB226ACD6966A25EE322D77AEACDADE681
C:\Windows\INF\c_fssystem.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdc8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	80F3E3FDBED755BF97AD7C0C92A411C3	4F48F4BCFC6C10E71529DF34BBCFD2DB9E88C35E	4AA7FE4140443BF9D646D7A15A568B437E960EBE678EFFA34F3A610872869BE8
C:\Windows\INF\c_fssystemrecovery.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E784B3D20A1BF5D68D3A0F5DB75C3CBD	132AD91E5D851D3311610D7BF5C6153F4E6717D1	30E263324BAAC49FD6F29FC831ED1F8C50B2D988D0210CAF46ADA5D7C6F2EE2C
C:\Windows\INF\c_fsundelete.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdc8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	62842D278277B909D7296474359BEFE6	1F3C1B0EA291DA31D31254A4B53B0E61B103F26F	D3D8993387C8C4FDC6CE48C21A5172088CC3C02CB37309B664887F68AD8A7819
C:\Windows\INF\c_fsvirtualization.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdd8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	EEA64AF734106B76AC2278B331A31841	462B3953B003BEBB951B36D1FBECECD490F37F45	CD0FC997693C0E8930EF23C06F3DCD809908AE79574423E0ECA8CD627A39604F
C:\Windows\INF\c_hdc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1308 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A9F945F543792623864726E4A768D3B4	0627A911D380FFA6B73F0E08B07ACE4CE2001C75	29423AD091072CFC3216EDDB50C47A97B5C100530BBF74458A5FA066D332E319
C:\Windows\INF\c_hidclass.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe38 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7074DD722C08C381E42B898A58F0545A	D71DED5C43EDC2870AA866130CE3F5A370B970D8	603DD28B7590D76200B5D3FA117F5CA8C4528A3792BFF13ECC4C263F817D3A4A
C:\Windows\INF\c_holographic.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1390 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	152AB5E3A033D84527070122B2E8D63F	C9B29C5D493E84877C00446DE5F418DA749A33F3	3DF0988B395A71E46CD2F93391810D404820C64B93D9FAC48BF2C5AD14D1ECE7
C:\Windows\INF\c_image.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1800 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9C3E1484A2D14966790CE1D3684FC697	AD144D01738CE6AE67257D65ECA5B503D9D29702	FA29ADF4AB871CAEED882DF9A4F8A51C0D72F50A2118AF14386D90DFF5E65645
C:\Windows\INF\c_infrared.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5DF4A1CE0ED7CB0C34A73457539D1BA2	C2892B7E1F969E69E56E296EE6EC3F05FC3F5D12	155671849BBB6EC1F3E5BE45AA30DC6A5EDB088D256826EB27CF171B19825D4B
C:\Windows\INF\c_keyboard.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe90 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A9E223B3E5EE4485A7E2379E0D1DF7E3	63AE560044041DA5502D5131997DFCB6F1CDE298	12D1832028789CBC9D09570F28F37D3228A17F319B69751F943C6EC80384FFEB
C:\Windows\INF\c_legacydriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3EB9EBE4652DAF976E7F55F0C4E871A8	FF9608DA24ADE3D1CF66BB9390D80A307D695350	E04DCB17F4EBECA8D7C12E7855FC27DF93A8ACDFF0907E94237710F3340E7835
C:\Windows\INF\c_linedisplay.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc38 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B8B51A4AEE4346F0BAD7617032D760E6	67E30DC2F09354F530D45F523B8768DD5D0196E1	863FE3A754B60B10D5DA815350609DB08F7C886701592F9578E15AC1ED1742E0
C:\Windows\INF\c_magneticstripereader.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc20 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A1679832EC0DF8D720436E888B85ED8E	B859A62478F19727AE70835CD46A25CCEC201454	141CD6B266D7524E5BE1A8656C83971769CCF0ADF65C4BC4829B67E5BDFDF074
C:\Windows\INF\c_mcx.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xda0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2030B305BC7F08224DB22F23DBD3B8A1	DBBD8EBC90CBF12562A85E6F83F4F5284530AA71	4C0C5A7B8FC617327893DFCE8646C8508B7F4720678A8D5691A65EFFF451B210
C:\Windows\INF\c_media.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2108 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	38F12CB00007D784D5DC86D98396D7DD	1C6AE3553D077D54D95AA0C36043E7B0D7D111E4	8362062F9FE600EB2C48CF112588F76D6851B549CBAE8C19B2F5FED685CDE92A
C:\Windows\INF\c_mediumchanger.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xee0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	22A867E1D9E4C1624345232449498D37	E76CD9800DEA3A9077B751D1638362F327941F95	111C7D059E3A8976836954BD186B703D4E926DE3FF8F1EB97A6075B065956577
C:\Windows\INF\c_memory.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5F27873A05AF0AA14ACA4C5A209A058B	271C3C19737B8A96A9E10D40CC955C7F26B411C1	2E2EC08293DD4E199083E3E402DB47848CE0DC872C2E5AD806BACE215F6E5392
C:\Windows\INF\c_modem.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	179B218DB22448FA0965057CDB9BDEE9	62831667BF5B449AEAE80F0F96ACB28BEBCF15FC	EF0A009381B880135747CB8014161051774772448F61D6955753FEA85448FBF7
C:\Windows\INF\c_monitor.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1318 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	7EB81073EC56B47E050EBAF87BD4C9A3	4C2DC25B6B81FA4B97C0C7A3BF183E8BD259406F	CC23D886705408DC073003B5C227E738E4DF59E8E47E95734A3F5394BEABFD91
C:\Windows\INF\c_mouse.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xec8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	89C31CA6BDFD981CF61E5B6ABC60A2E0	F635C41898281FF1105C425A5C51A08B76480E8B	EE2137BB548E944B7375A362BA34CF51D4A316A3D11282C4E224C0DD8D8ACCCE
C:\Windows\INF\c_mtd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd68 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	ABE21128825BDC02DA2E5ED277CDA024	6F6080662FFF34A49749ABF92D4BCC0DC4D44345	4EFF1F455F37B62B24F09AB7F2202D9EBAAEF3C02BD526EDF5D40B52D433B872
C:\Windows\INF\c_multifunction.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xda8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	15A1470BE7D51F9DD993EC9E0B02EDE0	82510D8B1BDC25A5A00037614F612B08FC94E126	35A5BCE8FE4E152D4DE34AC9AD13FEBF19FDA5236C594C9B2822A25CE5C5F5BE
C:\Windows\INF\c_multiportserial.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdb0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A23049F4A01F23D433018197B5C5EE20	8A928C2C37B4665862A921BB2404E1753D1A4EC9	0F294402DB786A863EEB4EC5285CAD6F9B9F07C324F638F2AC10545FA6C40E86
C:\Windows\INF\c_net.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1550 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	B3BA4C98AEA04092418DC4B66C7A1DCB	D687D16148C0153E544B78778D4C447A13882B40	0D5B96D1A30047D01C8C6F634A527423215837BEC9B2A3588DB04437EE765AAB
C:\Windows\INF\c_netclient.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe18 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	AAD925663B8BC7A745102BEA2279BCDF	C2F310BE923B6E656212A65295FF891336F2EC13	468943B7298F03F969B90D6A1FAE182AA596718CC56D0E0ADB95FC509221C20A
C:\Windows\INF\c_netdriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3B43993660B0B4B3EC548BEC3215E769	ABD135165C693B3331B00266DA6CE4B21B48DECE	E65BB787FF6AB68635A1E28B789A2535720184AE3D3128320CBD0006499211CC
C:\Windows\INF\c_netservice.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe18 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	827B63760237511FA35B3147AD00FA0C	D876F0D580D9EF16F8510F9FF6EEEBEF7C549481	E39C54E28ACEA2DCB296E117F78D221402C3DBC0CFF97AD1F3F1A5355065956F
C:\Windows\INF\c_nettrans.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xeb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	121F0143671A78BA34A48F0F7CC6CB7C	023A3CBF83408A40B1FAC9C1F5C31B70FC79CDE5	FF96BC5078F85A602280E41D1D3D2358516ED892C552998B947AA78E22834006
C:\Windows\INF\c_pcmcia.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	33D3C700D53CA78E6C38AD41BC9E5961	B55F6217ADDE05E4A885B85B83864CC0ADB37353	4CB9D992DA0794D2FA32A663E5E39B479C5700318EF2644286C59F1D542A3D91
C:\Windows\INF\c_pnpprinters.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdd8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5A6BCDDF8FA42CBEBC92092CFDCCECAC	C356734571B8E0A6817B81C8FA5F83191B2336C2	E79D721E0D7FC0E343B038AD8FFED550F83B45902F12EC04528BC89962C224F7
C:\Windows\INF\c_ports.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdf0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	76832AF8E8D6F219D2F2A53C419FAA11	FA341CBC06D3BC4FBA8A9F523D94EA67C238E2A4	7058B316A7D32D6E066ED48813F3A0CB0C419DDA3AD9FD4FE6DB5C037B769949
C:\Windows\INF\c_printer.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe58 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	37D9DA7416832EE8A82B51F59E9360C1	E05F1FCA7C8297ABF36114B4D6B7F79CF64A2129	1AEE4EE9D0F8A2CB1520FE9D12F28D276F96A566793211FF34517F076B244B58
C:\Windows\INF\c_processor.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfa0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	311F130D8F98B8C09F0A53462ABAFBBD	1A22F6F24F4AF6429E1FA3CA8B7A1CFD799C9170	FF36E7FB78CC765D1CC4E8111DC8412F45BDDD6F7440C51ACC7143E8DBD8360F
C:\Windows\INF\c_proximity.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1018 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	6058D8FFD81E0643189491F58CEDBD5A	01F2340918BF4DA6AA6EC2FD5AB3A6F9E60D2DD1	946E096AAE47A20076274E09EB9858637494D6DD720AFB9B604D688F0AFE2A21
C:\Windows\INF\c_receiptprinter.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc10 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8F6ED014A474ECF8F781F5D603C3DEC8	6B49D407D93DC7F6D888AE2B8D0E0EE36CF44D3B	AE705E094BD832650E74AABC386F4FBF6B3018A8FE0C1B3634FC9E7F4B4C6C58
C:\Windows\INF\c_sbp2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd90 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4B46F9A0F64D79C5EAE84A57B84CE77C	4FE056AAF8007CF8AE324CE93657DABD7F2556A9	5F890C2D4852F66F3F723D4A18D8D6D20B55EE80F9C45049B0A0231EB151BC95
C:\Windows\INF\c_scmdisk.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11b8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3F04B425B0793468416BBDA50F0E97A7	99B4BF7B78745417D2219F4022BDF819BAFCDC80	A267C5440FE49CA37C9524FF9924E91FCC2D8D7F6D674340969C415FBEB6E5F9
C:\Windows\INF\c_scmvolume.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E5780D85A6FC956D13A055993ADF526F	F81E1A47061BAA7530DF6EDB456538320C8A51CF	32904521D94E747301597C082D08739453BF4119687513B477649AB6C5F01C80
C:\Windows\INF\c_scsiadapter.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xee0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6983D093A48BF55E1B96425BD05D8418	089E7AA1EB92F716410232F11CFF11622FE3468E	1AC6A48EAD76CEB19DBE2B53DB24C48A6184FE21D412B8232BC13A7F6F5FBAA0
C:\Windows\INF\c_sdhost.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F456FA2B92ABA70AF3AA7043683EA9DD	01F1E850C2DC36C031F863754AA1110A913A22B1	E337BD792D2DC79F6BA530C44604E14225BDF79C7A26ECD0D3455399A318F7B2
C:\Windows\INF\c_securitydevices.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xda8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D84EB6DEFDCB197EF65480056B4B014F	13DC5D00042B2BC8C318CC3247800EA114229EBF	32E0E1C4E561DCA96FD431FF8ED1FEF6AC85CB8790BDCDE2D5A6C7FEF9E1AB13
C:\Windows\INF\c_sensor.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x24d0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	501754E03E8874B264C509F1266F796B	77106811208A9B487424FA3F15B0CC02344943BD	05D15BC819DFD8E341382B31F48739ADADFAD63D77112F9AFFA9235ACB56C3BB
C:\Windows\INF\c_smartcard.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd70 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	51220E043045AACF87C5C2517A4CB01E	2A24935560E194A527715A453EAA830F49D40493	CDCD0CE9B9FE99A783805C11D5F57B191C2A19860C82BE282679982405F59684
C:\Windows\INF\c_smartcardfilter.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdf0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	63A1AD5C956480515B99188222596DBE	6159156E28856C08F083BBB4A0548E91082DA6DF	EEB24D15637C1937892E2CE8B05B49AF966F921A4BD0D064BD7584BBAAC65B7D
C:\Windows\INF\c_smartcardreader.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe90 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C36B22599E80A6482FA2F13D509168CD	BD8272732BD0DEB86ABAC171A614FF2172151C97	F5E6FAA71BB4A25453E56F01E614EE022293694193273A70E111AA52048BEBC7
C:\Windows\INF\c_smrdisk.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11d0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0B889ADA36CA50D494DC5ADA1E2EA5C4	A75B0F6673B959DF92857C14E53980C9D13A61C1	DB3C445991130139272F467618686DB276013F5650BA6506C6A72A505E72F721
C:\Windows\INF\c_smrvolume.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdc0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	85AD05CA42E7DF02437F7F716E8FF768	F1FA28A44E7D1A7D4D08660874AA56093C2DA0E0	34D9D223DE960EBA671EDC3E69D86241639AD68ED74D3187564E29D550B10D9F
C:\Windows\INF\c_sslaccel.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C5D9A0199AB9F49F08346FA996C02999	39DECC4F5F8E0AF3AA6143D1992DC75EA1789F7C	1F365E863487E4C40903B7E7E47FAE3A01D653B36737C042788DA727970AF590
C:\Windows\INF\c_swcomponent.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x14b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	162BD35684B8B2B782168D91C2A02B73	1C8F4BFFB485E07E6568491710C7541CC4AE41CB	AE9410EB13761A0CF680201C50DFEC58826FFED84929CCE2A357847D4B19C6F3
C:\Windows\INF\c_system.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	33A9EA423BD978C14FBB7BD343356FE3	59B397A1499A68583D721DBAE43A1E0F8EA8D486	3254D0A065FE64A62F7D039623CB5E67721916D581010D69F6FABC349228E806
C:\Windows\INF\c_tapedrive.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1388 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	91A5AEA0C954A63231639D2C5087A57C	10A6E0C11BA93FDE1F181BB3DD510B30E1F1A597	DB0C0729D0E0B14F05ED9C8077F4BBFD18444F378AB7119C6E46DC8D66966A7A
C:\Windows\INF\c_ucm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd80 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FCF3AAE5DEE688A734CE30775500999C	6181D110419FEF9FA0111430E9019639231ED3BB	ACFC3B4804E836E93EE0D5A0C9B00B54F9D92158D3D51B0DF9F9AF43DF8F0AC4
C:\Windows\INF\c_unknown.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe30 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D713ED42DE4FF9F5F697F2EA8BD5A211	C7FEA388289FDD4A5E2D2AFBD0A52C439462343E	4DDE08A079628AD10A08695C7F3337AE4CE523075501955C6C8DC322CAFAD151
C:\Windows\INF\c_usb.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xde8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4D9DF3E222973F646631D94B1F092520	F7BF4188CBEC3F223984E92EC7789F6E5A27AED8	A1C769112FD9172543AE170A71B147B278D4187377F104CD509A5E8ED11833F6
C:\Windows\INF\c_usbdevice.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1058 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0B183BDDC73D219CE5FC3ABF4117CBB3	FB5AD0FCB1D066F0FB70DAD18AF4E5C49A6D0A6E	8F4AF362E10863BA372276DBFE329ECC800B7EB4E3D8E4ABF7885CAAA98AFE43
C:\Windows\INF\c_usbfn.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdd0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DD28A4D5FAF22083B00BA2DC06A0F139	1B74D7839906C48A29273D2128B4D5AC34446377	6A937FB472E7965DE9A81D51311468DF9D4318BF48445C0B76E705C377398BB6
C:\Windows\INF\c_volsnap.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe58 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C0DBEB2AE75236EA6B76EEDF9868090E	85C828B1AF48577119639BF6B25B645EFF845C82	7DDF3ECEA2183E53978300E138BCF1237A3ABEB9CF5CFC36C9599613F2FD4E6E
C:\Windows\INF\c_volume.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	02446EF7B088E842A2F8CC8942BDBEB9	DCCA81AA72350A24C389B38DDDAA1076FF1DC608	4DBDE6D109AF414B1DBDA4D689258E39E29F786424B66D7902806E1F50DD3902
C:\Windows\INF\c_wceusbs.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	415C9EFE38B1FFCE81CCBAD3607DCB6F	332AA2224A8EEE533FAC9E862DB196EE70FCCFDF	530B7189998F7F283D8D232DBEAC1F7C53DEB9716407F384985EC06E7DC22C54
C:\Windows\INF\c_wpd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe08 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	25D587F1C4388B837612F1A6A1E0C151	0F2195B8EE486E238D315AF6432624CD0523EF29	246EF6C852A362579D659916B0CE404EAAAEC75B55E8F78CB92BCE614791D63F
C:\Windows\INF\cht4nulx64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd150 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	61BB26D3707818064DE19B2AADEC9534	36A06C120DC540BF7435B878F8B0C3697E193F27	6A383FBBB6E455C137484CFF4F82FED1164364F5AAEF44104AD86BD73AF3BB65
C:\Windows\INF\cht4sx64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2570 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	85103F9788167B93ECCE0DC19CBD10A2	DAC6295F3F964702AE8E7EBC8470A427149055D7	75E57123229F9D6F5DD011D19FBB53CFC82D0AAF4EF33B493267E5E331DC3680
C:\Windows\INF\dc1-controller.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2a30 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	50EBC5637010659A792F3EBE101C4DB2	9F16732FA63AA2877CCE57A7F01DECE8F417A09E	25ED71D4C9E8A502A075F41BDF05C4714451E38F6382CDD4DE7C7FD2D18ABB67
C:\Windows\INF\dc21x4vm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3328 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	51F735635347623C4AB5A1A53D14370D	867E87E57FAD56D72A7309B7C87720B179D18855	ABA6B30A7031D461AEE8057DBCEDA694F5E941D6EF4C882567A8519017D3B81D
C:\Windows\INF\digitalmediadevice.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x14f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E5422F4F08D279145DC7035569962220	E51B46CF762CF7883FF1AA4E47F315A02F81C893	93CEE74BA5776FC74B2C67CDFAD269716300203469A337784C2F9B2A84592EC1
C:\Windows\INF\displayoverride.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	46A0C45A4388687B571724BABE295F27	B034900157B4413E67D4E166FDAA4DC0B7B24D3D	E3FB5878374C0C1678BE7273EEE74A90888E0D30140EFB9ED9BD25E3D4A251C8
C:\Windows\INF\e2xw10x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4ad0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5EE0BD6B3208D84CB7EA1A9FD167F8BF	C7934A416A067ECC0084ED6C22A05AFF428D1295	CB331FF7AB8128AE6753AB3CAA437F384E5410054170CC7732DA541C19CE002F
C:\Windows\INF\eaphost.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1178 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6145425EEFBAE1A33A301C05A23F5005	E6911503DD100B063B0F0BE155F5A89C24F4743D	B14E26B38AF0DC27EFF6956784F2E029BF350F287CF3C34C64BB7355BD3662FF
C:\Windows\INF\ehstorpwddrv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x23c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A29AB78927DFD22BFB61E8FB45475429	81935B2685BD758A1C7562821261D343EF8BF028	C029F00DB4ABD27409DD52A2EACD5DF6A1150E29223DC9E0F8D30AB49ACA30DA
C:\Windows\INF\fidohid.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1098 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	90B89085068922ADE1B2EE9C2620F883	9C991454D31AA9FD9511D6B52B72D5ACF5D13A24	FDD933E9661A4E90F1B857CCD4A1EC30AA04370902E6889E02ACF66AFDBB7F85
C:\Windows\INF\fusionv2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0C92496D161C5232337B2FDAB56B2F6F	ACD1D70D2C7A9EE2AE7D533C56EB8B21AB863574	3F44CAC870F4A96B06BB059AF308B8F9681009AFB0EC05E9FA0B740BC777D925
C:\Windows\INF\gameport.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x26b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D624421D746E2404048D6D8DBBBDF642	1C6998A0F64D1C5A67AA316DDF09E9E31FEE38EE	C53E37960CE91EA41BA88E7B8021B4CFFADA96044832F152BAEC5FFCDE40A86A
C:\Windows\INF\halextintclpiodma.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1780 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B29214278F59B64DC0C40BC80CA6D481	526347D2F2E98D69EAD0432DA14D320FE612448B	B060DFE93D191CA516F1DCB1EE58005CF643CD7319139CC74BB46D4E1B651DE8
C:\Windows\INF\halextpl080.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1358 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BDAAF83AB36EB54CB1E3E328E35B8EB8	50FC1D34C8731BF36AAB590D708E2CFE0D830F0B	AB7F86290E81634504A7331BB69E04D8B64384BB99EBD40F0071AFC3541DB267
C:\Windows\INF\hdaudss.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3d28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FDEB55C33DF79BEED4BA950ACBAF3895	806C9B87F7AEC853F383D60B296289A38EBCCEAF	27C6E261443540F0B444E5CB92671BDDA806D50B59CCA2ED57A315B0FE147B70
