ElfFileҕElfChnk A^:b=f?mMF& **  & \Dכ|ٖAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannelBF;nComputerWIN-00972SSK532AB.SecurityfLUserID !  >Vu!#PpfB@Microsoft-Windows-International+:WcL.?w;Microsoft-Windows-International/Operational >/C>/C;WyP8:D EventDataA?boData= RegistryKey A)b= ErrorCode A%b=Message RControl Panel\International\User Profile|~~b N0Rc[veN0 ** io iozZgAMsj5http://schemas.microsoft.com/win/2004/08/events/eventbAF=XAz      ? fA   AFFm AF  (FWIN-3PIMCL4OH3LA  !  >V!#PpLMicrosoft-Windows-International+:WcL.?w;Microsoft-Windows-International/Operational >/CRControl Panel\International\User Profile|~~b N0Rc[veN0 inds Remote Management (WS-Management)\PbkWinRM/18** 2ɹ"  Z& q!|@2ɹ" 4D4Windows Connection Manager\PbkWcmsvc/1 **z (>:6(>:5g^M$`HAMsj5http://schemas.microsoft.com/win/2004/08/events/eventA"=EventLogAS t   ?Aj   System(+WIN-00972SSK532At  ! !{z F|F%g>9{p(4(k  @WIN-00972SSK532WIN-3PIMCL4OH3L**z (>:6 o!yz F|L6.03.9600Multiprocessor Free16384** z (>:6 ;!uz  F| !:B**( &׹"  N \Dכ|AMsj5http://schemas.microsoft.com/win/2004/08/events/eventbAF=AS t      ?Aj   AFF AF  (+WIN-00972SSK532At  ! <  !gm&׹"PlVB Microsoft-Windows-Kernel-Power:;3 D^w" 7ִSystem nCn {pe EkA;-=ShutdownActionType A9+=ShutdownEventCode A3%=ShutdownReason (** tv"  N @ s! tv"iVB Microsoft-Windows-Kernel-GeneralOצ]System  %a %C+Wi4@4kA'=StopTime tv"** g/|  N  @ ! g/|iVB Microsoft-Windows-Kernel-GeneralOצ]System /w/wmUWF~rkA/!= MajorVersion A/!= MinorVersion A/!= BuildVersion A+= QfeVersion A3%=ServiceVersion A'=BootMode A)= StartTime %@FJ{** g/|  N  : !g/|~jVB Microsoft-Windows-Kernel-BootDzMK ^SSystem җ)&җ)藭C9DizkA7)=LastShutdownGood A/!= LastBootGood    **g/|  N  : o!g/|~jVBMicrosoft-Windows-Kernel-BootDzMK ^SSystem TT;hX<͚8J@4kA'=BootType **g/|  N  : s!g/|~jVBMicrosoft-Windows-Kernel-BootDzMK ^SSystem n7!neO@3D8kA+= EntryCount **g/|  N  : ! g/|~jVBMicrosoft-Windows-Kernel-BootDzMK ^SSystem v "v ?M(\PkAC5=BitlockerUserInputTime  **g/|  N  : !g/|~jVBMicrosoft-Windows-Kernel-BootDzMK ^SSystem qg$Nqw#i6ߥFVJkA1#= ResetEndStart A7)=LoadOSImageStart  A9+=StartOSImageStart  AA3=ExitBootServicesEntry  A?1=ExitBootServicesExit       j **0b(~  N  , )!bb(~@fBxMicrosoft-Windows-Ntfsz?nMĂSystem ()'(حh@9 2kA)= DriveName A+= DeviceName AA3=CorruptionActionState 0C:\Device\HarddiskVolume20**s&0~ и{v(и{o YxƫAMsj5http://schemas.microsoft.com/win/2004/08/events/event A=volmgrAS t   ?Aj   System(+WIN-00972SSK532At  ! {!.s&0~t F|0(\Device\HarddiskVolume2(. **9  N  > !95VBMicrosoft-Windows-FilterManagercIİSystem w7K,w7->vSZGsl`kA-= FinalStatus A;-=DeviceVersionMajor A;-=DeviceVersionMinor A7)=DeviceNameLength A+= DeviceName A+= DeviceTime  npsvctrig)o**V O  N  P !"V OjVBfxMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/7!tŸ9rIIdXkA!=Group A#=Number **V O  N  P !/7V OjVBfxMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1DewykǟT3B- XLkA!=Group A#=Number A3%=IdleStateCount A;-=IdleImplementation A7)=NominalFrequency AI;=MaximumPerformancePercent AI;=MinimumPerformancePercent AC5=MinimumThrottlePercent AI;=PerformanceImplementation  5d99**HV O  N  P !"V OjVBfxMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**V O  N  P R!/7V OjVBfxMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**HV O  N  P !"V OjVBfxMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**V O  N  P R!/7V OjVBfxMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**HV O  N  P !"V OjVBfxMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**V O  N  P R!/7V OjVBfxMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**HV O  N  P !"V OjVBfxMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**V O  N  P R!/7V OjVBfxMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**HV O  N  P !"V OjVBfxMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/ H** V O  N  P R!/7V OjVBfx Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1  5d99**H!V O  N  P !"V OjVBfx!Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/ H**"V O  N  P R!/7V OjVBfx"Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1  5d99**H#V O  N  P !"V OjVBfx#Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**$V O  N  P R!/7V OjVBfx$Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**H%V O  N  P !"V OjVBfx%Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**&V O  N  P R!/7V OjVBfx&Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**H'V O  N  P !"V OjVBfx'Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**(V O  N  P R!/7V OjVBfx(Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**H)V O  N  P !"V OjVBfx)Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H***V O  N  P R!/7V OjVBfx*Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**H+V O  N  P !"V OjVBfx+Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**,V O  N  P R!/7V OjVBfx,Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**H-nQ  N  P !"nQjVBfx-Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/ H**.nQ  N  P R!/7nQjVBfx.Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1  5d99**H/nQ  N  P !"nQjVBfx/Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/ H**0nQ  N  P R!/7nQjVBfx0Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1  5d99**H1nQ  N  P !"nQjVBfx1Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/ H**2nQ  N  P R!/7nQjVBfx2Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1  5d99**H3nQ  N  P !"nQjVBfx3Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**4nQ  N  P R!/7nQjVBfx4Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**H5nQ  N  P !"nQjVBfx5Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**6nQ  N  P R!/7nQjVBfx6Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**H7nQ  N  P !"nQjVBfx7Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**8nQ  N  P R!/7nQjVBfx8Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**H9nQ  N  P !"nQjVBfx9Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**:nQ  N  P R!/7nQjVBfx:Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**H;nQ  N  P !"nQjVBfx;Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**<nQ  N  P R!/7nQjVBfx<Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**H=nQ  N  P !"nQjVBfx=Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**>nQ  N  P R!/7nQjVBfx>Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**H?nQ  N  P !"nQjVBfx?Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**@nQ  N  P R!/7nQjVBfx@Microsoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**HAnQ  N  P !"nQjVBfxAMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**BnQ  N  P R!/7nQjVBfxBMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**HCnQ  N  P !"nQjVBfxCMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**DnQ  N  P R!/7nQjVBfxDMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**HEnQ  N  P !"nQjVBfxEMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**FnQ  N  P R!/7nQjVBfxFMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**HGnQ  N  P !"nQjVBfxGMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**HnQ  N  P R!/7nQjVBfxHMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**HInQ  N  P !"nQjVBfxIMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**JnQ  N  P R!/7nQjVBfxJMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**HKnQ  N  P !"nQjVBfxKMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**LnQ  N  P R!/7nQjVBfxLMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**HMnQ  N  P !"nQjVBfxMMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**NnQ  N  P R!/7nQjVBfxNMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**HOnQ  N  P !"nQjVBfxOMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**PnQ  N  P R!/7nQjVBfxPMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**HQnQ  N  P !"nQjVBfxQMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**RnQ  N  P R!