C:\Windows\INF\heat.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfc8 "Signature", at 0x68 WinDirPath, LanguageID 809	E7137C8F8EB246DDDE85CD3C98E49FDA	5C5AF134FE159FF729C0EEF8A6192425CC6D6827	D630287E18FD6D8A9FC6D08ABC1B74007EED7679EF99B07A9304FA687D2C7B63
C:\Windows\INF\hidbthle.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x24b8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	76BD08A478B087A677EA2218378A8C24	6BCA205BD8E62BCCBD775F7F25877C37E377D066	3535A81104831057CE5452CD42BBD58A18A1E6525640895FA369D8EB013A0E81
C:\Windows\INF\hidcfu.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1610 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0286380B983EC26D570E4DD0CFA2876F	5A84649CF5256FE5F099BEE636E27FBD97C0FC5A	B3B74D77CED714C419D293C4AD89A7DDD1ABD7B1B92AF2262C01FEFE2597A8D8
C:\Windows\INF\hidirkbd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1be0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C0D2790438DA01BC987FBC6DBFF963CA	0D024A9414DE7717435562786DA10D76E8D24C42	BEC49D4E9215581A29CB98BB82428FE010621111BEC13AE02AA4036882EDC7F4
C:\Windows\INF\hidscanner.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x19b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E84591079665104A3B5F56DA54ECA8E1	07408D65F26825D6A46D408B4B0BCB5AAFEE74FA	8E029105057BA96929E8435973D7E82CCDDC9ABDD14DF4B3DA3ED20CAB5F873B
C:\Windows\INF\hidserv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3c00 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9B3A7939101F2A9D5530023DB2FF5E32	159FEC6D962BC119B628701366217AF2D70B21D3	E179960A69D886F501FE14806DDB97DB01B1B744E8CCA707F6D9FE92F46DE8C0
C:\Windows\INF\hpsamd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4c10 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	80A5A313E97D717E83B8900713CEFBB2	67B01D650AF8C925F19DB72DB279B4C81DFCEECF	D10A74F286CF961811F63760C51404396979DFE28A9BF5BEE6F7211A3F889AFD
C:\Windows\INF\idtsec.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1cb0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E3BE23FFCD01255A8EADB0D84D7047F7	581F1231DC32C241640A4C1DCAA771217EB00F57	2C5BA6DFA16C781240AB93A2ABE75F61DE1F99A2E6E22CCE22D55F649555346E
C:\Windows\INF\image.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3130 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	EA93DD5CFC9BACD5E320E88AB79CE7FB	28AFD0F157E6E430726F50DA2D4D05E557FEC652	1DBAD2563C86D1CA618D6D3E8E5278B24F7455040AD31B82A4B0F65B06E5C1BE
C:\Windows\INF\ipmidrv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1468 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	57ADE80F62C9405EE51CD1EE30A767E4	20EBB56A378E12E11C35499581DF3DD2666650A7	7C96980E06967A99F2A6514A21A84C10E3BC1F2015A410715061D6474B297762
C:\Windows\INF\ipoib6x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7b50 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1FA26DB6CBE7B2F9984ADF8252F8AB57	9F8AAC3D749F7F0BE336BF4A4CF67188C4DE0157	A9286874D1859DC64DB55D7E9C013C99A80A42B5E75377E1D4EE9C29A27BB42F
C:\Windows\INF\ks.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15998 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0D9A32D3AE17F74FE05306685B5254EF	DF07B3F3CC80F7C494A6F96984EA45684B64B64D	9EBF618CAA4376D36F7E2E8ADCA732C6714DF9C60D10E221339F029401BF60E4
C:\Windows\INF\kscaptur.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6fb0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8A8706040837DC8817CE39F3904426AF	6965FD2CF5552C6AD0398817D4AD9C39922D107E	05DD93E917FABDD8BBD08323CF2BA20ADC45B0FC3DE6AE1EC099C9DCBDBBA75B
C:\Windows\INF\lltdio.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xef0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3B77D12AB88A9B006153455DDC8287FE	393F4AEAAEB4A1AA54F7408A318030054867CF30	4D7B95D8C9BB040C237B289289A052B3A22013ED53898AD1B3738FB3295660E9
C:\Windows\INF\lsi_sas2i.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4140 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	70F6AF0FE044CAAA552A1937ABFB92C1	7B668F0E7420AF393340BBB0622D542A362A4451	17C46D6BBA3CA3C2842F10B465E149D02F83A5ED090D855465D41D7991829CC8
C:\Windows\INF\lsi_sas3i.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4e50 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	227B676BA5115465B9021A68C14B369D	28F3332BF91C0D7F007E60BE3D72265E9B5C024F	0E4E44C97DFBE187EB734A7E522A8FB596733AA74FE82956DAA74CD5C2DDE16B
C:\Windows\INF\lsi_sss.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b40 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	CBB9374AE38E824C8EFE118F31880BA0	1B1F2AAB91AF695B216C8F5E65B9330A801E48A2	978ABE909C3E181AD73727ABB638734E00E291672824BB0570FE6063CAA7F87E
C:\Windows\INF\mbtr8897w81x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12a0 "DriverVer", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F00F7E06E123536153779BF316FA1ACE	1B0330B5D95779784AA2B4C23B7B94DC2C900F6C	A6300ED2CF16B2D3E6F7FB8D1D11C62DFE1226CBC93723BDF1ABFF85E2EDA73A
C:\Windows\INF\mchgr.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x17518 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2D04947B742C0015BD8A64178B49DD17	CB825ADF0A120E055BAEEAAE812D2D32A1340DD8	E421A0E8FCF793E94FAAADB97CA65D8C536F893B0EE3A076C1EFE158B8A63E17
C:\Windows\INF\mdm3com.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe460 "Signature", at 0x68 WinDirPath, LanguageID 809	6FBF3794C222665C1265E36C9CC12206	443A1C967DCBCC8E7F72BF1AEF15AF85205A9342	76191DF94DCFF5E1726B4B12A63BAF90AA34623591695986BB30BD5CDC4B1C91
C:\Windows\INF\mdm5674a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x53d8 "Signature", at 0x68 WinDirPath, LanguageID 809	609A9E5FF94F756F028C3A5B3AF80418	67385FA563FCFA318FB6DC4FED2BDDD614A0B994	413EFEA79618079C1DBF19809690596C9E563FD791DDEAE2F891CDFF76FD44C6
C:\Windows\INF\mdmadc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2540 "Signature", at 0x68 WinDirPath, LanguageID 809	22C03D5AE858887BEBB2A432D0E23550	BFAA7B748CC9E8EF3F544A4702ABD0A20705F8CC	84295A1BB61842BD7F048F58E89212AE8E4DE4F55BA3C44A771B63AC9552977F
C:\Windows\INF\mdmagm64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9108 "Signature", at 0x68 WinDirPath, LanguageID 809	47FAF6CC224F71BF39F06B70CCB3CB78	34FD21EFB52B7D28619B192647599F7125E47C6D	775017EA1FFA29C77385D008A7C3B6218C25CCA723D1F9012DD9B7BB7F83BDB8
C:\Windows\INF\mdmags64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x171d8 "Signature", at 0x68 WinDirPath, LanguageID 809	D09C97F2890361DFFA6AB43F748C753F	04E0C6A26B5ECCC5B1A058B4C0EFE9D7655226D6	E522523BAC43A83A065C458BF888D6E0CE5149CBEE1798FC59C113D7E101BA0A
C:\Windows\INF\mdmairte.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1950 "Signature", at 0x68 WinDirPath, LanguageID 809	024403842499A79AA8D39709D7468BFB	5F11F9A53332E450B2ADCC8F15B921C4662F1F9E	3ECDDDE228C3D773DFB56E8871779195BC97D919D2F0579CA56CE493546937CA
C:\Windows\INF\mdmaiwa.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x38e0 "Signature", at 0x68 WinDirPath, LanguageID 809	25A2D5F44A2D23B0385675CAA0A5CD3F	7DBF0D9908B832A60954F57247788AF9F21CA986	A7724093C26B2439E72ADCA49F3495FE1141A92907FBBD9017153856AE9A22AB
C:\Windows\INF\mdmaiwa3.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2b80 "Signature", at 0x68 WinDirPath, LanguageID 809	CCAF719F347FA043E96A854B980979E0	B53760B3FD4C67340159377071D9013C9BB45942	040ED9C29811046599E9A2AD06E6FC9ACA503B7521ADA1313F848ED8619033C5
C:\Windows\INF\mdmaiwa4.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf7c0 "Signature", at 0x68 WinDirPath, LanguageID 809	1B3159DEDCEB63EB232DC675EFE14C89	1831FE869CA60F112CCABA22F893E41389DA704C	4094344EDD0A05021BF44258A5598A7041169DEACE7DF7D810D59B7FA1F33228
C:\Windows\INF\mdmaiwa5.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3f28 "Signature", at 0x68 WinDirPath, LanguageID 809	9A3265C1D457B0042A26D1B45B1BD649	2929A9170A7BD58BB35D2DEFF4D765EC4576F2D6	06B7023EC0137191AB9CC839A3BB1755C641DF41B55625CC73114FBDB0080813
C:\Windows\INF\mdmaiwat.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1aa8 "Signature", at 0x68 WinDirPath, LanguageID 809	57C78CABB685D43BEF02EE38FE902268	232EDF73964985F6A3D92E43FB8B363B1E3D0154	B1CB03446627E02633E22B3E8BC7C77F848A113E09860D9AA1290D5501DA0B0A
C:\Windows\INF\mdmar1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x29d0 "Signature", at 0x68 WinDirPath, LanguageID 809	D001EFFAA8C8DF3572E3081151458F04	99FDC14CFFD220976174FEE03D53CC5449929034	E9EC59B0AB9840210819F9FF5225DE72100FC4D35E8E2B81ED4BDD1950C3D559
C:\Windows\INF\mdmarch.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6660 "Signature", at 0x68 WinDirPath, LanguageID 809	143660BBC9D8B30748C18A941BCFDBE3	A67F9289C3D83DA0BA425B88044F97AB7149A66B	302BDB3D7A7F603B6ABAA59D557F0B2D04A8E6C0D5DE04953451A5F23469CD19
C:\Windows\INF\mdmarn.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2ad8 "Signature", at 0x68 WinDirPath, LanguageID 809	939B3AC2111585D84F1089F0FD6A5DAA	AC7A2980D06C2483D9A5BB1959305911F9E0CD21	7ED5683CB1B80BA644CC330AEB0B8BB7260671FE041213ED9C2BDD82DD877567
C:\Windows\INF\mdmati.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9ff0 "Signature", at 0x68 WinDirPath, LanguageID 809	89AD25E77C23C9D99F7B9F2468989DFE	7DAAC693E24EA346137DBDA702B24054CE7375D1	5AE23CE3A145BEE82E29E5E334DE15AEE3E8D84C11CFB30B8BAC0A59F334715A
C:\Windows\INF\mdmatm2k.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x35a8 "Signature", at 0x68 WinDirPath, LanguageID 809	98FE6BACB9C1A16706788C1D5AC88748	46525DD9AA930962F59CA29DCF1196D492FFB90A	80645FD817827A9F74BEDA52D136279D950479600A90E50EC37B9A6B1CF634B8
C:\Windows\INF\mdmaus.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3048 "Signature", at 0x68 WinDirPath, LanguageID 809	771B6E8ED340408152BD161254F3AB7C	E56EE8B39E49B8F5346C28C86A5E9D190506008A	FB803AD411664C3DC0040416B99F60BA918E992BD4A33992269B7FA67B4C2451
C:\Windows\INF\mdmboca.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6e88 "Signature", at 0x68 WinDirPath, LanguageID 809	7F407AB8B7D706FF6E72535DCF979E59	6CB476AF46CCE60FB35EDA634A622496DB0470E9	D34D87F97B32AD23FA992CB8D76007F383B15498B82A7FA3162954062787BD05
C:\Windows\INF\mdmbsb.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x37b0 "Signature", at 0x68 WinDirPath, LanguageID 809	2E7FDE64519B0F7285948706F70B3C24	6E3F79332CC481BF715952B781E7BA9913EA4DCD	CD0F6FE9C76F2A73B152E9D878B6B47C2C5D560581208654CCC1A270CE42565C
C:\Windows\INF\mdmbug3.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1db0 "Signature", at 0x68 WinDirPath, LanguageID 809	BCF8C938C4DAAC14DB9DAB2F16715CC4	5022988DFB768343F152F6B6462103888E195431	336C0CBFDB97AD38FEEF8C38A353F131EA69C88275CB165129247D7DE525A8A0
C:\Windows\INF\mdmbw561.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3c20 "Signature", at 0x68 WinDirPath, LanguageID 809	03A47CE9C7D4FF17DBB8A1C6C612B8B6	495D7C7E6E056AA944430236122AAA0F861E4815	DACB79CF2246B3E5BD5280A5EA7A379D37FF4146653AD8EFF29898A84D4707BE
C:\Windows\INF\mdmc26a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3330 "Signature", at 0x68 WinDirPath, LanguageID 809	21D51FD3451B4B17B18AC7D96F30BE1D	C7CF2A50E34E157664315654AFED8C947BEC56EE	91B0A60DCEA64428F589401A5CE37B64CCAC76A827CC7C038DCABD6F17D98908
C:\Windows\INF\mdmcdp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1ce0 "Signature", at 0x68 WinDirPath, LanguageID 809	EBCB775BC25CE1FC8FA26A92858EB21E	EE5D11815BA043404AD74F981EE9C13D083E9291	9B65A1AE461A256644708C6A1BCE22817FF7794954129888F3CF19991DEFC8E3
C:\Windows\INF\mdmcm28.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8f18 "Signature", at 0x68 WinDirPath, LanguageID 809	2B4D00F9EC4ECEEFF7B9A3D1686384E5	7BDD51FBF2CC4AB9590DF79D5EB851D951ED03D5	8010A6DA359BD874CCEE04E59BAB1D7AFBA3E195D9A2E0A82754D3636586F528
C:\Windows\INF\mdmcodex.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2de8 "Signature", at 0x68 WinDirPath, LanguageID 809	EAC256670F26E48D82432AB355ADD5B4	4A59E781328723124620E2E877CB816085F16879	97D22BE0A5AFED67E83225B7DA2A052C69C86EB2461153FB8635EEF0B8899DE5
C:\Windows\INF\mdmcom1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5c00 "Signature", at 0x68 WinDirPath, LanguageID 809	4C5B2984CB2884ABACDDD802542E50E4	46025CBB149E6B2F635C6935402CD1951BBD7AD1	7EC079E6481B74725D8FD896CBB9A5EE52E006C796B84578A64A1B5A34B64E01
C:\Windows\INF\mdmcommu.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1e00 "Signature", at 0x68 WinDirPath, LanguageID 809	A9529F3FFAF045FA8CD2036B32E75483	F7D6E183863CB1F57D86E11DC0788239E6459477	3A207E1BD99B34811DB42A1313EDBA743A196D46872F443FBD928185AC6101B2
C:\Windows\INF\mdmcomp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1cd0 "Signature", at 0x68 WinDirPath, LanguageID 809	9B29A63B8B9DA0D79BC33C87676A4E13	A75A49EA61D2053279BB666A45A5B77227C6E9E5	75E1D0306F0C2BB3876E81E5A028659E784048BE98238DAE97E7C7313A64E2CE
C:\Windows\INF\mdmcpq.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x126c0 "Signature", at 0x68 WinDirPath, LanguageID 809	ED91749120146E6984A02ED1DC87ECB6	F154FF11B3E0EE85DA8A72A2725F5D115929BF45	43D68B39296943BC0EECEBFA4DCC2562339D700B73EE84CB7BB1265D68E9F0F7
C:\Windows\INF\mdmcpq2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x69b0 "Signature", at 0x68 WinDirPath, LanguageID 809	E58452C36096AF130C4B8BB27CD1C5FF	DB33067E1BDC42F4225EFCF9126D81DEB608D709	95611BB35AE679EE62955181EC16A93561C5DE793C25658B32B578B13B5FC7F6
C:\Windows\INF\mdmcpv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2430 "Signature", at 0x68 WinDirPath, LanguageID 809	770EF29209D27D11202B33E2755B9E98	7E82A4DCE74C0A67D906E6AAFEFE192CBEFEE033	0246D487617316BCC23673DBADA275FBEB86EF0D2E9B49EA1A74D4A85E888A4F
C:\Windows\INF\mdmcrtix.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2fe8 "Signature", at 0x68 WinDirPath, LanguageID 809	ACACA8435885585D54BF0B7AA882D183	79413474AFCF13883B14FCE45F1562479880CD80	2F5F017516C83EC45F1179D0F980F4D7550C869E90E7D9E8E58806C76D4F0CB3
C:\Windows\INF\mdmcxhv6.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xba80 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F17ADFC03B66CF082F1B0AC640BEF4AB	CBFDE2C603F2233184A2278A49746981BD096E2F	5A0CAE11038331D790B182E541F78E7B2506E8816E47C446375D9432300D57AE
C:\Windows\INF\mdmcxpv6.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xa288 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C72F3498290C8F54BCB2764369B743A4	F858AF8A0A8491CCA1950474F86D59FF361A9667	09737154574F1DDE8531ABBAECCF4911AC91DA151670B520A1E360513B5CF0B2
C:\Windows\INF\mdmdcm5.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6d28 "Signature", at 0x68 WinDirPath, LanguageID 809	FD25C8808751D10E6D61540809BE855F	0BB8E275A22F103DC3E38033A8DB148943492C33	05C5581142E612EE91208FD16D0A668DA0FBA402BDC20E4A6AA1DC58BD456F2D
C:\Windows\INF\mdmdcm6.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4700 "Signature", at 0x68 WinDirPath, LanguageID 809	5C26FCECA460BBFF045ADECD1647CCC0	1987D495FCA39BEF7DD4948444A74E77024403A2	0366C2BD219DA39F2EF1266085692F34F8B4CBB786FDC37BEFB2C1CD148D3455
C:\Windows\INF\mdmdf56f.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x38d0 "Signature", at 0x68 WinDirPath, LanguageID 809	BF8BCFA475FDA2B15E0865FDD5B644E9	873A3A9A2D41881DDCDB45C0C746560588656434	554DB818A21B9DF2695A295F435E7794EEB158C3F93AF06C5B0B9AC238B6329C
C:\Windows\INF\mdmdgitn.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2bc8 "Signature", at 0x68 WinDirPath, LanguageID 809	C258D3D7C8C0D47523C518D2FD654D9D	0FE1F0A7A1401F4B7FEDE9809BC42E160285F481	4FA7C82642FB2931444DDC90166E8D3156DFDCEEDA55019147209D312110C887
C:\Windows\INF\mdmdp2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x25e0 "Signature", at 0x68 WinDirPath, LanguageID 809	B9B0E4E434037C3C6C676AEE682CAD78	DE9D79A879395CB81045BEC0E213239C1D967277	2C5FF557060627BF2EE6EAF4AC09E700D14FFAAFF640966A7418481D73AD902A
C:\Windows\INF\mdmdsi.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12688 "Signature", at 0x68 WinDirPath, LanguageID 809	5CD824B5B0D0D14C14B06E37B459781E	8C511588914A4EEF0C04EA3C8E31F4C989CFA39E	DD8AD5AC5193E72A72C806FDF769833E55E45C8F4E42721886B550FDE7D5AB43
C:\Windows\INF\mdmdyna.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7370 "Signature", at 0x68 WinDirPath, LanguageID 809	1C4359F2848FA408B224FBF36952B60D	7C3C25F5028997B5CABB66E5BDAF6C1E7C85DD5C	A2CEB01E94535C4BCE853AF60981C73F312D27310FD47A9C2038D1332082B319
C:\Windows\INF\mdmeiger.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3de0 "Signature", at 0x68 WinDirPath, LanguageID 809	D4C570778C1C4949C92C267A848A191F	A0B96E1379C818F29ABBB930CAB8317DDF3335E0	CB4E6BFEE6391F58F93246239726C95004979459D2AE1DB68319356041DB81EC
C:\Windows\INF\mdmelsa.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe940 "Signature", at 0x68 WinDirPath, LanguageID 809	E845E1626A9715F0EF3097434A77204F	9368AA1A9D34A65E465D299488ACC0E15B105640	AC26D2EA4F53CD432C10CEF90D3639FA56F887CED8F4B586A2BE52BFAD1F8DBF
C:\Windows\INF\mdmeric.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3080 "Signature", at 0x68 WinDirPath, LanguageID 809	0348C7931FCA8F783B89DFAC2C910346	A6E899B9F953725EA4E3C3AE2B69118E7D6B3F05	A5649CCFED63A6CC0A4B817961740F2AD88E03372FD97AC8CC5BBD45DAF6BD87
C:\Windows\INF\mdmeric2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3608 "Signature", at 0x68 WinDirPath, LanguageID 809	D794CD666E364B5FE72E29A81AB4F266	AC82373DADAB300FE1A050169DEB706E099789F7	E3BE8DEEDC52FB6AEDCC06BEBD10C6AD74C9E4B08594C75ABE1423A1F298DAA0
C:\Windows\INF\mdmetech.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x71e8 "Signature", at 0x68 WinDirPath, LanguageID 809	DBBC35232089FE03C9ECC8123E98B48E	D0191B2EB5F8932611B14AB768CDFF5CCC3DDB63	FCD4CD1C36574E39D7B171B016237DC497115778C52D4629337BFA2EB8C28F60
C:\Windows\INF\mdmfj2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x32f0 "Signature", at 0x68 WinDirPath, LanguageID 809	442F8388BF239057BF3B05E7D9DF9299	E652C45D3E1A5F54B972828CDF453CECB6A59B34	BD62020F383BBD2CB95769C8EEDB0054843BEFB98D3F8E86562A8E96ED682494
C:\Windows\INF\mdmgatew.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6e90 "Signature", at 0x68 WinDirPath, LanguageID 809	A776020229AB4E8C7C1A29CB6B3E6CEB	225605E6E9A96AEBD4B54A2E6ED478B36DF39C4B	85740EF91FC5FB4DB0672684E61776CB50B45782D57C235FBC9212EA19B546D0
C:\Windows\INF\mdmgcs.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5f98 "Signature", at 0x68 WinDirPath, LanguageID 809	9F3AB5A2FBAF6716C21679E6120ABAA8	6A1BB3BC0EFA2753915E8F20C02332D3354E4D8D	FF4ABB89B5898FC105E2DAC52D7BB7672EBC87BC77BF0A5FE8DDF4B02B8E89A7
C:\Windows\INF\mdmgen.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8758 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	94847959AA7FF70C99D128042D75EF02	BAC4671CC5F7F5E3E99AF258A4AEECE67262C4EA	8CD37FD88DF1085D63A79299303A07F60433ED3A43F3B35D8E59DFC1036EAC0D
C:\Windows\INF\mdmgl001.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xafb0 "Signature", at 0x68 WinDirPath, LanguageID 809	5EC7A8FC4F506A33400581A07CF1FA12	D203497EE6BDF166F621731FA82AD71060843957	B4C5B982EFE9E97F9219D2D34F99CCFD1FBFE8CE4280D9B5E0AE864AA47E9ACC
C:\Windows\INF\mdmgl002.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd1c0 "Signature", at 0x68 WinDirPath, LanguageID 809	A5237D320E073ED1A9D90870CA6A5369	2FEBD273774563F51186184C7854DA25BCCE3B74	B024C5150F0F2F0D44361ADE72F231D67F12096E5211787FE2F303DB1D13639F
C:\Windows\INF\mdmgl003.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3588 "Signature", at 0x68 WinDirPath, LanguageID 809	FC8F735CCCE2B51DE6665A888A2B7488	6F3CEBEDB4D601639FC4B13B32207A45C721D1BB	91B86BF10FCAD28C65119A04DED19F4E96A1C57ACB847BADEB2D1981137BBC9D
C:\Windows\INF\mdmgl004.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xcc88 "Signature", at 0x68 WinDirPath, LanguageID 809	D38F98625ABDDD1CEEA597AD72EA84C9	3BC15B8F67AEA0544C5B3A6097F6146B504BF4E1	E4F6998A6F2A0D4F629540E2F859849AD24261146A8E1967AFB64976F87801D0
C:\Windows\INF\mdmgl005.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc018 "Signature", at 0x68 WinDirPath, LanguageID 809	CB3FA7D0D117B41F4B613CB3E790F79A	A684375D9C5D13836BAC732C484BF56C6616D741	A20E7015A89CB403210542CBA59E3F01F7AC211DD2082E8D2BE2BA86CC2CFE78
C:\Windows\INF\mdmgl006.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xb1c0 "Signature", at 0x68 WinDirPath, LanguageID 809	472D7CF4A180BD597C39395A50966D40	B172B8C70D63503AA14124B4365A874AE726DB0C	CFFF39D4454036027BECFF4DEF1B1BC69EAFC9BA439B58CCDF38EC4DF6979342
C:\Windows\INF\mdmgl007.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x13200 "Signature", at 0x68 WinDirPath, LanguageID 809	1A0A7287918C71C5BE0995E230C30675	6DB126584FF6387A339259CD3EDEFED074C7E9DE	3B0984A1A6B3694650EB71CE5D81816BDA4E5AEA25000118652E8CA1AE3F10B4
C:\Windows\INF\mdmgl008.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8290 "Signature", at 0x68 WinDirPath, LanguageID 809	334543901F745E4F16D90352C0FD2B3E	F141BE3AD02DAACB73DAB7A72B64E33A3E148A80	D8C1FA18FEB819EDF7F29C19C53801F3E18084D16D3D9D7C209CFA6E14886C21
C:\Windows\INF\mdmgl009.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x14320 "Signature", at 0x68 WinDirPath, LanguageID 809	67BCF3FC6C982F8E2C693F4DE4DB6017	71555C0310C0C41EC8294D19E59EA26876CF05A4	AAB38F54E94C18532B1E70229F518F3F1563C684841BEACA162C75F582BF8323
C:\Windows\INF\mdmgl010.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd1d8 "Signature", at 0x68 WinDirPath, LanguageID 809	584E743CD918F1E23FC2F04F2B57F1FA	D2580F4ADEC975D7E8BD648FA4FD1C1563D487D2	3AC9E93CF24A373D9F73F3D449CBD244096661AA2B672EE5E501EF9082845086
C:\Windows\INF\mdmgsm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4338 "Signature", at 0x68 WinDirPath, LanguageID 809	743FFD12BEC37AF60E925D3EEEC177C6	0FEEA2792C9DD5CA2293523B790F2592DFEC8BE5	DE32C0BE383A1F99923FDD2E28B2ED0EB787449C6C193A190A6ED08545E9E8EC
C:\Windows\INF\mdmhaeu.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x18f8 "Signature", at 0x68 WinDirPath, LanguageID 809	FB0139F9CA5340DC548FB33F8B4A9DEC	58EC9DBA2F9B63CF0EA4C5A56E2026646F36119E	30B010A86BA8B94D7541E15A9ABC80EDCB1869C56C4C35FE46203CF772FBC4F9
C:\Windows\INF\mdmhandy.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x86a8 "Signature", at 0x68 WinDirPath, LanguageID 809	1A43466EBE7D5E857B4E2A3D02B3391F	B04EDE70F64CDBFBDD551E7228EB38CFDB1C77FF	374B41701EC00459AFF3FC921C2715424DDDEB84AEED2C196218898FDE0FDD93
C:\Windows\INF\mdmhay2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x76a8 "Signature", at 0x68 WinDirPath, LanguageID 809	DE160F148BF88C28C90BDFA4CC84B0A8	3697C21C24CFEA90545391C1A0F6D7F4230F6F48	33A81EFEB8F643FD37C250289E2B9C9651EB51847E17EE901AD9ACAC2F5FF8C7
C:\Windows\INF\mdmhayes.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xcbf0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	889F7C159722268E9746A4AD89B3C479	E1647CC2E55874C44F767AB176BD8D40F5597499	A22F37F029E08882751A981D13ED134FF7D3DFE91C1127AC120E13DF54775E9F
C:\Windows\INF\mdminfot.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3758 "Signature", at 0x68 WinDirPath, LanguageID 809	8D8E72C04A5BA2E226B30B77EB03DF72	56D4297A6FBBAF7BD3385B2C8CDE05E7B85BBA08	769F18997DBFD0083FF2849459D68D077F735FB61675B0A442D93FCF35E16A53
C:\Windows\INF\mdmiodat.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4660 "Signature", at 0x68 WinDirPath, LanguageID 809	732C8D8B5D8F552EA6FE7B6A1E9486E8	20ADF860B99E8DA2245211B3B01ED0F26B5E4435	E7DEFA72C36A078DC935F002D7A4DA50772F79992E3AA05493DE82D27DA58B35
C:\Windows\INF\mdmirmdm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x98b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	531881759FCBA13F49968D6F828C8C81	40E235CCF7BE325EA45ADB25B98A977C78520115	CB317CF2E11BB07F73A3DB28CA72347F5D2D09F2381D835B6A676C2F4DB5DF45
C:\Windows\INF\mdmisdn.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6b10 "Signature", at 0x68 WinDirPath, LanguageID 809	C6007C5B6F83870B9674A4614AD1D45E	2F05E1990270DD6E68E4E694DD17B72DDB4172D0	9F708DE468AC18FB0676AA845398879D60F925DF8150A9F80D21E3573966539A
C:\Windows\INF\mdmjf56e.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3bc8 "Signature", at 0x68 WinDirPath, LanguageID 809	E01E00A1F5C8DC819D3744EBA01971E7	B673F29A316DCF697DBFB1ABA1B57CBDAB9173BA	C137B3707FA6D0607380D18B10BE8D858B0EFF67F3D1277FFEE676C9662F6E30
C:\Windows\INF\mdmke.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2070 "Signature", at 0x68 WinDirPath, LanguageID 809	82CB8BA70D4BAB81E72454044C19F5A2	2A386851526124F19786BE121EBAE85D723F767A	9BA1E7C5F8E3BD1CB1BF543D501A9B17BAA7FBC4EFBD43588FD9B9A32FB8E7E3
C:\Windows\INF\mdmkortx.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2060 "Signature", at 0x68 WinDirPath, LanguageID 809	A1449F082CD9E83B54D9B07E2920DBD9	07075EA446FCA5230FD3D2EA12EBB2E399FC8CD1	DCCC8BBFE63F9B991C283B56F26973435AED5E507A796929F1C4783060AF4019
C:\Windows\INF\mdmlasat.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3460 "Signature", at 0x68 WinDirPath, LanguageID 809	A8E95AA33BB98906615064EE8FD9AE99	D9ACEA84D7EB1876ACC879B8F14985F09E741FA3	1818151A7DFC507E420C9DAF6B703A3378BADB776B99355ADD21913B8AD1158A
C:\Windows\INF\mdmlasno.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6080 "Signature", at 0x68 WinDirPath, LanguageID 809	8B50A9ADA75236B341D99C8989C6A32F	04D0229D674E644723A4ADE4308866529D0E7139	60CAC70FD8D19BA5DF5A481FFB96F83B998F28B04E12550D0447663B04A20605
C:\Windows\INF\mdmlucnt.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5260 "Signature", at 0x68 WinDirPath, LanguageID 809	9CAB84CAA3BECA1AF9A32E3B4CE949A0	78DF800A8176E2C0B7EACA2F4990070F8BC8D40B	E83F5692E183165900B095844C5F5E563B6940AA908204DB099E8BCC2967FA4E
C:\Windows\INF\mdmmc288.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2180 "Signature", at 0x68 WinDirPath, LanguageID 809	3A716CBD56DBABFE063FA2E67287E991	47545B2AD9EE0FF2FD0FF464826004E6CAA7157E	7B344B86F324E6BD21EEFFCF7BA64AC8185E6D1044BE4DE850A68034C74B209B
C:\Windows\INF\mdmmcd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b88 "Signature", at 0x68 WinDirPath, LanguageID 809	270E88CE8FE34DEB6F0D5CFE9C45B5C7	4A04983214DC9C700D34E68C2ACA9443C970B8FE	1A20D0D396AD82DFC0ED47762AB240BAB3A3630CB8408E584555B587551F0BAA
C:\Windows\INF\mdmmcom.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x63b0 "Signature", at 0x68 WinDirPath, LanguageID 809	EFDC2C65D1763251A010CD8B279850D0	CCA26A13E41CB79AF108B57D729853A919036793	B7F0DA22D3DB277998BE5529CD4CDBE84EC24EB10E03187F52D68C1AA7B31D66
C:\Windows\INF\mdmmct.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xa5e0 "Signature", at 0x68 WinDirPath, LanguageID 809	2F58407AAFCA2890854033B06A717E73	4AA031D49833737A4CD8AD0453FE14D5247DC600	88F6F321D1DACC54640F8C7EFE6718E929C5599CF266B12EF38AB0154E418481
C:\Windows\INF\mdmmega.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x29d8 "Signature", at 0x68 WinDirPath, LanguageID 809	FA8AC2EFA775CE83A8D449F9E2E142EB	58365255BAFB9742E0BBD6A07B69148A4E6F3DF8	2E49D26328386AA5558E03E6FB9D23675377088DDC0F6BA3A0C2FA92CC00D45D
C:\Windows\INF\mdmmetri.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf3d0 "Signature", at 0x68 WinDirPath, LanguageID 809	1F1ED55D2E4F156FA4A00A75FA85F88E	8C89344FE1D8A565261EA27699E0780B4F8AD9E0	47BC3398DA763463C7145E726CFF2CCD017A3D15B64589F1112A2440A1CB2A87
C:\Windows\INF\mdmmhrtz.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9338 "Signature", at 0x68 WinDirPath, LanguageID 809	6DDD78DAA23ECE43D307423F21EC493D	6F33DB81B994D995DE47D65F3CD68C373A7770EF	63DDB89B42946E7FA7FA7A8EA62E56B4F39E8C752D0CB434C374838820633252
C:\Windows\INF\mdmmhzel.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b708 "Signature", at 0x68 WinDirPath, LanguageID 809	45E0D59CCD768206000962738CCEAF13	BB1A69949DBEBE065AD91591EA130E9BE5D3054C	A90F7F53E702A29FAAB1B50E23F7EEE0E30072B6DFF15DE35E711EEBC8CF3DBB
C:\Windows\INF\mdmminij.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1d38 "Signature", at 0x68 WinDirPath, LanguageID 809	F8F416420E6B5600A02146FCE3A85180	50E4CBDFAE3746C4671B599D050E1F6387A742AB	99D86EA281ABFCAE24DA8DE8265ED27839BCF7088B4806088C04170232B5545C
C:\Windows\INF\mdmmod.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3360 "Signature", at 0x68 WinDirPath, LanguageID 809	841A20F62818B17ED28F43C28E820B93	C13E53C6B9B62DFA3FBB286EAD111668A363CA3A	28E8538272B2E7DD1807A7D58778511601D78F33DC2731F0D348409FB1B2C6ED
C:\Windows\INF\mdmmot64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10ca8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	77FAEB3DDB7C5FE762B15E74964A2FA1	302F477D6F755616D6618B9B8DA0F13D6504AA79	DA2D83629B53C40122C6EFB1DA169389816CCC0419CCB42F795950DB0E20DECD
C:\Windows\INF\mdmmoto1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2b88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4069277CD54A490B856EC49979AB23E3	1EF07A77437400A57EC130B3B4770BF7570174DE	F8C72A04261F7C5638CEB4702622DAFDE085BA08BDE1684D8637F632173D013F
C:\Windows\INF\mdmmotou.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1968 "Signature", at 0x68 WinDirPath, LanguageID 809	9BD2BC29E87E1D0E7E975E62FA260479	81796097389BC6882B2F2E317377E8D2CEC17BD5	1E478351BA6D30F4A381DFDF65C716E38F01716A36EE11AE651BE67BF70C05F9
C:\Windows\INF\mdmmts.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9520 "Signature", at 0x68 WinDirPath, LanguageID 809	A82FAB729D1B0B174C3096E4F476140A	769EBCF7A61CFD01C73D4AF314612966516DA076	F87B7DE66CA5ABB132164A8A24814FCE7530BFD9408A34293D5F4BBEB1A74D29
C:\Windows\INF\mdmneuhs.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2f80 "Signature", at 0x68 WinDirPath, LanguageID 809	798DEF24B359E19117B144AB12B77E4E	2E18CFDE948DAA67CC321D5AEE96DB0C607A9D7C	E4CC06AE65B6DAF9AD973E7D4201DF96EA4B2DE8F5F99DDDF72528AFF8CBC585
C:\Windows\INF\mdmnis1u.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1fd0 "Signature", at 0x68 WinDirPath, LanguageID 809	7ECAEFF006041607C249E404DC703487	BD37D1F9F066148193393FC35267325635D5BA97	EA591D2704A2F2C5EA421522AEF9BAAC78160744826600FA7B46CE648F1FEE62
C:\Windows\INF\mdmnis2u.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2000 "Signature", at 0x68 WinDirPath, LanguageID 809	9F4557077EE9A90103572F739C56FB80	67A7EFA87DBE90EB8D324C0F28050347FCF3F7ED	4AF618507C837F3C33FF27CFC45A6844D7CA3C1878F241065222C381E731B6C8
C:\Windows\INF\mdmnis3t.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1ad0 "Signature", at 0x68 WinDirPath, LanguageID 809	8CC0DCCC6684E176AB452E552B1B629E	29ADD67545B06370D0879FF80096BC0DB394CBF7	67C0F6CCC6CAAEE3898A23910FEBFBC5FA6E9B547597FF556E55A0AA76D6039F
C:\Windows\INF\mdmnis5t.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1ab8 "Signature", at 0x68 WinDirPath, LanguageID 809	4CE35836D4EE25CB1CDB9A4D4CCC78F1	0362713E8F18BF71C1A4CB112C5F88AE8B0DC685	7DD5E17F77880B9401F168A68895A927CEFD60C38F40AF27471FBD964F8EAA5C
C:\Windows\INF\mdmnokia.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9228 "Signature", at 0x68 WinDirPath, LanguageID 809	857C8EEAADB55333165700083571A6BC	511346AC77F22AA0937B1442120A1E85F659E63D	C03455A48FF833577131A507D7BFDBEBFCE7B15FBA687059900703EAF22BAD6A
C:\Windows\INF\mdmnova.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2ac8 "Signature", at 0x68 WinDirPath, LanguageID 809	A37FB784BC7FF8D05D82EC3994C38540	E8B787B277478199A5E3D038C586D2A961DCBBD1	128E07AEFBF7305F850323B06A789A05B0A9E8BC3CE01EF33C531107441F8FA1
C:\Windows\INF\mdmntt1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2220 "Signature", at 0x68 WinDirPath, LanguageID 809	2CB3E5690D5E0C0110D2E2EB91F2DEDF	391BF1689937D0102F2A7D8EFCDFF28A4038D20A	426C60232F536382F43BBA7340BE58B838B9E1B0509C07B16B8771B0409F3CEB
C:\Windows\INF\mdmnttd2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3298 "Signature", at 0x68 WinDirPath, LanguageID 809	FD301BA013CA2E2C264146FE5EB22A76	2E707B19CC6FA80231F8D09F3804B7152F75AABC	74A96D86DFE01799321B81A7295AAE46F475DF40618BF44DF4D1D90974724BC4
C:\Windows\INF\mdmnttd6.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x32a0 "Signature", at 0x68 WinDirPath, LanguageID 809	389200C8753B233CD954887DE56F225A	B278957D913588C257028649431381388B305540	27AFB95E9BD5D84CA26063AAD2CFA1F61F1C2BEC4506BE5C1D3ED378627DCA19
C:\Windows\INF\mdmnttme.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1d98 "Signature", at 0x68 WinDirPath, LanguageID 809	042E1C11CF5CD65622380531B03E0E5D	C838DDC92B181BC1D8C4C5C90F22213B4562A107	AB4BA67CC6875B30AB10BE5FAEE5213934197808AFCE319D3E65715149B4EFD0
C:\Windows\INF\mdmnttp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2788 "Signature", at 0x68 WinDirPath, LanguageID 809	420663FC76755B6191D773049E1AF978	3C41E086B25CD90807702C3A2DBA59E8EABCCD46	9C054E7C50850C7357A9FB200A5EF2D935357B788EA93C698AD8D0D1B9FA1AF5
C:\Windows\INF\mdmnttp2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2b30 "Signature", at 0x68 WinDirPath, LanguageID 809	AC2B2FC34CF7527B271A1924562CAB4C	9DBABAA450A7B0A98C010448A451258137AEB277	E06E9F2B00FBF98FF7A1363C4D2BBE3506F1A34577BEFFAB4AB06BED17741DF5
C:\Windows\INF\mdmnttte.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1de8 "Signature", at 0x68 WinDirPath, LanguageID 809	712FB207D7077BDEBB85BBFC16E7F344	75F6519E234AA066A155FC9C5495061FA5C6B8C2	A1B90055975F11CA617F645109E3F497E9C615C010A458EF920B59C92A6C9618
C:\Windows\INF\mdmolic.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x46e8 "Signature", at 0x68 WinDirPath, LanguageID 809	02DB6827E2A086E02D193E70473EC26F	38F7819A43938F1043B802FCE41EEBB638E342B3	3A6803D55B480676A4D26DC2FE429DE7286597226E0DD52A5830ACC8FEB982AA
C:\Windows\INF\mdmomrn3.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12068 "Signature", at 0x68 WinDirPath, LanguageID 809	A29631E4A1943767A2690BCB880796B9	651A228E33AD8A9C7EA47A89587E2311044FF8FB	2B701B6237572149080CC7412F07DDAEB4B11818DAE04FE669DCF34D09F32529
C:\Windows\INF\mdmoptn.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1ed8 "Signature", at 0x68 WinDirPath, LanguageID 809	057101766A60D9A67D63EC0A396FB833	65BADA21C535A3DEEA3AC2F818B8A9364D683D28	1F720DA23F00DA898FCD4A4643F5FA4C9D595274D81721FE6CC6DC1C9A00DE67
C:\Windows\INF\mdmosi.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x67a0 "Signature", at 0x68 WinDirPath, LanguageID 809	C5ED2A2B0CD3287903F1DC9B15BF3869	1708635E13BE2127A5D0902C3DA8236B922E9B0A	D8A8923681ACD1385B06E884B3FCE3AB33707DCDCCA8D0653F7CF7E75E136113
C:\Windows\INF\mdmpace.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3c90 "Signature", at 0x68 WinDirPath, LanguageID 809	71368EFA69079BA7A0BC2B4958474FC7	8BD2AC055183866519403481DA104BA032BFBB6B	E37F4A7E8BB7F2D8632EE2265C3C73E64091472F8EC2D2C2D28D08B2EE26C6EF
C:\Windows\INF\mdmpenr.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8880 "Signature", at 0x68 WinDirPath, LanguageID 809	FE8CD58612B4FACE3F8D9ABE0A6F649D	2BB807C534F02CC0C4DAB4AED7755A4C5CBDEBDB	ED6D6BB2EE716A27120FD98693907AAE82F25DB9D57A83801993B3812869E5A6
C:\Windows\INF\mdmpin.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x28f8 "Signature", at 0x68 WinDirPath, LanguageID 809	AFE4C125FBAF24282BF8E89006530A31	C657D36586AE93818A6AA07E442BE8EE2499080F	AB9C5293F69D629A00958E381BE7A2F54564B339865E4149F5344D7EF865C96D
C:\Windows\INF\mdmpn1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x20f8 "Signature", at 0x68 WinDirPath, LanguageID 809	E8C173D34C738D88F5FB624B549C555B	91A94866840F998245C1BB99836937E4E957B8A3	D58D543B528512F197DDFD521BCF6D1CE5E0F7169A6F42DEE2D43F21D8213C71
C:\Windows\INF\mdmpp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x67d8 "Signature", at 0x68 WinDirPath, LanguageID 809	16C9283C556600F7356CF1F7AB20CE9E	43C53938D23A483E4EBDFE8127FF3F4234E52FC3	FF722308B1C84E075F1AFCD99AC4735295CBFE63AEA609703755890BDEABB7C2
C:\Windows\INF\mdmpsion.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2bb0 "Signature", at 0x68 WinDirPath, LanguageID 809	7DD1CBA02E943790B12C6530D5CA6184	A284C17849F7CF0140E9A0EBF20341192ADE8B70	CEC32F20617AB5B125D38B418A577783FE6D55F7A00FE25ABA6804F4CC98590B
C:\Windows\INF\mdmracal.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xaa38 "Signature", at 0x68 WinDirPath, LanguageID 809	018F0CC1DDF053F98402546162FC55FE	E6ED86A8A51541E58D60996284E7D8E89425E4BC	24865364A2C4668AA4C3EEB63A6C1BCA36E05DF92CCD34BB0C48FC4F7B6F311F
C:\Windows\INF\mdmrock.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3478 "Signature", at 0x68 WinDirPath, LanguageID 809	88B1C4951A92415FACFC67360060E8B2	F50410656A99E8599B68A2437DA8F5F91BA832B0	0859FE03CE578922AF4A8125486F85CD5B04F36B1083D91AD088340716A1D67F
C:\Windows\INF\mdmrock3.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5190 "Signature", at 0x68 WinDirPath, LanguageID 809	E70E1FB78B8532641031E21319D4DEEA	46BC4586E0377BE6A3F74FDDCC9C99221D299770	B80BF2B610BF12CCCAA778436EE0095314ECCE3A110C1F01989E9C2F9918108F
C:\Windows\INF\mdmrock4.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x89e0 "Signature", at 0x68 WinDirPath, LanguageID 809	851EBA0A181F5EB57A31FC73F4826F25	074F82A26824E447003CB8E40F74B09EDDE4294E	CFEA93B9678AD606BCFC28ADC44E977687879ACB07D924ED9FB7F4FF3ECE29C4
C:\Windows\INF\mdmrock5.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10b88 "Signature", at 0x68 WinDirPath, LanguageID 809	3D3255C0AF3047B7F9EDAF4FD4E8E290	CB1E95B61B26F93B3FC277BE1B26715F8138108C	B40439BB694EDD07BCEA7EDF6EDC64EE54CA8A765E50CA54B2E37ADEAD2DD821
C:\Windows\INF\mdmsier.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5b98 "Signature", at 0x68 WinDirPath, LanguageID 809	76C46185D38D874DA48586E2611C6348	D0977A3210D216A61B9C2ABF107D10EFB3843F20	9B55BA67B0D502E5A58B361C84E26393EDA3F082DBE3D305312C8AC7B9CF403C
C:\Windows\INF\mdmsii64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3508 "Signature", at 0x68 WinDirPath, LanguageID 809	09FD9408202C35ABB18A9B1700D30B41	B8C0CDA768B1588A03D0E27B2733D7D05D0073FB	2EA6919D105A62CB426E1116688746D14964EBF1047D4D5ED80571CAF7DA761D
C:\Windows\INF\mdmsmart.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2828 "Signature", at 0x68 WinDirPath, LanguageID 809	810AEF0B0B31E559F9FE48F9A900C902	67692683BAC4598599B971235730DDD4C00B06E2	CB2F15DCDEA7592415BDC85FF8A8223C285EB3E600A43ED3674279E2F99D2687
C:\Windows\INF\mdmsonyu.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd520 "Signature", at 0x68 WinDirPath, LanguageID 809	7B2DEF6F69B74EB6D9FDCA003578D2CB	8A205A1FF0F6A3797E963EE6337F636983C4E97B	3BC05C1A8A4F892ED64F8520354F44924FE77FEC10D3A34F653D07170385A316
C:\Windows\INF\mdmsun1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b78 "Signature", at 0x68 WinDirPath, LanguageID 809	4A83410F7A9DCFEC22F58610E5CDD290	9BC9E69E3239956E5CBF798535F2958EF9F6DCED	5F8A27060A40DC23B6F2EDA5C850A67C6799D6E15B8BA76CF683070429340830
C:\Windows\INF\mdmsun2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4d98 "Signature", at 0x68 WinDirPath, LanguageID 809	04BAE2B4B5F5AC2BFBCDFBCB1946D423	EC5281F1615BD044608D6E488FF61A08EC9AD6E2	23BB0199822128394FE8E14861A3E4A1A39A818FFCC6E6D5D2111A2EE4562EFA
C:\Windows\INF\mdmsupr3.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5a40 "Signature", at 0x68 WinDirPath, LanguageID 809	95E3AB216F0944A91677DF370DEAC8C3	6A0451181B95DE46B2B2C06F26CC13529C5B6361	523EF6144EB4B0574CF658A23816DDD2650EEB689FEDF2044C19BB22F4DE062F
C:\Windows\INF\mdmsupra.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc118 "Signature", at 0x68 WinDirPath, LanguageID 809	F0F60A13D0FC3F0E46AEC2B797DA6C83	DAEB64989854DD7523791B8D9F6D375E412B10E8	3BEF4FE70EE7736E9693512064A0822BDC7E6E6491DE6BC91C1C3DD5F6E2C80E
C:\Windows\INF\mdmsuprv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4bd8 "Signature", at 0x68 WinDirPath, LanguageID 809	7E3EBE01259FB015B92E41E00F02AC5A	19B61743A77D0E41E76EEC44E155F63AFBA9C9D0	BE0B6ADE3474C7F79B68471A8D642C99474B977FB37C78BCA970A2DC77DFB195
C:\Windows\INF\mdmtdk.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6d30 "Signature", at 0x68 WinDirPath, LanguageID 809	4F5D6EEB81613957F78B07BB17278CC1	26F2DB423E1BBD9F713BB39DD47599E7AA6A1826	FCB5EBA05DB1A4656001C5C29A38A856154856B2F9A98E29E60CDEA8E39768DD