/7nQjVBfxRMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**HSS  N  P !"SjVBfxSMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System M/H**TS  N  P R!/7SjVBfxTMicrosoft-Windows-Kernel-Processor-PowergQNo)H`'System ew 1 5d99**U}  N  , !b}jVBftUMicrosoft-Windows-Ntfsz?nMĂSystem ()'b0\\?\Volume{bb251ca8-84dc-11e8-80b3-806e6f6e6963}\Device\HarddiskVolume1**V  N  @ c!jVBftVMicrosoft-Windows-Kernel-GeneralOצ]System gkS݌gkSM4# ܔckA3%=HiveNameLength A'=HiveName A/!= OriginalSize A%=NewSize F#\SystemRoot\System32\config\DRIVERSD`D**W  Z& _!|@W 4DPlug and Playck(WЏLPlugPlay/4**X  Z& I!|@X 4D Powerck(WЏLPower/4**0Yy  Z& !|@yY 4D8DCOM Server Process Launcherck(WЏLDcomLaunch/40** Z+   Z& s!|@+ Z 4D&RPC Endpoint Mapperck(WЏLRpcEptMapper/4 ** [   Z& u!|@ [ 4D6Remote Procedure Call (RPC)ck(WЏLRpcSs/4 **\]  Z& e!|@]\ 4D* Local Session Managerck(WЏL LSM/4**]\SystemRoot\System32\Config\BBIp**Pbˇ  N  > K!ˇxbMicrosoft-Windows-FilterManagercIİSystem w7K, luafvL4UoP**cӇ  Z& g!|@Ӈc 4D"Windows Event Logck(WЏLEventLog/4**d܇  Z& M!|@܇d 4D Themesck(WЏLThemes/4**e=P  Z& m!|@=Pe 4D"COM+ Event Systemck(WЏLEventSystem/4**f=P  Z& k!|@=Pf 4D(User Profile Serviceck(WЏLProfSvc/4**g  Z& e!|@g 4D&Group Policy Clientck(WЏLgpsvc/4**(h  Z& !|@h 4DBSystem Event Notification Serviceck(WЏLSENS/4(**(i  Z& y!|@i 4D> Network Store Interface Serviceck(WЏL nsi/4(** je  Z& u!|@ej 4D4Windows Connection Managerck(WЏLWcmsvc/4 **ke  Z& m!|@ek 4D*TCP/IP NetBIOS Helperck(WЏLlmhosts/4**l  Z& Y!|@l 4DDNS Clientck(WЏLDnscache/4**@m{  N  : =!Dt {(mMicrosoft-Windows-Dhcp-ClientrNMfjSystem &!&| p)ck@**n{  N  > !>f {(nMicrosoft-Windows-DHCPv6-Client+jj8L\;gxSystem &!**o{  Z& S!|@{o 4DDHCP Clientck(WЏLDhcp/4**0p4  Z& !|@4p 4D0&Shell Hardware Detectionck(WЏL&ShellHWDetection/40**qu  Z& a!|@uq 4DTask Schedulerck(WЏLSchedule/4**(r  Z& {!|@r 4D4Windows Font Cache Serviceck(WЏLFontCache/4(**sM  Z& e!|@Ms 4D* Base Filtering Engineck(WЏL BFE/4**tCL>  Z& a!|@CL>t 4D Windows Firewallck(WЏLMpsSvc/4**uC  Z& m!|@Cu 4D(Workstationck(WЏL(LanmanWorkstation/4** vC  Z& q!|@Cv 4D2Security Accounts Managerck(WЏLSamSs/4 **wM 'NV'N6)V~%;%AMsj5http://schemas.microsoft.com/win/2004/08/events/eventAF=Microsoft-Windows-WinRMF&{A7975C8F-AC13-49F1-87DA-5A984A4AB417}WinRMAS t      ?Aj   AFFAF System(+WIN-00972SSK532At  ! l!'Mw Bs ݌Bs =z>UAA5k+=Started Listening**xJ]  Z& ]!|@J]x 4DPrint Spoolerck(WЏLSpooler/4** yK_  Z& q!|@K_y 4D,Cryptographic Servicesck(WЏLCryptSvc/4 **zwm  Z& o!|@wmz 4D"Remote Registryck(WЏL"RemoteRegistry/4** {wm  Z& u!|@wm{ 4D4Network Location Awarenessck(WЏLNlaSvc/4 **X|"u  Z& !|@"u| 4DP,WinHTTP Web Proxy Auto-Discovery Serviceck(WЏL,WinHttpAutoProxySvc/4X**0}I|  Z& !|@I|} 4D@Distributed Link Tracking Clientck(WЏLTrkWks/40**0~~  Z& !|@~~ 4DDWindows Management Instrumentationck(WЏLWinmgmt/40**S  Z& S!|@S 4DIP Helper\Pbkiphlpsvc/1**S  Z& W!oS 4D IP Helper%%1058iphlpsvc**  Z& Y!|@ 4D Serverck(WЏLLanmanServer/4**@  Z& !|@ 4DRWindows Remote Management (WS-Management)ck(WЏLWinRM/4@**(  Z& y!r N&N&@F&*N<0kA#=param1  cdrom(**־  Z& i!|@־ 4D(Device Setup Managerck(WЏLDsmSvc/4**8  Z& !|@ 4DDPortable Device Enumerator Serviceck(WЏLWPDBusEnum/48**p6ψ bgg$bgH~nLMAMsj5http://schemas.microsoft.com/win/2004/08/events/eventbAF=AS t      ?Aj   AFF AF  (+WIN-00972SSK532At  $F5DUserData!  2 @!]#N6ψHXMicrosoft-Windows-UserPnpP1~k'3A`InstallDeviceID}j:http://manifests.microsoft.com/win/2004/08/windows/userpnp(wM DriverName .D DriverVersion 0y9DriverProvider  < ([ SetupClass ,M RebootOption  .# UpgradeDevice  *Xk IsDriverOEM  .- InstallStatus 6MDriverDescription  \   "display.inf_amd64_74c972e5eb125870\display.inf6.3.9600.16384MicrosoftPCI\VEN_1A03&DEV_2000&SUBSYS_20001A03&REV_30\5&2E3743E8&0&0000E3h6M%+Microsoft W,g>f:yMhV8**( bg  2 !]#N((Microsoft-Windows-UserPnpP1~