C:\Windows\INF\mdmtdkj2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3b68 "Signature", at 0x68 WinDirPath, LanguageID 809	3755D92EF78AABC093A28D11C338C3DC	2C5290F270C30D00367BEE2A58795975A95FAF83	8D71F0A7EA3DC7D88B9B2ABE63CA0D43362CE2960900999600EA1432B90B49A8
C:\Windows\INF\mdmtdkj3.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3240 "Signature", at 0x68 WinDirPath, LanguageID 809	869C871EFE48C79E3ED1E74EDE5A606C	A64C40D03251AD991E4E1503DAB1F2DD19B0BC3A	516BC45D8F31718BCF2D9E7CB5C91A388E0ACD3C51A51272A516F515551C961E
C:\Windows\INF\mdmtdkj4.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x38a0 "Signature", at 0x68 WinDirPath, LanguageID 809	98F2CEC1C85A0A9DC4B32B28BE8685A8	06D788306607C5B49592C5FBED8A812B01E2EF53	C719CCE7959588F9BD407C7CF555E6533D68FFBBB80FD170CC582467C18BCE62
C:\Windows\INF\mdmtdkj5.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3f08 "Signature", at 0x68 WinDirPath, LanguageID 809	35A958BDBAC7E64153E860C05975EE74	6C189AF294366D5813EC51E4547A1D8F4E6669F8	607DBA2C89CF94B3E0CB12673F765C52E855CB0D40D8C6BC11D4B27B4B42FDC4
C:\Windows\INF\mdmtdkj6.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2878 "Signature", at 0x68 WinDirPath, LanguageID 809	B0F68087F3CB31160CD49465B33A1D92	66DC2DA768FE572D2BE8637E46DEEAD31CDAE615	FD1629010B8695B1888A1CB4625C5DA133B5859C65A23D43C4894C10DBC9FAB0
C:\Windows\INF\mdmtdkj7.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2668 "Provider", at 0x68 WinDirPath, LanguageID 809	14C8DD280151C9FF4C392B88B443FB1B	BDFCE9D13E9B08CC83006ADF6B1C773EEA11235A	E8254155065FE1F5592EA1C5BAF2BCA8742E418684F91DD39DF3AE98787FB6C4
C:\Windows\INF\mdmtexas.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2148 "Signature", at 0x68 WinDirPath, LanguageID 809	AA034E4EE333EC458F89C91F4F2D7A4E	647BD8AB39C1BB3D05DB90B258683A99325A8406	995D6E69BA4DBED95D8D1C20B85D4EFAC69FD594F0C73B29A61C0B4735C8875D
C:\Windows\INF\mdmti.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6300 "Signature", at 0x68 WinDirPath, LanguageID 809	AA896351F55BA4D33AAF9C32FC534994	B169D422C7BC9083874741513AE3AC82A8E23F26	F3467485CD2CED81F3EEB8ABE7A163693731C3C3858DBB636FC65708D71B783F
C:\Windows\INF\mdmtkr.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5220 "Signature", at 0x68 WinDirPath, LanguageID 809	70F20BFF69BC22D09A13A0034074DEC0	37662E1C7FF31FB6510D15171A69976B686C9CAC	7F968FED8E913790FBBA6643897A052D24E5ABF4783F349D3EAD75CF6EBE29C2
C:\Windows\INF\mdmtron.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3368 "Signature", at 0x68 WinDirPath, LanguageID 809	3D536B0B1D663B967C12458D3911E984	64CDA06BA4F922BBC1676B9478D26BAD932EBF78	BF2E6A98E573FA8746F697F0CE7AA06DBB248D1B18F9AD45E77404C7499C970E
C:\Windows\INF\mdmusrf.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b00 "Signature", at 0x68 WinDirPath, LanguageID 809	762E4DAFB8E24F9C6AEDACA86FEAB030	05A48DD5A6D08B4E92A7153128BEED23318E0A61	7E96870E9B6ADE30715A45295BBC9DA022848F254D0BB20AEFF25C29ADFDEAE0
C:\Windows\INF\mdmusrg.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x39f8 "Signature", at 0x68 WinDirPath, LanguageID 809	ECEA5346207B21516786B7F4551A93A9	A73E0959946F980DA642FDC6730C361CDA61DC22	702726059A2FC9367B9313B1BEB475BD34E11452190E567DBA98E5A92C2A70B4
C:\Windows\INF\mdmusrgl.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7530 "Signature", at 0x68 WinDirPath, LanguageID 809	3DD6FC0FAA6828BF6E4471831D8FA4CD	26D5F184C41728238CD830779152AD69DAF35789	8E53EDEB954BFAAD10FEBA27397619075900034F569656B8453906534EE03ED4
C:\Windows\INF\mdmusrk1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9ea8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	049B5F45761F54F74B3199725D767EB5	E4B7F0021EA0D88B43BDB63D87CA24314D70900B	D7AF600633542AEF21D5D34026E41679B415C4EC15C2E3A8F06B267067154223
C:\Windows\INF\mdmusrsp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x19a0 "Signature", at 0x68 WinDirPath, LanguageID 809	51A05F62E6D670C1F4990B90534AFDA1	9C2045458AEBC3B83509D51763E29EC9A2D45B99	1D7E60452638DC09C625D9B982F697A4C5F8BD1AC06A110AD12618DBD152C4DB
C:\Windows\INF\mdmvdot.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x17f8 "Signature", at 0x68 WinDirPath, LanguageID 809	ADB54AA75422A7AB4CFDB74891D69E7F	28ADEF600E47BAA7AAC18F6640D839E1F87C75D8	FB72C3B4EE75097F024ABCAE053B7BEDC4228A7029AF8D343CCEB9C262CBDFC3
C:\Windows\INF\mdmvv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3d68 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	373FC3F8429A37C2A474A2C575FDAE69	58B75DD1A32F62CA0A267E93AE2FEED6B72A0E38	8C3D89264BD74BA95BDC48600792C61AA3E4417E7C7E7EAF1C98C16CC624620B
C:\Windows\INF\mdmwhql0.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12670 "Signature", at 0x68 WinDirPath, LanguageID 809	9D9BE86121873AF88C85E13ABAE78869	BAB98B2AB18AD9BE689C7CC503C2741A5289131B	8624BD6F37FBFC9C3DCAC3BFFB9155E9668107F25A34B0F6A9D490467316B7BA
C:\Windows\INF\mdmx5560.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xa8a8 "Signature", at 0x68 WinDirPath, LanguageID 809	5EA54B2E56C19819024F2A526E338ABC	049694AF035600F847D0A2E3A54E5411DEE6CD20	843FE465FD45942D00150B8458C54271E79B948FE37376C0D31F6803CDC4BC23
C:\Windows\INF\mdmzoom.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe990 "Signature", at 0x68 WinDirPath, LanguageID 809	A15E491EF234C5AAB864774374C45353	1A398B19E5485DB28AD8FBC416A71698B15FFF5F	206B0A8D7217243D0F5B37F52C5CB768A19612F563DA36130397EE1909BA7E9A
C:\Windows\INF\mdmzyp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x90c0 "Signature", at 0x68 WinDirPath, LanguageID 809	E7E32679EFFD90B9364AB267A2F927EB	CBB47692D677CBA691C192FAC51444F6430AF282	E39EE43902F7BB33BF737742BA045BBE2B2BC9B11B49F5358449DD4DC3D9ECA9
C:\Windows\INF\mdmzyxel.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf8c8 "Signature", at 0x68 WinDirPath, LanguageID 809	3D090D3B4E209108D3C94127F2FDE2F4	F742DADA5984B4FB87108B162A4E2259C050C989	7973B8A48C3C8C070570FFDDB637FD283FA28DCE91FD79D135A4A436547E5A47
C:\Windows\INF\mdmzyxlg.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11878 "Signature", at 0x68 WinDirPath, LanguageID 809	46ADF78E3D38618F77910BD525943590	25431C909220FF0D5D3CE5840999EFCEFCE751F4	3EFF4004B738DED0F8E7E1A8ACC2D323A4F339E8368AD802F958FF2C2E29DDD3
C:\Windows\INF\megasas.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x26f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	64435340985A428017C100763308968E	FCF105E70BADD26BA43C492CFD605F76DF417567	0BB71467B658C2018C0F2617AA802B8AE522D5A460C29C2EF9E453420347F0EA
C:\Windows\INF\megasas2i.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2148 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BADDE4D45A698F72FA0646209FC5E831	DFF23094C5D018BA591ABBA2BAA315A0B8CD5242	8B06212DB80A348E08F2A66B5ABFA7568079DC2BFE5DC2EFC28507EE79EE1B7E
C:\Windows\INF\megasas35i.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3720 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	90EDC87D3765EC0ECA50F21D0DFD662C	A54ECCD5C9C22E275B467139B9290CCAF0140A7C	789FE47F823271B6F5ABE2CE435F7E4C3D24FE645C86E70AAFF69FB7B949B956
C:\Windows\INF\megasr.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x438c0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5D3ED117F37D2D886EE4EEC9A68A3B99	F59F281C1A5112B5ED34D197AADA84AC638AD94E	8A222A18AB15FD961064C40B8F7890E281CDAF70A36186F84256F33798B32145
C:\Windows\INF\mf.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1288 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E0EA57D5B07C397907A8F21314DAC650	312078BEBD66A57D5F8D6FDD5695ED47B7BA7F56	D22C41F3C31E3A1A83A64031B85323D1FD4F5E32DE6AE8B77E07AB862AF4C703
C:\Windows\INF\mgtdyn.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1c70 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	269C582A743B2A90F2937F212ADE6A45	343B7578DD7E2109CBE26282D5729673511DC6A0	8185B2E651BA21AF8146C1F8F1DB08DAFAA6266365C81656C7B93E9D05FF3291
C:\Windows\INF\microsoft_bluetooth_a2dp_snk.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf60 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	656D0383A703EDF747384DF4A45DD2DB	69E6E308272EFDFFA90625A9863B6DA5EE6E8E3B	C545604A3690C2FC361B1D3FC7948F5D4C399DC7398C1DECF6D97FC1E78E2B59
C:\Windows\INF\microsoft_bluetooth_a2dp_src.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf80 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9A5B395DCCCB9FB9767F71F8041F07E2	F71AB3B326B58C4F6C641F6FFCB0D0FF77F103D1	6185EBE09C53BB2F55FD68A175CFECDEAF21908DA8BEE8C4256021021E4C3984
C:\Windows\INF\microsoft_bluetooth_hfp_ag.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	60A6D91D07A945F886FB934D0F8A03E3	347BF0C6114182B1E946BA0B293392C936D7C907	37D83DDEA1C5D6E794E4264DBDF737A676D3F9AF03B9BDF533B2A25EC2FEB535
C:\Windows\INF\microsoft_bluetooth_hfp_hf.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1088 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D11282AB5DB5A95D417BE60ACA7091BD	40302AD864BE587426D8264C2E4CCDFFB30979EB	D11D14D7ED763F9D264F098D87F22565AA00ABC94F6931E33B43CA3AD186F59C
C:\Windows\INF\miradisp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x21b8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C8F9719845A1C46810864FFFB77E2BE8	4C67F9782562D4967BD886B18C053857A2784757	656914E8EBF65E108D901EF8AE115FC396F1A09447D8576C03F9546624A32183
C:\Windows\INF\modemcsa.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x29a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4DEA3188A1A899771295A312B05C445E	751E1C3144A36301C8865570F272CAA0C719413C	BABCDE638249871E54E44FA9C2D16DA7741A2CE51744D70CD65278488C07050A
C:\Windows\INF\mrvlpcie8897.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3080 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E2C6849D0C81A6F24339176A85C8636A	F38BDF085524A8A30C4E291CC86DABEF11D9F2D8	7AAFB25E16D5D20E68DD6498516AE32DD2EACB0A2FD675BD60B772D43067D4B1
C:\Windows\INF\msclmd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1188 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	44B8DC557C89F03F13FD58F69CB0E9E4	36B7FEB2C0C5DB6DA35443F87546FAC264BF354F	284759F7124895CF8A3BD25F44084D593DA7E68F409AE799351438A07E521465
C:\Windows\INF\msdri.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1390 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2BB2B1C24EC0AC8D1054E317090C9F4F	C587181D40B99D0525D048F2EB0535DC0F041C37	25AA319E525E8F50E0F687DB297C8A71061816B3DF64D469B9A8D19291770BDB
C:\Windows\INF\msdv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7378 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BDC8D983CD5DC299F7078ED4A0129F70	9BA4EC9D417B24E41093A304BFE8B6F784347864	43BCD16141D3AA154136E3F4012F3DD9665839DA50AA8E5E23EA26B7BDB3F43F
C:\Windows\INF\mstape.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x49e8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D6080426AA3953FFE7CE9F21591C1FBF	E2BBEA256BB1E518BCD216B38563BFBAB3DC2620	63909AC8564C93E2DCC7125D868980B2B33794AFD97E0EC0418D61A5898DDA55
C:\Windows\INF\msux64w10.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4900 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	09D670ABFAE247784372E78D10A036E8	F9713604F0A80714AA515CBD182309FF33BC4BCF	D331E3D057FE7A367B9CAC8EC9F9EBB31F91CB31AD3E045FB40CCCFE26116BDA
C:\Windows\INF\multiprt.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xdb0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A4DE2DD3D533996A6C66B40183C40A2A	9052C191AC900CF44E76C3D467D2D420F5BC50F6	7BADDE6A9B91208973EE540CF2AFAA583C90FFCCF891595CD0AE5FAAC7E9048C
C:\Windows\INF\mvumis.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2348 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C288051A1C89EC8D5B0CC7F0470F2BC4	A6EC0314DC146FEB925E43D6B31B7E13F0E8BD07	DD5F4F21A35B890F3EB4C337A62F2CFC5D9500E6248AC9E966732AA906E87603
C:\Windows\INF\mwlu97w8x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2a98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BF4C83EF5DEC6E2C880884CFEF6A9F9C	CFFB2298888F3FF741FF77B979A4DECC6A160214	A1B454951A038F4114591FDF7B5922A157D821F704321D3B91FBF45BFE36602F
C:\Windows\INF\ndiscap.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1130 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	ACE6791D4D507FDB0A9228CCEC4A1538	C89216218F01D6F0E61B6910A7DCAAD640E1A91C	E9084A68A8AACD76EE5997A5A3378C34C5FEB82FCC1E0B506B33EF8B107FA0E4
C:\Windows\INF\ndisimplatform.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1088 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C36C67E566448DF46F4674102A2AB5CF	4428849C3BE4DC70CD46D80C34E9341727AF3A04	082F3AC8C3A2AB6ABD060366670E80D4DF29F6D93A58B2271273DA9127DD0014
C:\Windows\INF\ndisimplatformmp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x32f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3A5459FD53B17F82888471FFBF4F8580	25246E37401E71D3AF850AF9CD4C4E7CD0DD9A09	4175A10206936AFE32B5A4D705ED28D758EF55B98CE4745F6DAD960EAF1D3C33
C:\Windows\INF\ndisuio.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf08 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B91A2A2295EBF26AE81CE8BAFA9CABE0	EE3914D2C34C7449644334B59E52944A4705DBE5	6F85F5135717F834831B20E96EB036E3198F614DC29CED4B409F15F60B79567A
C:\Windows\INF\net1yx64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5520 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	63348868F8FD102AE7903C0C0B5031B8	E02A3E1892B5D1B80A2125919E20C73F601478F9	E05C65032F4D4D83EC2C9B262306D0FD985406C7F146E37C53FE55C4CB33ECFE
C:\Windows\INF\net44amd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x59d8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3A95A5FFB3BFCF82F8C1E8DBF9614056	45AE42BE766D2CE4E1651B41BBBE5C2809FAF535	85EDB01D70E0A693716F782E1AC0337D45970AA3A4889EEFBFF5330F4C623103
C:\Windows\INF\net7400-x64-n650.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5bc0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	763DBDD7F915667DE3D7060F8D4E787E	3DC5676D3466AEFFDA088E4238A9FBD0270C3EE7	07EB9E89BF9CBDE8EC48C1FFE6925885F9FF81BF5240C2553AABD4BF48BAED3F
C:\Windows\INF\net7500-x64-n650f.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x47c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A582A12E38AC9EF5C63222820659AE4C	E3E7FC39154ADC91E2883CE92633CD3A19796454	3A44FF3E616306B1A63CDC915BDA8EF777D76BE57515C98B7FAAA333CC531DD5
C:\Windows\INF\net7800-x64-n650f.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6198 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6E91DA90F25818B4A70E03D21CCA41F0	3F70E998D1D16EB9FC1B964130E79B4E2FB4E703	E5A56D1E5028F125D3B3FA8064765E5D464F3D29039EBF377CDFDE75B7748BFF
C:\Windows\INF\net8185.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2890 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DDD57004DA34909D4FF5DCD5263AC14A	E6D4EAF6568B831F397061C8D577650DF3DD09D4	C7C8EEEF379DB7FBF86CAEEBB9328EC4D75E9F9B10DB8FE024A652B672BF6A0B
C:\Windows\INF\net8187bv64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3290 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A95146D28E31A7629FD873FFD9712B35	3837819C091088DD9AB5E3F4730D80E3F2B144F6	855530318E8FC5C8EDE335135AC88E4D5384B370C5EC3836B56A0C7AD978FA34
C:\Windows\INF\net8187se64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4058 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	96B0B5FEF0A84A932BA34786A9CBC45B	718674417EFED39DDC27D18FB63B34205D32580A	F3A0D9775D6E13551CC3BACDA35AAF5AE07A7B1804E82DB074B2D9DC5F7492A4
C:\Windows\INF\net8192se64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8f88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3DA5518A5053B49ED12FDE96D3E9DD5B	2ADF34743D53F1C912F7EBF11EC334B02F883D7A	03B82278C2E1592FEFDD470613008AF548AF90D0D646A7ECC60CD4752B37A980
C:\Windows\INF\net8192su64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xbc10 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B98416A10885C52DDC52904902F37B8A	59ABE54D5AE951A9A3728F428F1EA203FC578CA3	557090CAD7664C0A8F30EB774E80D339A3BB687095D035A52C19EAD0BCE2BA45
C:\Windows\INF\net819xp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5900 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A6DFACC7FAB987C793946B585B2A8B85	E441D88B58D259E013E4E3B041E8719203D8ED6E	5AC9E0F77A5924994E2DFEBC251CD76399D2000ADB5925F346280EDF84A0D0FA
C:\Windows\INF\net9500-x64-n650f.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5f48 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0A016C23183CC1E17A40D434AA8E7053	4E3209967A1A95385857845284299F644521596D	A3BC3CC14A764397E296135AAAA87A4F3C9E006CBA711722C68A0E000D333EE7
C:\Windows\INF\netathr10x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x16aa8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3B045B7824A8CA5E0F24E3EDAF027D68	A5D5854ECC58F3F2787AD449405EC1EDC32A1113	583940169C4221E3B3DC00E590D682717CAE3C971D39C693F306AEF793A9B721
C:\Windows\INF\netathrx.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2e6e8 "Signature", at 0x68 WinDirPath, LanguageID 809	AFDC36F4EBCEDEE03CB72E3217244126	B19BBCB59F7789361EF774D1CBA41E8B04F09C76	D7E485843917CCCAB98DAE8ECC302973A5F77AE307EC6D230CD0421B42902489
C:\Windows\INF\netax88179_178a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4470 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2F21A6261C83A902C3127E82DF2A17B3	54479641687462EA1D6E42D874399499DE286959	7C20778EF6C8E6D0742344A2838FDA8A70EC692F53E83E38C911B2A522F17472
C:\Windows\INF\netax88772.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4358 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F5390F36403ED0C449C191651AA2C337	5CF356C4047B07ABF41F2AC053A236A92FBE1CBE	B7446C265BA7D0CEDBB21343EC8419AEF96C0747F0000F921DCD159CEF737DFF
C:\Windows\INF\netbc63a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc618 "Signature", at 0x68 WinDirPath, LanguageID 809	A4C1DDFE3BB6E9947C274C665B520FC1	459754153A9834F7ED5723D38AC0F2C724E46546	F35C29992C3AF0414EA43D1CC57C6D34D580B625F768979E2EFAFB046A208775
C:\Windows\INF\netbc64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6e50 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C765FCE767AD652F3433E73BDE467A66	B3BADF06434E528B4D2BD2953C2AA649A02971E0	3B40AEADD638C05BD070D3A4DB6DA4C22B7D3BC45E1099C152A2A9A80D01D0C3
C:\Windows\INF\netbrdg.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1058 "Signature", at 0x68 WinDirPath, LanguageID 809	042511CBD4696DA08BE2D55377A7E59D	7B12D6A90BAF3E90EC72BC3D0CCBDC8AEA1A6A96	C796FF9567CA9A8738780873661E8A130C2E67899AB5880A489978A491A773F4
C:\Windows\INF\netbxnda.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x27528 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	44D5B9C02F9B2B5310CF38F1D007789E	B94E97B0F2AF3D37BC3304EC99ABE9A0DCA50362	D1F83711A7BBB4A58FEE7F3B63672578FC451178A39E6A40117B6D07DB1D3E8A
C:\Windows\INF\nete1e3e.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9120 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1F593ABD2F15EA882DFEB52A02F56F87	38CB7FA5DC2421E52C1F93E2E58B73717A998846	B709225F83B9721A8A23B7EAA8E1177D6BD656A91F29882549396F06BE46FDA4
C:\Windows\INF\nete1g3e.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xab88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7335F647DDBE6C0FB6ADEB4AEFC76F32	0F4350FD288052AFD300F03F929E100A488E1A52	5F6E146B0EB146C926C074165F00889188C53BD8B13A7FDE2A65671CCB2DCBD3
C:\Windows\INF\netefe3e.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd820 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7E84E7DB9F2C9BEDA6443D4854530409	0862B4BD272E518C46803E0332DF25DD88922DBE	5E5F2AF6939264088D72AAEC152A9FDA345E5D169E4B3EF2227F5DF720C91362
C:\Windows\INF\netelx.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5dfe0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3989CB9E8D6FDF16F628ED701E995F6F	1C2EBB6C3C15DB9C284758529D535920D51A0B47	4FCA0E285F8DC7CAADC84BFF5C895846C56C2E49E2188CBA01B2D031F51797DE
C:\Windows\INF\netg664.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4988 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	60ED311C32F1240540E38A51093E994F	F1E959956347BCD40541D2C44473761884C44413	70CAC4089E5FCD3DD3503F052923D5E362B146F58057EB8EF8831BACA72F9B77
C:\Windows\INF\netimm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1028 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	751041CA005306D938BBC96E3F8D1DE4	5FA35169E3B3F4FD96DD8CD6AEE8CB44C96DFABD	62EC697D4DFB84671BC0E717EDE7FC328E817F297170B6E5F30FB42F3239BB64
C:\Windows\INF\netip6.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1718 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E7853C9CC8DA79CFD26084BF7049545F	267DE91D04B8F293D9BB88DF396F5891EFD81342	5407EF396DA6F5F1FED4578B844BA08799C049C75BD80F47847F54B46D6BFB6A
C:\Windows\INF\netirda.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x25e8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	82E4283A38D65EF737EC058C308BA0AA	7AA306189C14948A49D26282DBF80B50BFE2C186	5DBD6D7FFF3871CAB6C693EEE5DC5213A29CE338487A6C1AE2D4C37B5864419D
C:\Windows\INF\netjme.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x47c0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D660EE2D3CCAA9F7FB82B0BE3472D524	C4CC3597FAE828761D0ED8033BF1EAB3A825966E	53638292517B0678F2FF538B3FF582F320F70D3131586F78EB07B965F2EAF1BE
C:\Windows\INF\netk57a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc088 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6515689051FEDDFA77E717494413802A	3C75E92A5CBC4A5525BB55A384C115712E852C08	97833ED6AA044043953CD198924D2C7D806EAC994B0589B60A67DBF0639D4FFD
C:\Windows\INF\netl160a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2e78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F4E3A3121CF098A695813AFEA200010B	F3275041DC5A9973C92973B423F891D20D061814	CA404D66293A23A49B7B2F9C4B571AC7D06251CEDBAF04EB320C05C4E565CD7A
C:\Windows\INF\netl1c63x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x20300 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	096851080F7F220943E78F685D232E9C	D2439826A6448F9EAB77E5E0B3BC4601CD04A74D	426A51C02137AF0741AD3F893FDF2CA8F15253CCDFE7B8A8D5F8CC4A1952285F
C:\Windows\INF\netl1e64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4e68 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	AB205954BCB8F605977AAB3BFBBF9A48	E0939B4B7F48E397F8DEC43556089449FEFBB839	62484EED3A4F7D63E9499E1D5E15FA9487FFF4A05F6E1A30F08D2FD1F669AC54
C:\Windows\INF\netl260a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x27e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2AC3D133ED97D1F9F031BAFB99542978	E4EA82DAE5E1F4E26E36184658E71ACD3CBA70AB	6F335EAB84AD589EA2C4FCCC55F40A133ECA4892DDC26BD19BC2FA6F5EE1F770
C:\Windows\INF\netlldp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfc0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1775631FE74B3DC8E03DCDCDC585324E	9C8957609B8C36662925DAAC13C1F953710B8985	3183A3EEA0B069A888B191564A9A22777E677D6F883805F88ECA56A2789ABD0D
C:\Windows\INF\netloop.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1950 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	127801C0D2A461E04BFAA089BCF7CE7C	36A34AB61AFC6304DA9C175CBE100225CE740F2F	70AD7B3378E3A1BBBF051001A061B8D911119BB0C65FD715BFBEB0323400E06F
C:\Windows\INF\netmlx4eth63.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc290 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6914B3E7E7180551C0EDAFD3F088EA3D	F6A83323A16557C3DF8B0DBE34F36B28A7C49FB0	8C774714B20F3C818ED5E96D0D91FB720B4133D21FCFE2117AAAF885B46D8B07
C:\Windows\INF\netmlx5.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10f90 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1C3DC387915CB0BB410C38BC351D0DCD	D930273D6E5A751F681393F12F45ADA59BABDE67	D557E48F4DB28D9DCE3DAED0913202A47EF8423159FA0BD214306496514D319B
C:\Windows\INF\netmscli.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	ADBC552DB42FB6591FA8051D8D7DE119	1AA1E598BBC5B91C6CD87B1F9CE1339F92344347	A50DEA5818BA6DD1801187B02271EB66DF87B16DCDF4CAF320D078D88623CAAB
C:\Windows\INF\netmyk64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x20c40 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	EE8806DAD59808B121F8947942B32AFE	313C098EBB07D7ABA45CDDC5A234AC15E1BB39B7	89A0A01EB114FA3F33D13E0031D71B595F9CABE0A1E3D90B0BE7CFF5BC8E90B5
C:\Windows\INF\netnb.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf50 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	EFC30A3169914D1F7BD7F8651D50F125	774D92AA0014F79D8A0E9C1EF486FE48290C078F	E9288AEC068860E4DEC0F4E75D5256815C4D2B6E892936975806BF211496E7BB
C:\Windows\INF\netnvm64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6ac8 "Class", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3B8D14CEDEA8F03D21464A91E4BA85C2	B09B4E2BD8A27C37001A5B4CF44EFED74303A3B2	A67E1E70907C36ACD039C0570E1363B340F0BD2F54E4785E8F53C43D9B2E118F
C:\Windows\INF\netnvma.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4bf8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C46DCA50323487C7C80B3D2A258823BC	4C6B11F32BCD9DF6A3060B7470790E9743AD3156	7558E80D68B279F882E5FE9E2750CB9A8C74235E69BF53F4E4AAC1DF428F8FEC
C:\Windows\INF\netnwifi.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1160 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FA3EE9B0EAFE05251864C1AE56485CD1	E97FB05B4110B8AA4B46A7B104A8DAC10BC83094	535482EE4AC3D17E647892322A7A3AC988A519F3BD3EEAFB25B5F9115BAC9474
C:\Windows\INF\netpacer.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1528 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1C7BC8E483F839B6EE6C4CB6F1E9AC05	1207A8C50E44729D19BC408E2409F9BD057919DD	8599403C1F1C5F3B4907896590E88FE90E5E76008E0677A9E717506F62A356B0
C:\Windows\INF\netpgm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1ff0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BE07363394B759AA9531537A79CD6B25	7116F2FF9566AC60EC97BAAC2D6D99210AB45F97	C0BAD4F7BE55280B8B2C9AC32C8F01A0A163E4EC83EFD10AE83AB2653DA301DE
C:\Windows\INF\netr28ux.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x28fb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2E2E8E77F0F87E63DF57B68229505119	503759516A477C6B4072BC7981ADECBA86A31B93	13394E300CE764B8A0C7E253A0B7F13AB8476153AF95BD1940D8D26FC0FECEDF
C:\Windows\INF\netr28x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1d828 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FDFE824EE12FA95D74D86274B97CFC0F	271E8096C25188664A28462D6BD113C74E6267BA	275CAC15515EA8E18C837AB879D078824A7088B376790C11E5B995E2D89573E8
C:\Windows\INF\netr7364.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xa820 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8486F73E01005E08BCF5F8C44783B8B0	B3DA75787AE1DAD0251110665F8739F8AC60A0F5	A66B33D6104CA6D82FC2853BDD06A7B953E24743C711CE38074E2ADAD7B026E3
C:\Windows\INF\netrass.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	98C44F5B6360329BCA22398A4A0C4429	8F7943073FCA23797014C595F7E8D388691B5526	FD25C4416AB0A551838F71EEA66ED9DB1037A6F812E57B23AE22B9B97ADF4EC7
C:\Windows\INF\netrast.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1cf8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	89012A627797B461CE937A423B94F276	094EBF0586919F384D3C286A1DBEA89D0B5D5565	01861998CF481B70E2241282648FBBE5DB1B652B34B1B7F6933CA705BE8AD6B2
C:\Windows\INF\netrndis.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A7956FF3990E6DEEDADC9CFD1136D10A	4A8E5960F8A4622DD05AC6A69C16FBAA37596FD6	92E83DBC417AD0D9985E2CFE85F4333A67F46D49FA033B73F57212D5231E3B92
C:\Windows\INF\netrtl64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x76a8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BA8D85EC3249551632C519F040B31A3C	02D146926D3934D4E2EFCDE69AE76BC53FD03491	2E657D539D0B5B42686ED8B48F1D03B5648ABFFC6D107BA9A09CA920ED7D8F56
C:\Windows\INF\netrtwlane.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc8b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1C4B87FD7E4A4443863D81D44A4E2695	999F9FCE805E712B137409496C5277350CAE61CA	85DB3BC594B55B61CFD3988D0D79706CE11D31D6AFCCB2CBE8FA34F82E13ACAA
C:\Windows\INF\netrtwlane01.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xeff0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4C73E0B7A81B35DD4324D2D02490F51B	D391E1CB6DBFE021E05C145D73B562459AA3460F	68360EC7A9012DA18251E0500E7AB527017978A74E37EE32B91EB5725575F11D
C:\Windows\INF\netrtwlane_13.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc078 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	78BB7FF58944D06DB7207A5784DAD66F	054039832CDAA7E7F52FEEF0277DA6CC9A7FA850	472332E4AEEFFB10D5A48CFEFF5F2E36AA86DCBD190B33BDCFC76D40CC919FDD
C:\Windows\INF\netrtwlans.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7668 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8BA80A9F70042C250B9DEEE842134524	9F1B73C9A18B6BE20466BEB239259C0E77FCBDDC	17ADCC184D71498E399A4B369C23B0C4729881C3EE62D58721119753C38ECE06
C:\Windows\INF\netrtwlanu.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1cab8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	011464A7B67A2DFE8D2424C33660F366	967FD36657235986FFEF17FC749B8FA6604662D0	9D1093612041293B7783BAC9D7DBEA4CE394945BE0C50FB5A65CFAF7AB145900
C:\Windows\INF\netserv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfe8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C3A652C8A4AA5DCADB6EE324054386BF	0FB7096AA6946685095B2433BC4998D662B6CD77	C3D8A15E3DCCE4F943A72A8617CF8FE457AD45A97B6CF533BD16ECDF0584FBD0
C:\Windows\INF\nett4x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x69b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F179DA2A71E52B3C4BF8EB10D4803619	E6D4623DD84AA9ADCEE06B2C40A81810231EA644	C8018AD6FA58EF5877C2E768D47BB018C630935B39478FB17DBC725F49CB925C
C:\Windows\INF\nettcpip.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1e48 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F140A8C713893460A18183B2D9AB2ED8	E3B1790FEC50385BD5B0455277FC13796E5309CD	D5966015A0F012BB18C867A01DA2559EFDE4F4A36464E026AEEEBF920651C91C
C:\Windows\INF\netv1x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x36d0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	07A300799C40B33E09D9CA7365566781	00285181620A736291B518B167A09E1813318E43	735D2D0FE4A22816500A5CB982D3754E29D22A7E2F0D3010C700EF099157A4AF
C:\Windows\INF\netvchannel.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	56CA4126C3FC85CB809EF796F0E23493	DC16EEB5481FC917126ED5C99947E97D85B074A9	0B5627A01DF6525D5995AA9DD04316752F239CD7B33FCF9E07E98317D799BBEE
C:\Windows\INF\netvf63a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe6f0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	80CBA9A77FC936CE73AB2DC69C717E68	5A6350D78447C6BBF5DB8A2A6DCBE2F6ED1CCF25	84102B4D9CCA9586992562453952BF7436B5AB0A6DB59B0049C4A82CA6AA6C42
C:\Windows\INF\netvg63a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3bf8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	CB5BD304B0C0392078972D1C8683499B	BD614ED06D9C0ADD51B2E76ACFCEA064275E4D8F	9E7E2F51F0512BFB6DE868080B62E750EA3600D5A60C548B715F515ACAAA9BCC
C:\Windows\INF\netvwifibus.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x14f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D145D7411B9FB02E318BC1E58E1CEB65	6282C14442F5B6766E56EBAF0E1C9B5130113594	95E1E225683FB426E5A07BEC6862354DAC1FD719D88038FE7141E6742A754C61
C:\Windows\INF\netvwififlt.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1158 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5EEED7994875AAEB98B85CEB47D5FF74	7E770FDF1F8573D8A1D249DAFDC9AC773582B4C1	BC4E2FAAAA1BA1B5BAE2CEC19E7420403E97B6EA956C92F7BDBC5C09272A4F12
C:\Windows\INF\netvwifimp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1bf0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E47E776496D6F23216700766C6D2B73F	67E410D2F6DD3286FE2FFAB4D2F59F603400C423	D6C3D749615DFA8A45599F66AD4D5B36A658352DC4DE248B36C6278692C0DA75
C:\Windows\INF\netvwwanmp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0BA7750D90128790642CC4F45FC7B7A7	3929C638B0A5F9D63263F3B0505C6915BA4BB85D	CA3EDD8D6DC7E23BBA740AD6B39C9A3CEB3F0EA2A0213F5B1F9471E023DAE627
C:\Windows\INF\netwbw02.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x18dc8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	596E92224F3275ADCDBFC63C3484E13B	2A64C620BA73BAA55EF97B6CA0167A06A4B65597	70EA6FBC6E7F82C5276438ECBF954DC8AA2ADC97FD52F416973F1E47251DEFF3
C:\Windows\INF\netwew00.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x98b8 "Signature", at 0x68 WinDirPath, LanguageID 809	5A4967FF706CEA3AE50F815C78A7D854	BB4DA1A2522E0AD5726A270533AFD1454B5D7647	6B2DB8EFCA58F98AFB644C22455F1DD6235097960B768B29A8182C67EF34EE2A
C:\Windows\INF\netwew01.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf730 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A91FA038C15B46483A4F3DACF477856C	13909C10DB2431D025794CDA9A5A4A0338795986	C0D508ED7476015EEE346A61646E6E372CD5BBFB441EF5E103EA610A14D0A6E4
C:\Windows\INF\netwlv64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x29320 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	45DD31C7DB5C93C6AA62D9375015C8F9	C63E2080CA3C858E64F9F41116B20C3C31A5E834	1537B8645F71B95DA382F6C428C6A29238263C1CC5AD9BE0111E8E63B51325DE
C:\Windows\INF\netwmbclass.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1c60 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DA67B6186041AD47A4E2FC6031BA4CAB	584AFF955F0A0E77CD14E9C9DD572E99902901E2	D7EF991BEED8F86D33BD0784CD7EE8F1BC677F8D719D9335AC5ABD5290AD8504
C:\Windows\INF\netwns64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12018 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A2E447925A7F34D5E2824502A6003152	BE974E8E3DC59A1E78BE59E2474342E7E9731A79	95E7B7348B40AB3EAEB6B72DB21F07886FB02B0E5AE48A9B75172D1F16D1B6E5
C:\Windows\INF\netwsw00.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10c10 "Signature", at 0x68 WinDirPath, LanguageID 809	4B473EDD3D84B81A330AF679BD55846E	329318034E9A8D6B1936F40E6DA38B2E3E69A62E	868E135149BBA7E9E89FC1511960AD64F24157A93B9D707F34A43A53AA68CF78
C:\Windows\INF\netwtw02.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2d860 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5C3F4CAC06F5539CE2EEB33EBC9B46DA	6590A9C85451E06F61707723625B250F5551BC3D	5D9E61A8EB8C57CEACFC7D0999A06DE091FDBA3AB80543BC60806995426BB572
C:\Windows\INF\netwtw04.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x188c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	43D56DF861F1B978A459989B8E812C29	519263FB3CE56262A28C279ABCA4CF555829F9AA	625C75E60DEE21E6B4CD3C1293F79525A6AC143E2A470E971545B0037F641FB3
C:\Windows\INF\netwtw06.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12d70 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A09962E2F36D3D5833C134F86F2C4720	7630389FB435D5C5869537630B3259B1C55C519B	D6C382E2A6D77DA5C17A34A8AE942611CB3F47DC685E9FFA706E51A7BB0AF758
C:\Windows\INF\netwtw08.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b7c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	67E347E14B92507DEBAC0A2ECDEACDC9	393A6B50A1BDC424F6B1D8D7472403D4D437B2AF	4208730532380C8E943CC4AF32067ECE355BDCFBA44D51B4CCF0D0B6C22DAC5C
C:\Windows\INF\netxex64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5b28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4B8AABB5D8949DA5B28319F529879DCD	B5C5586B314A03FD9D49D4D9A6798B6449D83ABB	FEA9EBC0FA4B62E589E2212FA913D75D06A33F59AE2C13714926903727E49ED6
C:\Windows\INF\ntprint.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2038 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F1FBE842BD35281CDE1F89B01655AAB4	F35995447BCCBF7207943AA3616A77C3F5D1A46F	1B65EA800EE22CF9AA124B1D2D44BDBB0B8E1370FC847EDA31E0C260955CC5FA
C:\Windows\INF\ntprint4.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1330 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	52B040A6B2378D845BA2FE65CAAFAC50	FDDDCF0931F349BBEB8DC89966E2B4F0083A4768	E3A41F12DBCB22CB3020152684BB0F32AB1AA2C1428CD5A9AEA34AA179367E53
C:\Windows\INF\nulhpopr.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x69d0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0AA31A1716848A9E7A88F25B51C3A0A2	EEB55778221BD43362641E41377AC7BFC076B4F2	B679CFE814B335E42D2FC9A032BB77038966833667D459AF222A60572D93444D
C:\Windows\INF\nulhprs8.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	588050A2FF08F22B98998430DECE3F91	98AA21C81EEEAAC1972435CCA1A18C87AF165BBD	659445105D5EE1C6A4DD4EA68C8FBB3A94F72C7BFF1F99087A8821E370218D02
C:\Windows\INF\nvraid.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2e28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	50300BE43B4C5CFE74AEEFA54CE6F69D	415C6FD1268FF07525AD1A67DC0CD20775041E0D	7E5884AF453BDE13E4E7B7B7C2EB643A7B541D658ED73A645A58C5EFD717D5DE
C:\Windows\INF\oem0.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1158 "Signature", at 0x68 WinDirPath, LanguageID 809	67CFE07DB6CC22455751BDB919018122	D446CF5F061EBC31CDF9DBF37B5FFF4B5C947C63	F6A9E3CB6922783E63B19407AD36017D467AEC77A39399F906353A87DBE6DF55
C:\Windows\INF\oem1.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1100 "Signature", at 0x68 WinDirPath, LanguageID 809	83E7919076F68B695603B68087850F0D	CC62AC3B29FFD890EACEC17C8B4D8187B22E33BE	16EB9FD7D2DED1356EC86AFC9FDFD0DCCCBE195E1998F40F90C84402B0878D27
C:\Windows\INF\oem3.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1210 "Signature", at 0x68 WinDirPath, LanguageID 809	4044229A1A1080F0821B08C973BC50ED	3618F84ABFE6CD406449481D4B4DF998A805AE3C	18BD25330F45288B8FDDB4F1044C41E380ED028F1028B2BC603D7E065714459F
C:\Windows\INF\oem4.inf	Windows setup INFormation	FC97A101113D88276C58400BBA7AAF77	814D0C9FBDEE6B3DABA6D18389536FDE536D3B2D	20B44F3859A6FF1B7C644FC90CED4E7AB37CCF5CB50EC21D59A92906932A4842
C:\Windows\INF\oposdrv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x17e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F1DF41FCE475E3453B847FF32C787121	8AFD1C14FC8F658DE6721C76F3FFCD7A8209F7A6	0FB2C82635AA276B31ABA0500AA7E69F5D65AF4CF6F67E69F47BB292A36148EF
C:\Windows\INF\pcmcia.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf368 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	167A2FC4DC4E66FCEFB91A26349EFE37	8254B9413637918D57EB7999EBF40A01B3037072	D58078DB4D32EDC81D82BFC350E03D40E5E3C61D5276CA6DE54350D9A53A90E2
C:\Windows\INF\percsas2i.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4ae8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C5DA391189FE45BC78F14BBB7EBE7462	850DC2FAB1EBAF4DDAC12C901A36240FC1F5237E	82C2D02BFB1A30C14E1C95CEAAF3E7F0DBF4C972E873318A849CD62713E80DBF
C:\Windows\INF\percsas3i.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3088 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7A39A9E1E774AD0D419C2A5CD1579A3D	FF518DB792B5604C76C7FA3E4D309DA5216E6A10	4B58DC948299DA4F7AEE7EB027ED0F9CCF85680B37C624C3DD8756F458E32794
C:\Windows\INF\pnpxinternetgatewaydevices.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12f0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3E7DA33268C8EC2D960AF4D0A18B4FF2	E2E490818F558607730F431DCE284B91B47A2338	9F5A8578816A7C1DA58F2B49EE882A9AC542B68FF3DD258615E18BF180352C7E
C:\Windows\INF\prnge001.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1990 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	06246993BFCC7E5B213FCF35217E05DD	14C4165027BA099666089C7D32ECB8E4E738FB6E	05E25127E1C81AEC4D4637F9BB33303C22D23408DCDB0569963A3A6D904AA429
C:\Windows\INF\prnms002.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1370 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BB33345728E00866CCBA8E3E2F5EC118	5424A8D0AD9C7D7CBBC2CEC5F423CB14C97B4627	0A29CA2F02E5F16BDCFB4ABCA2B68E9D01391415FAB80CD75BFE22CC19ABB6EF
C:\Windows\INF\prnms003.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x13d0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8AF4067C40CE52A4F074B65C392F7BBE	0F92B9D5D19CB58FB4A6DA73AD4C861013E7BBAD	0E0B71B04D51D68729F2984D0F218478245D962FACF63D3F0CF663C386E48C01
C:\Windows\INF\prnms004.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11f0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C44C62E4283282711F60FE1B34DECA25	E126EA73A53B04D6F60F32AEEA9896565F7C7CC1	8128E474C0D395ADB194D4F6DF634F94C9F60C822D7EE8734803FB0721632ABC
C:\Windows\INF\prnms005.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1948 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C54450AFC23AD64E5BA0C5DFCC0A4FB0	12F249BE006D6E45831D1D4D34741A05108EFE2B	E7A1DE16E99DE5DF0290C001D868495C47A1FE4F1B32A84EBF9F5E4EBB39C30E
C:\Windows\INF\prnms007.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1690 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FE83C191434155267C9C18BFB72201CF	8A4D0B415B00C0A92784845EE84EAD5C84487A37	BC7B6A7A90E422E7657B5D7C29E9099512443E41578CB9D8E3457CFDA7F58EC1
C:\Windows\INF\prnms008.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11e8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	322CE9F018288BF2DDF556C83DDFC021	CB7BF0427C0A4DE95594ADE597FC658BB5CD989B	BD7CC83D30604DE9A9263E7EDE8D5590B01FCEE248EF615D335C06CF8524C16A
C:\Windows\INF\prnms010.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1298 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	35FDBC3212DCA9C3DC1219D90E1BEC47	3992E0AE3B16123820780440585BFB3935A28BDA	DCD1D3ECBF7E7F82417BF69EE057978DDD403715619C6755CFEEE85062E9F021
C:\Windows\INF\prnms011.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1220 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3868E90B5CD59390B89CFDA641A58B6D	27BC2267C1AE28D598226EF970A95F3D393FF5E9	535E6126CB608CAA15129D20D09DFF0AF98CF01921E52325677217385ACA1178
C:\Windows\INF\prnms012.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	66248AE565B2D22D24660C9044EC584D	9B59B6CB2E40237FBE4F01CAE3266AA21A703C0C	5AAF89967493D97A641670A44FEFAEBBBDF7D466B28D56FCFB3479C6D0755F13
C:\Windows\INF\prnms013.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1028 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	ADE757605BDC26514FDFCFD72CC08625	FE080D20760BC3B2A265F87718D542555DE0EF37	ED28FA528AEDD8FDEA203A4B071271687DA2936E756512A3196AE21EE6A14CFB
C:\Windows\INF\prnms014.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1250 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9F5B8924B8F51657617C75CF101766F1	7BC08DE1806A7F56E7225248457008BDF770712E	5C969542C8A577CD1C0E1E5725121155EE79DF8A09A1A62DB51B7E9C72DF3628
C:\Windows\INF\qd3x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2760 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	69167936A43E1C058D3014BFF460EA05	DF08EB7F3AACE93A58547A573C695720E4BC18CA	F0093415EE2224B446A7E13E0231837FD037A1F19506D5D376F9F99C691CC922
C:\Windows\INF\rawsilo.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x17a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3393E89FFEDB58E94786EA732C670B0D	ED6F9104971712F524B0FE57CBDD9382B8D1946A	0F0BD22ABF8B200D358B939694C3A6F7F149F8A0ECAD0FC98A674A03CF2D9F67
C:\Windows\INF\rdcameradriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2678 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A23748D3DBAAD2D8780630D680652326	56176B75742FBAE41A8A14D1B68F56AE79883AD4	B268608CB43EA8D4A72678711733D5D42857DCFDF94017AA1DF67FA821DD89E8
C:\Windows\INF\rdlsbuscbs.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xec8 "Signature", at 0x68 WinDirPath, LanguageID 809	D7D92CA079BA015180F3423095D02868	09DD1B72E7DBF8B21D607FBE442E3FE316A01CC0	70FD42F05AEB9518048ECCB5C1BAD8FCFADD8D6E1997D2FE51E21B3B63C5F8FD
C:\Windows\INF\rdpidd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x23b0 "Signature", at 0x68 WinDirPath, LanguageID 809	208DC74D0BC17EFC5FA6BE830789E1B7	B5D77E82E2D74FD1159D6F05ED9087122475CF84	2F189D82F1810B5F3A84541CBD59EF95A705365AB379C5446F812439692F77BE
C:\Windows\INF\rdvgwddmdx11.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5620 "Signature", at 0x68 WinDirPath, LanguageID 809	CAFFF79E33EEBA714FCEDFC4BC39E0B0	EC70A92A0177F52C87A02AC85F76B9BB4E300AC1	9001A8D1A748439D4FB66135C339370B54E13620AD2EC581248BCF637D509926
C:\Windows\INF\remoteposdrv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x18f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	63666C354DC095E531F5E316121F870D	7E54544090E710CD1BAFB915CA7A4FA24D747F4D	B51C88FE9F792FB7C93D320A9A76FF7F245BCB49CE04EABA904D862778230BA8
C:\Windows\INF\rndiscmp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E20210B183DC605B32F5819EFA59C7CE	A5F617A48811E1C0289A0D8B2E9701FC9905CF67	BE9BCE2FCC826AA510BC1496C2005FCA1984B593DDE9FD5957EDD906A99640CC
C:\Windows\INF\rspndr.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xed0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E999158EFCDC3510765A339FA835828B	54D5B8D14C69A441CF136D0C47169EFD7D2A9593	6D215BF7ACEF1B5D91DF33AED2296E7661EDCF5DF0E61B825D52B143EB7F1C5C
C:\Windows\INF\rt640x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x13948 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A03DD277764BC84E5FAC6A02DE3B25DB	CB42F95CD1B2DA38F95970DF596895E868333E5C	72AD2A305E261028D10F098FFF7091834E3C60B1037E729092D94F68156FD039
C:\Windows\INF\rtux64w10.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8f48 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F5D9DCCA804254866760B2162FDC7A10	00AC175D0F97FFDA1DF2412C346EDB2FF6615923	440A1B7D21CF9B6329CD01174FD1340958D051F422968C4451A3A6FE8A05B6DF
C:\Windows\INF\rtvdevx64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1178 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	07AAC2C9F2BFA97F508B2F50E0EBFDF6	0C710232B98271FC17367CCD88AFAE3C44E7A5AE	B7C50581C64472031658092183B8CAB5D62A2A06E0DCE99A714D7CBFFAEF382E
C:\Windows\INF\rtwlanu_oldIC.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x131c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	26AF933658524DAF6601820DED3DF271	39DF546273C827785BA798DF95671A3569C5F53C	DFD77AA1E9097D278572FA1384E1C1D59F1CFCD5C265EFBC7EECCDEF01F1545B
C:\Windows\INF\scmvolume.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	201518131332E32F707C733C43206AD6	27DE141573B3B41B85118F718CC412BFD6BAB15A	9F90FA1784069E76243E3596AE17DE638D9A44D47C6D95B212930359A0DE9EA3
C:\Windows\INF\scrawpdo.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe40 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	626B6DB82235C674A1ECB48BD0391CD8	01493DA8066597B423C66916BFDB780AF9F5F61D	AA5ACA6F26062D47474EC5C3512566D0C957108F3FB9A90E7D1F43358E001B71
C:\Windows\INF\scsidev.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf310 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E981EFFA4B825F15D7D37C23B419BBCD	B471662BA5CABAEF706651E6710FE07B0C64F050	7C40F8617EE53E9E6452DFDDACE7E7CC0FA06AD38EBE9F28470A7A3D31626DE9
C:\Windows\INF\scunknown.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xee0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BD1C4B86BB3DA547637092E52C8D339B	AFF1A17C719C655FBB1B19137F61CB18FE549A37	FDA1ECFE7BC5EEDCDB3AC281B3645E47C3D524B9AC37226639F41499434F3158
C:\Windows\INF\sdbus.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7c18 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8392BC74B0DB6D2674659B02AA22E5C1	7CBDA2F98326FDF8457FF9BDB648A70BDAEB734C	6FCD27C7B3F7C6C9783B0829EF207E822756833530E6C931F11D75D892864E29
C:\Windows\INF\sensorsalsdriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2338 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	AF9375296D751E6E984271986314139C	B99B753F8D8943F2D0F9389AC4142FBCFE12233B	933F93E11EC402176FBBA57E2FEE130055EB9DE26AE417AA38C40968D2FD261C
C:\Windows\INF\sensorsservicedriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1d20 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9BE3BEEB3414F79B35BE9BDCCB9A3E59	8F2AEF9A31D807986ADCFD4E2F60690CE4F5F54D	3182D2B4D6E63759BE459BBC569CD603AABB609E88C2397E6CBB98F688373B25
C:\Windows\INF\setupapi.app.log	Generic INItialization configuration [BeginLog]	97D925CCF8B640605120FE5579D59ECA	763149FE3AA54F414658044FF0A8B10F9F45531D	056A181475E949C76986EAAD986CE792FFD8E41331CC1C16DBF34A4D78ECD0C2
C:\Windows\INF\setupapi.dev.log	Generic INItialization configuration [BeginLog]	0AC8C89A8BBBC9E6BDBD6BFC73B49CC9	865DFE0744EE9BA402C12258CBB369F5E032F7B4	E272AEB8BFD1ECBBFA9288760403E7C2BD2F2BEA55F8389F8B3AFAB56EBA2C37
C:\Windows\INF\sisraid2.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a78 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0E665A48C0E00F468687B2AB92BF1DA0	66BCA069903A513D3D11B2C64E73D48274F55095	ABF3C1AC201F90360DDE782E0FA09023513D91E02640D144962F5B0389A7EE60
C:\Windows\INF\sisraid4.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x17c0 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3503510B5F1EEE8B35621781A05F8F7E	C6942DF65568714BD2AB4E61483F669293AB3187	75978A0D1A054EAC25FF7C954CE7B491FB46AAF762C93EE0EE546BC449AC1FDB
C:\Windows\INF\smrdisk.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe00 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DCD6BA3F356FD083F976783693DBA3F3	34F99782BDFAB8DEE649B78A68125C68A70FE174	79C68344332BE096284CAC7EFA4A1208D58CD93F8A61D651273024B03F2E364D
C:\Windows\INF\smrvolume.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	90EF9EF3542601E9D32BEC723903EE46	BDCAA38A9B14968A8FA85A588BB7B1AF1013D0DC	7E537A7A42170866367F9E45F329DDD1BF01485750292C734A817E800506A603
C:\Windows\INF\stexstor.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3158 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	387C4AE605BE0D908AE9A4A79F6E277D	37C1746CC3413D0EB3E7E03D1E294D98F92E2218	1CED0CE3E183F04BE28AB717D5AAE7720BB314073EF1CC677A288E9C650934D1
C:\Windows\INF\sti.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x32d8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6C2E83BF68758A2AB5AF499397D88B86	A35BB0A5B3F86D731BDF7DB66CDBB598D3CC5EF0	FE9C164B69A1BFA19E56948334B24B80C83C9BBBF509800AAAFA66FED731D612
C:\Windows\INF\storfwupdate.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x16c0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DEE88356CE6EE1C5ACD24ABBBFC0DCC7	918934E3DBF3392386DBE2FD0E8B00013472658D	09D5014EB4D4D958E74F139FF2C049DA772F14F63F1DE5BBB0C5EB10214B1F0E
C:\Windows\INF\tape.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfd88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3C7CFB8002084F60CC0F7694B91FCEAF	81FBD0364F99DAFAF7EEEF37009591B5735406FC	91A7BE540B26800D20480250E4C3967EDBCC09C62EC92BB4538F00E86CD79A1A
C:\Windows\INF\termkbd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1550 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F98AC8F308480A7ED69CF87CADD2BEE1	439A9DD595DB485EFA927A8D9B765C7141FBCB1D	10E722142FEE64E24CBA56E450651F65291881BF87634937EE28830CEB0C9C6E
C:\Windows\INF\tpmvsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1e78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	56CF998063FA3D5C041BDDB35B57F996	2F0BD0093B54F9E9BC9227DD109BF64C6F32EBA4	2A3E929FD48AA69477DB4A02C96AF04ADFB08624033918A52CBDA40C29A3ED94
C:\Windows\INF\transfercable.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x14b8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F2127B15906899857A8AFEFC1E282D97	0A1EC70D6807652D6F95145BD7AB39D2C0322066	11090F5488B94F633E2FD5B62A3B318425F073F3B436E41DF2173A97276BDCEB
C:\Windows\INF\ts_generic.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a80 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F7A8F6AC4D63835B2E892893AC105BD4	F4D7C260D5A92DC7E8E77B513EF4672CD0660F74	FED87457C2ACFB295DBD456A98507BAE89D730C3087570897CD54F8340CD1166
C:\Windows\INF\ts_wpdmtp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2260 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A1DD29C71C0C51BDFFC68E2AFDE00201	685E9DEA1A0577FE6201BDF782C9325AFDAFA813	79415A9BBDE78A37B6E808DC4C956C189A6D22405CAC8D619C18A1C60A24AB4E
C:\Windows\INF\tsprint.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1298 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	32D4DBA39CC957A3B37C76A5953FDD5C	AC27420F9A1F894FDC6B2D7A0BA3A3B128DCA62C	128C1F82CE5E69ACBE1A73C56CAC38B8ACFEDDA30AF42076D9FC504501BA533F
C:\Windows\INF\tsusbhubfilter.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xee0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F473DB67783E286A64E203F33D2C58F3	1AECA79A266C8CFFB9A27978D8D7333BE0854937	B1CC9DEDD9743488D1BB14B9D4768344D61F82A2C7ABEF979623FD2AD64ABFF2
C:\Windows\INF\uicciso.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1F7416D3B32673C32FE09F3F2A1D7DF7	D1D6D769DBFA985380D57241F171F419733D7DC4	C2C70A47B741D13F43412290798C538F931956B8B69D6880A14E95B8B4310C14
C:\Windows\INF\uiccspb.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1658 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DDF1A4684740CEBDF70BB4340FDBFB82	05E1728C737CD82D17198A71DFD81635208CDF15	CB3995F8E6A8252D8476D516D18C4CDBEDF29F2655FEB788DF10904D2CE2E055
C:\Windows\INF\unknown.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf18 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E628D6AC7AA3757D931B10F111ADFF90	37330D9731E4E8E35157CCA5DF598BA9A1F77394	BEFF1D773F0BC8AE889F2E962B93525078665D705D902DE9E885A5B8DB8A680E
C:\Windows\INF\usbncm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a00 "Signature", at 0x68 WinDirPath, LanguageID 809	41BC2326B245F4F5D7743A3CD7D5EDAA	5D6D29C41173ADC1623B2723827E4905D814F617	DEECF42B6877B5A169214AE0732065BC00ECA0944A12E3BD5B5FD5EBA740DB28
C:\Windows\INF\usbnet.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2fa8 "Signature", at 0x68 WinDirPath, LanguageID 809	A7B66390F465337E687739CEC4A39935	F197698797EC88D5C7FCEDBD3A0206BE015B5D48	508AC3417AC0EF0698E1B6F3156DCD65B114CC475E9D53E58E41053A6210EA07
C:\Windows\INF\usbvideo.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5338 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	632B02265706CECE64B194E1A68F5660	0EC32AA943F6D4216ED0020E7469039E738B1B1B	FF7853AC864214C9BC46A3EC0913FA514BF42F33AE4E96EB6D08E4FB05B9C4B1
C:\Windows\INF\v_mscdsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a30 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	021C606D4E6B1665A4BF7D9B64312F91	4E5BEF2E7B201B223A8E56158EAD33FC1E04B8CC	C11CCBD0BC381D7BD79CA75654EA9E7BE34BABA54C1F8BD5DD35F054E24A3FC6
C:\Windows\INF\vca.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x19f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9341273272B7CEBD99BC8A4D9B8765F0	127B2BCC3B43BFDCE3A686BAF14A4B3558FF8A4C	63F17718C6DDBA1E43392B98491CB77434A94886FFCD020A6F2992EEC004B9D9
C:\Windows\INF\virtualdisplayadapter.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1328 "Signature", at 0x68 WinDirPath, LanguageID 809	F38DFB45336F46616ABFD178EDDAD7E6	AA07913E2FF1C9AEC915A392D2B7255BCBEBE312	BEAB0764119E33068E998AB1845A14FABB03A9E07CAFE1E9FA3D19A571963BAD
C:\Windows\INF\volsnap.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1008 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7592BFE36BD4F9F72FE49453BF2A34F4	1A746457AD3CDF8C42F7BA401473CC20100EC301	E9ECD86F488AB23974643C32A89683CBCEA2470635E93E35D21CBF9F7F633DC6
C:\Windows\INF\vrd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1898 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2B5A8041AC070684772C5AB28DDEB43F	D56CD1C82FC0BB8700F58E3FE975C050A9C4A5F2	99B1214F3CF8FF931B6CFA7DE02E4D2F2059BF711B63D9A92AD68C5A214E1C20
C:\Windows\INF\vsmraid.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1cc0 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0E5AEF39A5BAB6BD2EB0057F3BFD573F	C456EEA5E3BADA6F20BB1857A639279261291797	428B9E5A5A0D507A5F1B6708561589C843E4FA9DFEEE27B4D1E8CFF28E28C5F1
C:\Windows\INF\wave.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1ae8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0A7A079E6B76D03F0923EF63C4B6CF78	3659CD6EB1ABAC071183CB6B0187F5FF66D5419E	A7CD5574A139BB73D04DEB0B13007B8863EA58634D3A8BCBF12CF89404359865
C:\Windows\INF\wceisvista.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf00 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DA81DD0C34C8036788941E11EA8E8871	4491A1D1F0194A95B150B5151358CD7460B32330	7D3E68942CC30E0A7D706B966F14CAD5CAE20BB468DD952AFFBF08746248379F
C:\Windows\INF\wdmvsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	43DDDE60A9E3CF17F09FABD5EA0C805E	384EBBDFACAA7B94AEFDFD184115A818C34C8B8A	5AD0722186EFE3FF367BB374BD486D049BB68B7EDF80EA2DF3E9857078B4388C
C:\Windows\INF\wfcvsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x19e0 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	21C3023796335BB03D332582BB433143	A01E6B8D0F8A8A23C8C5CEDA682AB4C57DA43B49	A4DA4E7D7E1172784698B0207F0A3E16D4B6B218E99B5813946360FDA845EDF1
C:\Windows\INF\wfpcapture.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1338 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1FA4CBDDC1EF20A7CDF140BD1CA1C2CA	B24856B8BAD3459558D128438216302022065CD0	4F893CDA1E839FAAF241483553665AC35466E7469D688DB429B9A5FF98201346
C:\Windows\INF\whvcrash.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1308 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F26F8EBB16088B7D424E4A99247B960E	E7D67959350DB77B00F2FD27597646C3E277F239	0367855BE363EB5FA4CC2AA453DA215B1124EF6C463D3A8EA8328630DCD0008F
C:\Windows\INF\whyperkbd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x13c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	26DD0E3940E6351F4E143DB324B95B76	C0B5BC1D03D25275088E82CC5FCEE836BCCEBEC8	0966DFF74E57A56D73718FD18E339ECFFACF6E7215D921B638E65CEAA898BA7E
C:\Windows\INF\wmbclass_wmc_union.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x21c0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	05B8B3BDDB168967011BE6DA08510FD7	2CFBE54FE6D69F511322FBE311F71208EDDA5C67	70C7D739176E04DA9714013A3D41106D2521C3EB20C127549B9F096C7BE9BE98
C:\Windows\INF\wnetvsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5c08 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	AA273DDE5EDCE64EC9336A8FDE94FC9C	83A33B8CD0C6ADAC4F9387F1A567D576AB99D6DD	108275864F5C42F926800CB4D4920C7EE1FA7DA588F908CDB5EDF9CC9ECB1366
C:\Windows\INF\wnetvsc_vfpp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x14d0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A8BFDFF1267F180B9D120FF5F98DB895	D5FDC1A5FE6C422130CBDFDFB43F7E043CA68438	3FE840E7F7FC215A8861392010EC2526135B76F499565B3BD7CA6E4E88DBD5DD
C:\Windows\INF\wpdcomp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x21a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1D2FF279C01ACE3CE9B6DE1D35B3A95B	7D9BD158E0043A3A19BFF7137827572C452085A0	F59A6920D0A32920ABB72C258CB7BAA2A6292A77EC773C289ED69D38CBA15BDD
C:\Windows\INF\wpdfs.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1ac8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C39F7E6A1909A1DD9B4544C9D0A5B71D	75501EF1EF110602AFA64C751850E1A58514E9A4	1BA753871141597B75C05D4677D63B1A86FCA0B440F50B54AB4B8104E30EDFCE
C:\Windows\INF\wpdmtp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x32e8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	CD8BC000DC6E382AE383E1EC07344898	DED8FFB0DE83A190472BF9001AB271622F6A8787	6EA67182D9D2CF7A94EAD36868D323367AC5548E1FF3A8368E355B38047D1272
C:\Windows\INF\wpdmtphw.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0D8CB935957C415B37CF05CF9675C88A	12C6118B5F56F2692D7595E3303705688AB4673A	96EDCF09877C59C392D3C22569F645079F14E8A84AC78053D3B50A7B212BF413
C:\Windows\INF\ws3cap.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1520 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E2EC1C9FFFB0541F8D032DCB6244E056	C28DFF9359285020347A57E83967E65A8BF5DCDB	6B18EDD76F348B457676E612C692000C8FC41505C23E25F4FBD49C13A0091059
C:\Windows\INF\wsdprint.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1798 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	CA630302DD273E781FDF307AF389F3A4	228DD71247546B1A8AC9BDCED8EA62FA95632D41	52AB14DE9F966F10D2F4220846DA83C1FFC37319A0754841F008214ACF9AB7DE
C:\Windows\INF\wsdscdrv.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1df0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	18B1053932F8A79B84BF2CBE79F57800	F120B114C4093DAFC310224EB2A96618A8CCF571	453FDE63A83718FBF8F5711E68BB46586A8FA89C7D2F479E587230A221F46E7E
C:\Windows\INF\wstorvsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1778 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6C1D29B2A0F7B83C6E4E82B10FF61EEE	B2377882BA7965803A5646582B7B3871653BDAD4	A1936178ABCFC1D1100BC6D45E5FCF2E637DD752F9C58C9B880407FA7B38F201
C:\Windows\INF\wsynth3dvsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x16e0 "Signature", at 0x68 WinDirPath, LanguageID 809	672AF69E007119905C39F753DE00DB96	7C8504ECDECD16270BC1BA4457A92FE53B70460A	B58A1A67CDFE89E0DD2DADB0D3414A71866C06F319D0C5899A5CF83CA9975AE7
C:\Windows\INF\wudfusbcciddriver.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x32c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	41602987A5656CB9AF721AA6B54207C7	E57AECC9F5E5568FEF138ACED1C0C300ABADF011	BC261E174C156A869F9D45573BEE13A351C03EC92490274EC247F662DC67EBC4
C:\Windows\INF\wvmbushid.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1500 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	56480F87C5BB4194925437F200766F10	244671736624D2E415022BF6B8F30C7D2E5C0527	2938CC62D76785DA68BEF885A46F7E5F222C5BD36AB65C1CF93A5FF58FE01D93
C:\Windows\INF\wvmbusvideo.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F329E875580D66637DAA609351552817	EDF1C1423EDF2BE263D70089FC6EBF838B015127	4D0D28F056E4462CA04AFB6F23B7646C58D02CD7B543AD844892054EF6C338D8
C:\Windows\INF\wvmic.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x18d8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	115421A0A2083ECF78A0A821C16D3E68	DBD670BE7A134C9B9B295F47541A6D9DE1015A85	732727F400F5909FF0B163BF9F87E745CA8AA15ADBCF43B3ACA3D0C80436A259
C:\Windows\INF\wvmic_ext.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1668 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	CE0EE38A71DA4B398FF80D464D651DBA	10742CE09E1B364A3A4D309C246B4323AA953D56	A5203A5CCA070D75C68400F4792E18823442B39355BA568CA7F364994578639F
C:\Windows\INF\wvmic_guestinterface.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x13f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1CB46A62EAE7CF4ECEE2A8BD97029B60	8A5160FCFC34E7EAF4F3ACEDFEF4811B5EF52A16	05383F2B9AB725E77323C4369B6EF0CA7846968A5B4F483A8BAAA3DF3A805D55
C:\Windows\INF\wvmic_heartbeat.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1358 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1291154173FF20178B771A3BD2C1477F	D5CDCE6B9D7946860F4ABC312A5D4497B431C96D	7CFF7EE410683F08382DA3568277F33049387165D69B20B2C0E2347FD43C924C
C:\Windows\INF\wvmic_kvpexchange.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1398 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	ED2D70F5EE278BD55C8820B801D49F68	430EA1584B901027B77338763A6F14684C34C2B1	FB4231BD31A9085096AD2C9F095E82C8405316BF6AA61DFEB29E5CD84F087CE4
C:\Windows\INF\wvmic_shutdown.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1360 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E9CFEA9DB87326834AE0B0063EA7B54C	99798B3B35208FD6A482B3F3374149912C6B81AF	6BDDDCB07DDE05113DA8D25737190909FE925B86B7B5985E4FD05E1BF8058102
C:\Windows\INF\wvmic_timesync.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1378 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1E5965475E4B18757A918605B469683B	5B4B3904ED850342E4FEBD5FAD17A4A827D4964F	9DF5F16E5DAD8F05E7DE8ABA4520C6E5583A741F7A9F924C780FF484A7FA9E07
C:\Windows\INF\xboxgipsynthetic.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	A7F418746CB806F2A8B739B04EC3ED18	E8B8C64D115313BF497DA43B8F26260EAD8671AB	58E2888C3F2670D824E4879DE0C6176E22377CA6BF816A55EA852D6835E62DE7
C:\Windows\INF\xusb22.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b38 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5329AB502E9ADF5E227843A8BC274CA8	EF62409DB508FDB431B7D7757F6722B686986ADE	7B6EF98B490CFEE649D3D0DB1FB1F849DD1A67EB0E23FD29DFD69F8F83E13F47
C:\Windows\INF\ykinx64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x47d8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	EB1BCB3A3D4F911716CBF05D016E0D53	FDA6950176634533408FD52AB624AF4174A43B5D	B55FB8EFE1145A45C9C6200A108CFFE4533F886412F175798939AF086AE9E483
C:\Windows\Installer\48bce9.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: x64;1033, Number of Pages: 200, Revision Number: {EE37356D-D07C-43F6-8D20-35139031CF9B}, Title: GlobalProtect64, Author: Palo Alto Networks, Comments: GlobalProtect 64bit, Number of Words: 2, Last Saved Time/Date: Wed Sep 11 00:50:57 2024, Last Printed: Wed Sep 11 00:50:57 2024	EE67A64E6EEC29580597358A7860C706	493877CD3362A44D59EDA084B444455F755C3D29	EAA5E4FB71791A360BBABDF007F50861213EAD504C649C26482D6529D9FB50DC
C:\Windows\Installer\48bceb.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: x64;1033, Number of Pages: 200, Revision Number: {EE37356D-D07C-43F6-8D20-35139031CF9B}, Title: GlobalProtect64, Author: Palo Alto Networks, Comments: GlobalProtect 64bit, Number of Words: 2, Last Saved Time/Date: Wed Sep 11 00:50:57 2024, Last Printed: Wed Sep 11 00:50:57 2024	EE67A64E6EEC29580597358A7860C706	493877CD3362A44D59EDA084B444455F755C3D29	EAA5E4FB71791A360BBABDF007F50861213EAD504C649C26482D6529D9FB50DC
C:\Windows\Installer\MSIC68D.tmp	data	2CB7A7DCECA5A6041701E90F28EF92AF	CB9C43A1CC7C7DED762E2B6C9EFCCE5B57538A02	5B2C4D27FD2FE7B5D040A81B189B1D8BFDB1A38FE244BB163EC51928478BC955
C:\Windows\Installer\SourceHash{62BC3D77-3D5D-4821-B162-5BF52C6B11AF}	Composite Document File V2 Document, Cannot read section info	F76E1FCDABE9AAFC914AC5CA9988839A	ED1F31E832BDE398B1D2C09D7224F4BCFA9CC31C	F72D64FA8E859C31DABAB088F136CF23334094DAC6404D674FEE096FB509F1B7
C:\Windows\Installer\inprogressinstallinfo.ipi	Composite Document File V2 Document, Cannot read section info	9957C355E6CE6DE7530AEB38AF187848	CA7270B555B270C001C174DE71A2134055ED7D71	2E5EC0A392A8F42808CF22952EB13BBDD43D99D641D3D6156DD18CCEA60DED7D
C:\Windows\Installer\{62BC3D77-3D5D-4821-B162-5BF52C6B11AF}\_2AE9C45021E1A96BA1E33A.exe	MS Windows icon resource - 5 icons, 13x256 with PNG image data, 256 x 0, 8-bit/color RGBA, non-interlaced, 18505 planes, 21060 bits/pixel, 96x96, 32 bits/pixel	C9B3419C73FB8A7863C7C84A20B458BE	37BDC9D287BD4D6656C27D45EBA5EC3D611899D8	8D77C27F2EC9589B9BF797AB8F36045BE5AB76DF5478F4CDDF953B893BD68563
C:\Windows\Installer\{62BC3D77-3D5D-4821-B162-5BF52C6B11AF}\_853F67D554F05449430E7E.exe	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	F1814A363433ED1E413AD7C650414C42	C0DCBE7A66F8AD0B83FD0873CB01D6B4A57A30DA	2237534A7E9F656C859A5802007FF17E4649D6FFE4F30A844DAE582C14DE260B
C:\Windows\Installer\{62BC3D77-3D5D-4821-B162-5BF52C6B11AF}\_F385DCA0A7C7248F54C3CD.exe	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	F1814A363433ED1E413AD7C650414C42	C0DCBE7A66F8AD0B83FD0873CB01D6B4A57A30DA	2237534A7E9F656C859A5802007FF17E4649D6FFE4F30A844DAE582C14DE260B
C:\Windows\Logs\NetSetup\service.0.etl	data	CEC080E5EC9EE192153D6DF61386335E	56C5A20998FFF8EC98B02654A1FBBC4ECC0546AB	2002242D7F28F318E299C7260755A91CA9762EF08ECE5297EDB73005C94178F9
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0BE3D293703ACDCCC07CBA30447E01B2	A396A114E2643F443E56EBE2AB3023554735E9DE	BEE324956AF9721A2E5B2428111B71497ADC1BF99DE552177E7199A1A83C62CD
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp	JSON data	DCA83F08D448911A14C22EBCACC5AD57	91270525521B7FE0D986DB19747F47D34B6318AD	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x191e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6271B1F17D80A6A05288A4B45C860F1F	811A38D65F26633E2CF80ADD60E527D472DE5031	6DE647224814CF8BAFD8A77F6F462CAB340CCC8FA42EB15B1CAD3B646CB0690F
C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2da58 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6D9E1F737D4D32F74BB54A237DB3D8AC	1A05AE4CF5A9FCDC43BBAAB4C5CE37B06E7EC67A	5ECB87B13C40540F95F401FD3CE608736464CAD08D87D3F9FFFCE91A5624CFD0
C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6718 "Signature", at 0x68 WinDirPath, LanguageID 809	FABD2EDCE6B1841BB6A33BF1E758E4A1	3A30680CB061ACEF7412AFADD508B92698AC1E32	616099DE8DA3DE2291E3637B232AEA93539669201F2298A39EBD0A6335FC2962
C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\bcmwdidhdpcie.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x54e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6695F648B824647C2649FC4E25224674	D7A2F06E1C4EE4001B49D48D4507C8B29CC81640	A84A470E400C22A6E0E0985E59E17F8F6A4D3E43F0A6F89C4E8983DAA33230DF
C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\bthpan.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1e30 "Provider", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	44B37D3C4A87F3AAC3199573A5F5E841	D576521A8799EED2BB712C746822A0D4CE5EA219	314281860E888DD7D5532D0C07601CEE38BECFB4EEB64C0AA799BB6B6E3EFD4D
C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\c_net.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1550 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB	DFC1F153C1142A3EB093DA41F764982B	2FCE4089F52AD7A5F91E6C8626BEEEA6106A0AD4	3EBFC47CFA7453D75DB46614F57E048FA60F78D0E2830EACFA2FDCFB8A782303
C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3328 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	815621AE92CE7FF83AE78135D6BB0B4D	9E42D754847BA59E2B158CAC57EEC25A15C239F1	E31F9FFDEB95D68158C62065D35F69DDC042FFEDBF94067667C2D27410F81E68
C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\e2xw10x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4ad0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A543F0E59F9C0D9BC9CA7DDD24EA1098	62980C687B52658CAFAC8B9AC0059EE335A56391	0170E149BA81DEE6B25C20B96544D16B58A8D82EC2246B2D219B7A324D067D62
C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7b50 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	70506EAEED853826442503668B1BEB15	576D3A9B5FA9AA59CC9B4B62CC7EE085C9AD7BB6	D4B652FB0163F262347B305CEDC223C9FF9C90BE3D2112BBA4E1A2F4039C3396
C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a60 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DBD94ABA0A9B37A601BF3D345ECDBC19	66726B2D4FB1F890B9A0B2DE35967C58A1312C06	2CDD50712C62AEDAC6DE3AF680184DB65765C41B3BC44FD2595E6994DD43A5D4
C:\Windows\System32\DriverStore\FileRepository\mrvlpcie8897.inf_amd64_07fc330c5a5730ca\mrvlpcie8897.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3080 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F9A3D1C63B6D09865A4E016549DD0E01	5CCDA5430162138D1FBD96E142C05C2F89068BF4	E54866587F2F42B7901F05E2F17A6486CB0FC297F66C95F407F44265C0A4C584
C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\msdri.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1390 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E7F5C655559E8391ADBCFBE54C0113DF	DCC1D1A2558932E589F273C6FB5EB760663FE74B	697D7ADAED4954AFF47D989BF50422A3F069E1CDBDA076BD7EE2CD32ABB5A773
C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4900 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F11FADEF201B7B312DD43BCF2A6F01C5	16F4FA9E51ED4BFD3CAF549D969645B03686FDB5	1E2E8E7E24A53BE908C2A027BA461653FEB73EF758D73EA161D4D841D327F511
C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2a98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	077C277C6A90AB8CCBD0B191EBD938CB	D7107B38A7F046ACE7AD29D18D835170E4B21C6C	474FFCE72765376AE8900CEDA7FDBC5FC4FFA47195D4A5F738FB062780369B5C
C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ndisimplatformmp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x32f8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	47E6D2240A0C44F59302AD12CAB698F3	E44A8A7D1E7E2E226E7C16B6897732632FC0D136	C7D875A44BE0FCD56662AE1185861C130674ACDE24BFA21C3E5794073ED96E60
C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\net1ic64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10650 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8035E4077A2A9058A8EB2EA34449319E	9F368FC9865C44E8FF7A3235339DEC37A3B85784	5FA6D186B357C542FA27F6C1D15DBD67B58136272A9E3AB233DAB65226F5F95B
C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5520 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	AADA124854A5802282012135823CC3B2	8EB54C08902DE0F7FE6B76CC200219E000162D5F	AF8D48FD2261FE28F58325B11E140E83145BB00785133DAD8A40A06AE2730771
C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x59d8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C1F697C0A6E62ED5D143FFE1B9D02925	FB1372FC4B2E80786A707AE971BC43D4F1F85C99	C51580F3449EF359A7416592B9F812654967A73D7D1E8DDD15D15501A62357A5
C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5bc0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	45C2097743EC876BE0B564488EBEE432	22161FD925B2E13E1299D90825E668196A34643D	FC0BF927D71D79899D789B284F96A63A4641047EF7FDFFF2EE80559AB5503A1C
C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\net7500-x64-n650f.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x47c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	95E51D27AB64450E53DC39A980A95FEC	B5FA6B99ECBDD79761C33AF0965071AD695C3B3B	FEE69BCDA6B83051BAF73552A0D396AED3C7A1B5DE849AE66C454E75C15A04DA
C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\net7800-x64-n650f.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6198 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7F76DD71D82084C006674132F43528BF	A15CB1614FE7CBF31548AE5BC656ABD1FE599F9F	EEE4CFFF5FC002863A9FDBF5A716C755CA1226D64F156421DBA694136C816F6D
C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2890 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B5145DBB213CEE5B10212F5FC4B43042	8B24406BDB3128BBA42C061AE94FF3032F057AEB	5D62CBA107D3DACD6C40CD9DF89A416BAD7F68088A716D3B4014E0F05ADC4EEE
C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3290 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A1FAFEFD4310709694329145598526E1	F95DAC6CA17E7257CD19E55B40C8EFF801B7489E	320C5941F4EEE4204641275BA5628AB69411F3BE468DAB569AFAE666232FAA66
C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4058 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	938BD22DB5530E50D99E1DE59FC289E9	C52103376035B7DF9D9465484AD61CF75457ECE9	54A7F0CBD0849A43F83E19DF3881DB1FE0EDFDF534121F2E78237ECBC43FED0D
C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8f88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	46C0274197B0FC61AB8C78CD142867B1	4414AFB443F019C59E49C135AEC96DDF895C79CA	D1E159ECA93D80C37F2255F86BBA07ADC91E469A748E5F17A7DD7BEE6BAE052D
C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xbc10 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FCC1A92500E11E17BC157300877001E2	A3DF7FAD37E8D75E61A1510FABE047D3EEEF1B64	C5C0304289D71D1A09029FCB93338F6552C6959052F8E9C3D4186229CB993401
C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5900 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E40DF4811778E0B54B585AF44A758A35	C3C9BB7F49B77420BFAC41208F53DEEB782C8AEC	7C5685CD34504D5D77BC038521259CC267F23E5C07CE8B968361E4663E30913C
C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5f48 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	864D56BF2E2BB94816767A87CDF8A9EE	837A867DA2EBBFBA19EF878E6ACFF2D983B53096	1F15AE2F15D9F35185F55EEEE8034FBA29542DB81DC67372AA5E62F10F444515
C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x16aa8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D4E8D3D92241C56C93CB61FBBC2493B9	ABF2496D6B6A237AEDEF119A93D73E0206B55C7E	A53EB095A216A50182B145015FC5F0AE272F4EAA902DA45AB00165F0091A02C0
C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2e6e8 "Signature", at 0x68 WinDirPath, LanguageID 809	BD7A12D2FB24A2E7E5236C2AF1BCFD4C	129C00B7C0E0CCCB6FFD39AB57D1277AA186F04B	B1E4EAB59CA2CD693F37AECDEC78332AC8B1D0F327842CFA7EBDE1B2170FE1D2
C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\netavpna.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1420 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	D303FEC04E8478C7696ED716B26814D9	A0C9ACECC0BD093CFCD59F425C756C2DA6DE4C10	36322F02F006ABD771B5A334F31CBFFD2B97D592A567901D4201CD113C19009D
C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\netax88179_178a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4470 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	47A2CBBE599B48CD643743CA3DBD22A9	DB15D0FB4FEEDB6E270B6E66B302773A766C0092	2F2E61E4DA54D45D2BC0A7CC374983519308FE08B0504DE63DE2B0149473FB68
C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\netax88772.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4358 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C1094D4F7FDB68DBBE11138C4ED7D39E	1D77AA073F506D22C307D55748D82F4E63EB21B7	9199BCBDB69A1919C097A704595A9758D41DF083F62103D1F4DB9EF4B419757A
C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc618 "Signature", at 0x68 WinDirPath, LanguageID 809	2ABC5B3CAD438C92FEF6407D8C1E8EA7	26EE2457BBF3C2893CFC7C937EB4E20FEA715F96	14EF6B8B46C2A8C3BA108A10D1C1A9FF743F141FF101240D5810342C553A8B2B
C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6e50 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	42A531FC1CBB51B1A976B8382A192B10	C7E50031EBCB5720A4C978EDF4B19C3B8ED4641C	BE50433B30ACBC772992F115AF5C2850F821AC3D8875D96A12FD86B75A3A94E3
C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\netbxnda.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x27528 "signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	0939CCB2814C525EF2B0E62BC2AFC2D9	1CF98996D771BD17C570249B3A2B54AEC402B8CD	5603B52CF35BA1AC0A9011D836F2B8A5BEB3B5FB86083984198100A3058CEF0F
C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x9120 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7B9D52A95ACA4386190E87262698CEC0	C54389B80E75917503560C56E2ADD875D0189523	0DCEE02FDC54095FD4A61806BA0F8CFDE56C551E6837E246F8EFBE55D327E15A
C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xab88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7B36D93E7CCC957F85C2E26E906607F4	FF3998459F5B392F4129B5F4DD9625172396A2A6	BABBA167FBBC9741686631905FDB983457CDAB584CABBDA476534400F417D5BC
C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd820 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E3143287B359009041232412BE38CFEB	2DAA8E6293C71DE1B9E7B21B2EF62CA2DA84AE30	397614C058027FF5FE819BFF43B1AC01CE075BA061731D5CF5A635F76BCEFE14
C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5dfe0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4780A670106FF7EE7D5C0888AA82CCB7	8564BBBD8B5614F08BCFC4C40428232CE737433D	E3D6E528C2EF31371B3756C17D60FC141C9A1BDECB3775BF63E1E32B3657211E
C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4988 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C7046CB62364DFC9A179B6D3FC55564A	AFD9DF73C7677A839D5617B15BA627AEBD11214F	20A21348DFFF688C2A1BCE6AA9102F2B7B8CAE118A411EA17BD7EF55B1252603
C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1028 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9CD7CF1BBC9B56CA535020A2332ECD6E	A672AEB5BE3D04D120D7FBEC9FAD2F4606AE0921	EBD5C07025FFCDE25D4EE0304E88309B221E15F40C35F80AC6D7A76A188FFE40
C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x47c0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DA7A6F4C1F9AFF39503397095D3B04E5	0D9A93E203238F75978465A3AAF80C2DED87848A	81530DED0C38DB3D0BE950AFA7A3B184631CF0FAF568763A4937BF9C37D99492
C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc088 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	86FA73CBA760CC0C5B176DC553F6D2A1	553F9BCA4EF9EA6306B8A1EA434CCB18D4264B34	4CA2E23F40B53900B904BB020F3E2D78609382DE1A6CEA4CDA053A26510BF41D
C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2e78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	DF809409017D3616C90BD8685CBC3427	07871DD86059E9156FC1DB3F943563E357512FED	74D7F0FCD3A3D62D43B4EB8928BA11F5DB519E6F9F259088A5F4DB5B1EA1D3DD
C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x20300 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B77841A9EBE13931DF0CDB0458A46F99	1E03E1FFB0600BF645917E8C383591B630B6A8F5	40B5A8F04241C9A1F36DE0305FCC842EA2947815FF2BEA13B1825FB22423C006
C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\netl1e64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4e68 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	EF622122E1C54882ECBB722A62A3C2BA	FD59D712FBEE311C77C482BA166C8768FEB3A760	DB37426290F84B22CA64D6BEAFAD2CE6FE913A894CD017B8409EAF576B36561B
C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x27e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	E475549D9EF386DEE5663F813F66BD44	3F3E0EB8AB5EF9940C4827B5C8A38F31FCD2187B	B202B47EE8AF986D8F43472341DA0FE8B235F4D9167038D819C090ED4322BE7E
C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1950 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	931140188B7C6C13002F4BD29BF06171	5148B331BD0999E1F325E37E16DC41D736E856BA	3506E542E573F3392EEBDF2DF85CD73336E2762F631BCCC272BBC5B4DCD698EF
C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\netmlx4eth63.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc290 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B5A1771E22871588EE926CDF1AC265F4	A3FAF216FC84F13DF04E94C698C1CB1B7F9A5D88	971EFC05280B5F34F2009A0D3822BE58356841632EBA3CCC0DB73AA5407B37E7
C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_101a408e6cb1d8f8\netmlx5.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10f90 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	516E31B106F52630140DA608D6BBD188	81699347DAFD0808077EED12216E3F0999723F99	9D753F387ABB4BAB3E3D3139A17332224C3CDDAB6AE10681B63D1355324B2180
C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x20c40 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8FF33D66C8B7107A6B4FC09ABE5B264B	15CA65F2B05C07F5231F187F801A2A950FAE03E5	019258F0CB8AF268C412535D222EA29369E917CE334CE0E075E22C88A1831A5A
C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\netnvm64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x6ac8 "Class", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	F2D606973E434D9D56335F232875DD58	80E8ABFF67127BA177B7C21386BB19A37853B595	AB15B6013D976CFD13A3DB8D6C258F3715E94218F17F98926B967C765AF7BF7B
C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\netnvma.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x4bf8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	711EB45F1B4E744C0009AE2C23355ABE	F26791875AE4FC24347FF5FB4175F331E0D8DAE2	746B481B2B277C983F91A4CC513ED38EFF8E0AC82A10F17D421C06537E165898
C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\netr28ux.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x28fb8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	016B11FCF80D9B57687E1E273E765D23	F4EC5BE3CB1DDCF53C23F810CCB9BB40B6BEB6C4	1C048DAE6AB93CEBEDF1D47218309B1745F91860C8629960A4A64E48E41CFCE9
C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1d828 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	44560E2FC0126C990FADAE73DC4FE027	C6CCE2D3B36142B4C797160C3F8317DC28CB6F1A	EB3088F9105B0BD3F098ACA4F0F64738BD96EE287DF84E30C05290C3AF60DEFB
C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xa820 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	89B05420C5ABA4EA06AA0B63349AEED8	40DF09FA1FE093803518A7ADC094A380C0F81713	FB7BF5184AB7C22C258BFE9F27C5C2717D9DBD9869404FC84208E43B495EFFC9
C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\netrasa.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x34d8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	629D5D68F088E79A5D368876EBF0B1FD	FD6F06383B4A136CCA5C6534B0D3A5D979887448	830A22E7A48ADB07957E8736FFE8EB7C92C8F2C404E77DDACCF1966B5B410909
C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\netrndis.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b88 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	B7F9D8DD5F5DA05B9D39C4949ECC4A18	F79DAC28D6A220768EEC08F7C65C199A984BBABF	E3B6DD47F25BE926550CD38756077A9F0FE668D09BE0BBC017D8FA3F114AA4AD
C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x76a8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	7284593CF8FB559AE230B2D9BB00645B	34DC3AC3FA6B2E97F1E2A27F5EBA466861E041BF	36D3D2C2BEBAA4422F532A16F7AAE2C9F5662B6BDE8C307C105BD996CEFB74C8
C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\netrtwlane.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc8b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	5B5CBD02A8B4649834A0C99D1DDD4F00	741D39D88403F91FCBF6CAFE320524DA5C693D66	EA526785DCB530D50D39E78927DB03541BC2DF8F3F003C3757BCEECEC39FAEF2
C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xeff0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	CBD97D751922E64ABE77F6D1731FEB7C	11EB07D6EB5A1DED4746FC2E817888EA0C045185	3AC03AA966B298328319B5870F37F9BB3243CDC7E5F353B5CA19273E2A422AF9
C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xc078 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	4C272FCF7DAF2B4E825ADE1575A2FD3B	954194F501DDDE79F13D9C1AC3723CB066C49165	3F38A412F6BAA8E66A55E8AD68DFEBAC5E0C8ABA7F6A2E05D109F006674DFEBC
C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\netrtwlans.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x7668 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1FB1AD5244AD75E7940E204197EAD14E	5B1D771CF8FFE2A172806154004E442B9AA851AA	FB1BA3D9B56D190BEA1135669551858B939E24349065CD810D3CA5B13B0EA5F2
C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1cab8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3A7B5A81BF8B54B90F98815723A38F91	B9F9331BAB66AD0FFA6FDF250A2B5EE600E8E6A7	22B39AF29766FEFE4EA532A2D021C9C07C9B33B26CA8EF434A724D8ABBF78290
C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x13b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	59D7359E52B2DD6554AEEC91DB12A63B	2CB235513A9A8E19CE862D22987D0DCE66C9D95B	8E6413490D7572483C1B3C2739A8D001CC15D6DCFA7BB03467B39E1954BBB206
C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\nett4x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x69b0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	1ED94DA826D41CB7D364108F0284BF70	E71C7755958BA15EBCF14DE62468FAD572E2959C	9F47FD90EB062EEFC4508355A57F9DFC63A9C3D4BC583915CC0B621C9F446CF5
C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x36d0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3A5B8702CC8B174C9608EB8F15EA48A6	EA804A49A3A68B39B49B0936126AB1315080A088	BD3489DCEDB8EC48E6FB4C1B5AB91F8B0786788DA643F04424FAE3881B7AE8D5
C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf78 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	9C4C3449AFD39BB6C240CF7D844F5730	B3A8287E2D0B338AFDB4366E381D855EB27F2704	5C5B20A30825F61E5B3ED776994C0B69804C6125EEB4F82FCCDD54AA09DD7F89
C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe6f0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	19BBB1A52DD6F720D8920145DD193D51	802DBDBB3B56D061A53DDD85517B6AC63757556A	FB2818CE5F21587098D40511BE1C22B7043C2EBC50229D333F0CFB00A3A89155
C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x3bf8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C619E809976DAB33897D42FF9DB3E874	1F21C44B8B75BA030A96AAA5BA803159BCF3AB5B	15A7FF09DEC4DD6F013C8493DA4D82771CD02313B4E3E5057A526F2D20EBFAE7
C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\netvwifimp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1bf0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	8AF36A11E9DB9F95D82A9C0856628210	03CC3E0DB53139E4A273EEC661CD17783060CE1E	F46827B647ED76A16C279CC6E86433530A246AEB407F853978910D2A6D53370A
C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	03E17022320B1F748366C286F0666402	ECBC102291D14A2DCD3B6FD9876066749868F4FB	83938F194D74228DBB1FABCC9B3ED302782C6561BEB38A4EC97BC26957C736AC
C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\netwbw02.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x18dc8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	340C5D418099AD19E66DF8852AEE35CA	D022E79B56F18100F6CC81F9D7BB91218C1D45BD	3E094D018220615E9AB44D04D122E5A9050A915B888EB958F1E65FA9FF7C5838
C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x98b8 "Signature", at 0x68 WinDirPath, LanguageID 809	2799730807CFF0D3349AF41C3B399BB7	D4623637EDF67B414F0F7CF18E3AB19EE3AAEAAD	B9850924B03B1E3FEBF6A8F90462F07D469823A4C9948312440FB07860DA0997
C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf730 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	13988AAE49911D1F25C873E7B679807E	1FB9AAFF612A413AEBA3EBA9E2E4C4B436DCB816	BD0014F486A58328A08550B65BC17A0337DC8225B5C754096F75C225C830E33C
C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x29320 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	C92CF1DD5D5142E2D622BFA8105A2BEA	732A3A3548EF2D33CA62F35246667466EC8C03A6	05B3CD0BC5CFA659591A020C844ACDBCB621B90DCD44DE88013482525D01A910
C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\netwmbclass.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1c60 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	FE9947A73F5417DBAF9C0805104495A4	EC8220FC500DE34EF4CB2FE166A41FBE63C9B470	6D6189E5847D4B1E6CC114D0771CA56AA4111164911B2CF477E7D4B6F9363373
C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12018 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	130B39F560AC5A5D296C34B8801820B0	09762007C1B42BDC0FDEE6CEFB9A58AD00AAAED4	9F9AD4BE5034BC2576453802D77F39B0C5324427C4683E910823EAD536B22392
C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x10c10 "Signature", at 0x68 WinDirPath, LanguageID 809	8EA0F5F9152F7F45E20D5F3C436BA9F1	D58DC01750A7D40AD2F6192526CB19DC6534A6F6	5E2910B3757B35C58928EE2EBD5E920E3FB12B3681649A8F7E55098ABAB6A4F4
C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2d860 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	2BFCDBB7D28FBBBD1DB415A197F989F6	AC1B8CFA76365E2AADF2B841E97B28827DB5CAE7	4801C9E9802DCF738B2D48F72E90F9DB6601097290D48495DDD419BE621A9CD8
C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x188c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	16F9BC19431C1EAD5F016198BBB646FB	E9016FD4902546F28457E9FF0A0CE1E81F80B659	732F745065717F2FAF9EE0DF54CE31A6066ADE15175DA23543237FA0258A0F8F
C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x12d70 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	623AA589075452AFB1A045603A70F05F	A67A19526787C6DA571B5D165FA1A98F73830424	3C04BD8A9BC38487326F0DF015820BE097AE3692103F7B258E6CC080F92BE85B
C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\netwtw08.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1b7c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	73A554F2F2753483530811C097EBE473	5CAFC807E8EA45F141CA83464CEC9AF193703C5F	15A9034F5E2AB67873384BCEB5478F7989D719CF3E3AF9BEDC75BD888A3945B6
C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5b28 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	A2843A912B664B8A699354BDA1142600	53D6076887EDDC1482138D4709A02D24376C9F64	EE1EAD30E5C7AFEF019ADF970AB584B30530AECE7B568C3D6FA6CFE6584DFFF9
C:\Windows\System32\DriverStore\FileRepository\pangpd.inf_amd64_395e590fee2fe205\pangpd.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1940 "Signature", at 0x68 WinDirPath, LanguageID 809	97EE0160E40ECDA26245F23586466FE3	8B315FC4B058B9F10A4043518FA1006AB51D9521	C2E90872D9B0111A1EA58693E72F72527C9324FF93A675D00C9A1612ECC75C29
C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\rndiscmp.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x11e0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	30A634E83B1BCFAE54B90E3F2943F989	90759CAC85B50851824D6B7B04078AD6927AFBBC	E8434E917BCBB342A19E16F064E4374D203DDF350DAE33596AC89F0E31816F72
C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\rt640x64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x13948 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	BD2B0F7618E267CEBDC79A5EE9FD95AD	E9633C40890542AC4FEF47D0E3041A6E1BEA1A91	CA55C871FC8730510CF5C7AECC4A76B977011588DBB4C65CC53DE91D06055A91
C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\rtux64w10.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x8f48 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	02B0E1EB5EA8FB5C43ED5B96439BB10C	459222A367B38FE20A062BA0366D907D4B5971A2	4F8923E200A1BCF3B02CB225191BC7E065B4A169B64AA7A5347C07384DB8306A
C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x131c8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	01B4D5156AA7CDBB6C8D8120C857DE53	2C755106C0BBF15D7BA77B121BFE071DFB8F84E1	ADF86360376AB130F5B295A392D58CF75941D42C2151FC09FB5351AA96338374
C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\usbncm.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1a00 "Signature", at 0x68 WinDirPath, LanguageID 809	706B9420C920FCC4A1359643F51A2C79	DDECB9B743E37B01D43E9A0B2FF711CAC6EB3A6A	DA940FD1F1C5FB5D8BFFCED6A4BA30447B1BFE04EC706342C3881BAFB0CC03BB
C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2fa8 "Signature", at 0x68 WinDirPath, LanguageID 809	4F82E1EFF7A7310E39AF9C5B4B1CE5DD	35721A42C40ED8BAC6B15DA156986D8917CF4100	93688A8BFA5C5CFD46BAA8E006C8FB892965F4D33347CB371D6CAC885B2B88E4
C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf00 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6F189CFBF43E4DCA781976CF114B33EA	958C6B28A605D2FF1DBE9D3F323B024C4A46ECB0	E62D12C479F0BAD351CD42D99510273D4DF95140A19AC2CCE31205C9E9A0B1BB
C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_268e58b44338d192\wnetvsc.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x5c08 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	3E47BCE5711A58744831D11179C287F7	1306F94D7BAA8D8EEDAA6AD8BE479ECEDF9C41BB	E7E9379F834EE8E8E40AEFE85A075D9A14889BA80CB45FEE1817BAF5306899D0
C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x47d8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US	6BB512A217C91B75CD363CDC3D0F7AC0	0655A5195C943DFC46D4D80D13F4B6DEFD5C0723	B05E09C09A3663B3E92F9F305DE1C46BFB2AE3976161416A8FD340F4731DF4E7
C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\SET6DF9.tmp	PE32+ executable (native) x86-64, for MS Windows	6CA91596CFAE2079BA66BFBB099F41E6	12729569CA22D782630E988C56A6472D8CFB96AA	9CC08F70555E3958E1676FBA56B12D482EF961F8FDBBA9E69DB7A44F3B007A02
C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\SET6E48.tmp	data	6F4E74E781E6BCF142DD838CFEBB41C7	F4943F6168827C6E6E5CB4F9E7D34B35398D66C9	F6F9275BE2DA16360F7498DD1B4631F9B19FFF816D8A025B0146C20572B1A1EA
C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\SET6E68.tmp	Windows setup INFormation	FC97A101113D88276C58400BBA7AAF77	814D0C9FBDEE6B3DABA6D18389536FDE536D3B2D	20B44F3859A6FF1B7C644FC90CED4E7AB37CCF5CB50EC21D59A92906932A4842
C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\pangpd.inf (copy)	Windows setup INFormation	FC97A101113D88276C58400BBA7AAF77	814D0C9FBDEE6B3DABA6D18389536FDE536D3B2D	20B44F3859A6FF1B7C644FC90CED4E7AB37CCF5CB50EC21D59A92906932A4842
C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\pangpd.sys (copy)	PE32+ executable (native) x86-64, for MS Windows	6CA91596CFAE2079BA66BFBB099F41E6	12729569CA22D782630E988C56A6472D8CFB96AA	9CC08F70555E3958E1676FBA56B12D482EF961F8FDBBA9E69DB7A44F3B007A02
C:\Windows\System32\DriverStore\Temp\{bde618de-3b74-034f-b443-966861a24834}\pangpd64.cat (copy)	data	6F4E74E781E6BCF142DD838CFEBB41C7	F4943F6168827C6E6E5CB4F9E7D34B35398D66C9	F6F9275BE2DA16360F7498DD1B4631F9B19FFF816D8A025B0146C20572B1A1EA
C:\Windows\System32\PanCredProv.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	2F54AB56578EB5DB2C0983B9BC8CF551	64920DB9524D80A54D3704D4CB28D56E701FBB3F	444DB74438AC9E3EC34B5A86220CA10477C508CD7942A2D2BD6C390953F408E6
C:\Windows\System32\PanPlapApp.exe	PE32+ executable (GUI) x86-64, for MS Windows	19C40266DA093A844F705ADFB1A3714F	62127320BB7434CB0676C83D9CD2A03DE0FF13A7	CE91CFFEA5A1C7AF2185AB5767EBBC42A7E26044AC5A7632727DEDE239899AFA
C:\Windows\System32\PanPlapProvider.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	3BC7B4D80073FA4151A7588EED0323C7	8BB08CEE1E07963C463A2D4FE56508A9A585F93E	2430132E3FE9236138FF92A2576CF68CBE1C88B4B48042A40C446F34594A0A12
C:\Windows\System32\PanV2CredProv.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	5AEFA5E1319125EF192224F380154474	67D1DD502C5CABBF0A8E864570CC52E87E4B8A0C	97D138C2013A10D9652D85E80D56846457CD74C4D4AF6EF1D98EE3FB33692B6A
C:\Windows\System32\catroot2\dberr.txt	ASCII text, with CRLF line terminators	8ACBFD5F49464C88861E69803B969CD9	327354B5979DF6308FFC169E83AAFF5DC11D89C3	F25CFE4E480EDEDBB936D1A6B57FAC6B9276D5F0765F8A98599405D9A766EDC6
C:\Windows\System32\drivers\SET80A6.tmp	PE32+ executable (native) x86-64, for MS Windows	6CA91596CFAE2079BA66BFBB099F41E6	12729569CA22D782630E988C56A6472D8CFB96AA	9CC08F70555E3958E1676FBA56B12D482EF961F8FDBBA9E69DB7A44F3B007A02
C:\Windows\System32\drivers\SET8C10.tmp	PE32+ executable (native) x86-64, for MS Windows	D9B1F383AD60E687B7A8347241683C50	293FE84008105EFF5AB9ED1D0338EEA32138A3D5	8E438A6E3C6FFE966644E02691CF15D1FAABC522AEF8BA1D6E969A4FB0B650EA
C:\Windows\Temp\~DF0981B5E01843200F.TMP	data	3C4D0950B22D56AE5BBA5C737CB5CCEA	BFA21148E15C6AAEFABCFA9FA4B0EBED79B1DF31	77A96463DE3776C2C8589A20D05A539C3FD0739048E7DF17C2B5DA0B2045CE9E
C:\Windows\Temp\~DF0F22FB38899BB3B8.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF2EC06EA81B9E3334.TMP	data	7804997E52F15578A9BAF5BA5D81A218	FA85116C1FAED0250A96B3F3B802F48B74BA44F5	0EE3AA3CC6C6D369A31C1C33DFBF2CAA10845B1A8DAF848827C4E3B4AA046D43
C:\Windows\Temp\~DF380A7CB120EF4C7A.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF5A0A920D2F3BE035.TMP	Composite Document File V2 Document, Cannot read section info	2676F06467A49AB96B2369C9CC64DC46	741626920BBCF225AA7714171BF938031A273294	D0F56ABFE4E955CD0AC09941C2403D70160D9612EA11807BD1F6F59772DC030D
C:\Windows\Temp\~DF79BBCA1BF33F4953.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF79EABA0770A75668.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DFAFC09F7479ED9054.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DFB53D8F4708B8E4A1.TMP	Composite Document File V2 Document, Cannot read section info	9957C355E6CE6DE7530AEB38AF187848	CA7270B555B270C001C174DE71A2134055ED7D71	2E5EC0A392A8F42808CF22952EB13BBDD43D99D641D3D6156DD18CCEA60DED7D
C:\Windows\Temp\~DFD5389E53CA5B1B3C.TMP	Composite Document File V2 Document, Cannot read section info	2676F06467A49AB96B2369C9CC64DC46	741626920BBCF225AA7714171BF938031A273294	D0F56ABFE4E955CD0AC09941C2403D70160D9612EA11807BD1F6F59772DC030D
C:\Windows\Temp\~DFE1050C7D393D2678.TMP	Composite Document File V2 Document, Cannot read section info	9957C355E6CE6DE7530AEB38AF187848	CA7270B555B270C001C174DE71A2134055ED7D71	2E5EC0A392A8F42808CF22952EB13BBDD43D99D641D3D6156DD18CCEA60DED7D
C:\Windows\Temp\~DFF240446CD32224F7.TMP	Composite Document File V2 Document, Cannot read section info	2676F06467A49AB96B2369C9CC64DC46	741626920BBCF225AA7714171BF938031A273294	D0F56ABFE4E955CD0AC09941C2403D70160D9612EA11807BD1F6F59772DC030D
C:\Windows\system32\DRIVERS\gpfltdrv.sys (copy)	PE32+ executable (native) x86-64, for MS Windows	D9B1F383AD60E687B7A8347241683C50	293FE84008105EFF5AB9ED1D0338EEA32138A3D5	8E438A6E3C6FFE966644E02691CF15D1FAABC522AEF8BA1D6E969A4FB0B650EA
C:\Windows\system32\DRIVERS\pangpd.sys (copy)	PE32+ executable (native) x86-64, for MS Windows	6CA91596CFAE2079BA66BFBB099F41E6	12729569CA22D782630E988C56A6472D8CFB96AA	9CC08F70555E3958E1676FBA56B12D482EF961F8FDBBA9E69DB7A44F3B007A02
\Device\Mup\user-PC\PIPE\samr	GLS_BINARY_LSB_FIRST	E467C82627F5E1524FDB4415AF19FC73	B86E3AA40E9FBED0494375A702EABAF1F2E56F8E	116CD35961A2345CE210751D677600AADA539A66F046811FA70E1093E01F2540

ID:	1543859
Product:	CloudBasic
Start time:	15:14:57
Start date:	28.10.2024
Sample:	GlobalProtect64-6.3.1.msi
Cookbook:	defaultwindowsofficecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	ee67a64e6eec29580597358a7860c706
SHA1:	493877cd3362a44d59eda084b444455f755c3d29
SHA256:	eaa5e4fb71791a360bbabdf007f50861213ead504c649c26482d6529d9fb50dc
Filetype:	Generic OLE2 / Multistream Compound File (8008/1) 100.00%

Windows Analysis Report
GlobalProtect64-6.3.1.msi

Overview

General Information

Detection

Signatures

Classification

Signatures

Bitcoin Miner

Compliance

Spreading

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report GlobalProtect64-6.3.1.msi

Overview

General Information

Detection

Signatures

Classification

Signatures

Bitcoin Miner

Compliance

Spreading

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
GlobalProtect64-6.3.1.msi