ElfFilejElfChnkȰnGQOQWQ_Q'Qw/Q 7Qg ?Qo QW Q_ QGQOQQQQQQQQQQQQ%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-KernelQהQߔQǔQϔgP7 oP?!wP'"P/#GP$OP%WP&_P''Pw(/P)7Pg*?Po+PW,P_-PG.PO/P0P1P2P3P4P5P6P7P8P9P:P;Pו<Pߕ=PǕ>Pϕ?go7@C:\Windows\system32\dsc\PSDSCFileDownloadManagerEvents.dlloo?AC:\Windows\system32\Microsoft-Windows-System-Events.dllwo'BC:\Windows\system32\Microsoft-Windows-System-Events.dll-Mo/CC:\Windows\system32\PortableDeviceSyncProvider.dllF-HeGoDC:\Windows\system32\Microsoft-Windows-System-Events.dllOoEC:\Windows\system32\Microsoft-Windows-System-Events.dllWoFC:\Windows\system32\Microsoft-Windows-System-Events.dll_oGC:\Windows\system32\PortableDeviceSyncProvider.dll.dllCC'owHMicrosoft-Windows-RemoteApp and Desktop ConnectionsRemote/oIMicrosoft-Windows-RemoteDesktopServices-RdpCoreTSsRegsvr7ogJC:\Windows\system32\WindowsPowerShell\v1.0\PSEvents.dll?ooKC:\Windows\system32\PortableDeviceSyncProvider.dlltworoWLC:\Windows\system32\Microsoft-Windows-System-Events.dllo_MC:\Windows\system32\Microsoft-Windows-System-Events.dlloGNC:\Windows\system32\Microsoft-Windows-System-Events.dlloOO T@oTeTC:\Windows\system32\oobe\msoobedui.dlloPC:\Windows\system32\Microsoft-Windows-System-Events.dlloQC:\Windows\system32\Microsoft-Windows-System-Events.dlloRC:\Windows\system32\WindowsPowerShell\v1.0\PSEvents.dllrSoSC:\Windows\system32\WindowsPowerShell\v1.0\PSEvents.dlloT`}T To C:\Windows\system32\drivers\ndiswan.sysoUC:\Windows\system32\Microsoft-Windows-System-Events.dlleloVC:\Windows\system32\Microsoft-Windows-System-Events.dlloWC:\Windows\system32\Microsoft-Windows-System-Events.dllEDoX~T TnTC:\Windows\system32\oobe\msoobeplugins.dlloY^ToTI C:\Windows\system32\drivers\bridge.sysoZ@fT@pT*TC:\Windows\system32\Windows.Graphics.dllo[C:\Windows\system32\Microsoft-Windows-System-Events.dlleloז\C:\Windows\system32\Microsoft-Windows-System-Events.dlldmoߖ]yoTpՀT( C:\Windows\System32\Drivers\VerifierExt.sysoǖ^C:\Windows\system32\Microsoft-Windows-System-Events.dllreoϖ_C:\Windows\system32\Microsoft-Windows-System-Events.dllgn7`C:\Windows\system32\Microsoft-Windows-System-Events.dllon?aC:\Windows\system32\PortableDeviceSyncProvider.dll-Portabwn'bC:\Windows\system32\Microsoft-Windows-System-Events.dll4An/cC:\Windows\system32\Microsoft-Windows-System-Events.dll4DGndMicrosoft-Windows-Networking-RealTimeCommunication-NetworOneC:\Windows\system32\WindowsPowerShell\v1.0\PSEvents.dllrCWnfC:\Windows\system32\WindowsPowerShell\v1.0\PSEvents.dllng_ngC:\Windows\system32\WindowsPowerShell\v1.0\PSEvents.dll%4'nwhoT0pT3 C:\Windows\system32\drivers\ndiscap.sys/niC:\Windows\system32\Microsoft-Windows-System-Events.dll7ngjC:\Windows\system32\Microsoft-Windows-System-Events.dll?nokC:\Windows\system32\WindowsPowerShell\v1.0\PSEvents.dllrSnWlC:\Windows\system32\Microsoft-Windows-System-Events.dlln_mC:\Windows\system32\WindowsPowerShell\v1.0\PSEvents.dllnGnMicrosoft-Windows-RemoteDesktopServices-SessionServicestenOoT@fT9TC:\Windows\system32\Windows.Networking.dllnpMicrosoft-Windows-Runtime-Networking-BackgroundTransferimnqnT@fT{TC:\Windows\system32\Windows.Web.Http.dllnrC:\Windows\system32\Microsoft-Windows-System-Events.dllelnsC:\Windows\system32\Microsoft-Windows-System-Events.dllntC:\Windows\system32\Microsoft-Windows-System-Events.dllelnuC:\Windows\system32\Microsoft-Windows-System-Events.dllnvC:\Windows\system32\Microsoft-Windows-System-Events.dllnwC:\Windows\system32\Microsoft-Windows-System-Events.dllnxC:\Windows\system32\Microsoft-Windows-System-Events.dllnyC:\Windows\system32\Microsoft-Windows-System-Events.dllnzC:\Windows\system32\Microsoft-Windows-System-Events.dlln{yoT؀TTC:\Windows\System32\UserLanguagesCpl.dllnח|C:\Windows\system32\Microsoft-Windows-System-Events.dllLdnߗ}C:\Windows\system32\Microsoft-Windows-System-Events.dllnǗ~@fTpNTTC:\Windows\system32\wbem\mistreamprov.dllnϗC:\Windows\system32\Microsoft-Windows-System-Events.dll4Dgm7mT@fTTC:\Windows\system32\Configure-SMRemoting.exeom?ТoT{T C:\Windows\system32\drivers\tunnel.syswm'tTmTTC:\Windows\system32\wbem\silprovider.dllm/C:\Windows\system32\Windows.System.Profile.HardwareId.dllGm@fT C:\Windows\system32\drivers\tsusbflt.sysOmMicrosoft-Windows-TerminalServices-LocalSessionManagerllWm T jT| C:\Windows\system32\drivers\SerCx2.sys_mMicrosoft-Windows-TerminalServices-RdpSoundDrivers-Termin'mw -ToT C:\Windows\system32\drivers\ucx01000.sys/mC:\Windows\system32\Speech\Engines\TTS\MSTTSEngine.dll7mgC:\Windows\system32\Microsoft-Windows-System-Events.dllUI?moMicrosoft-Windows-ServerManager-ManagementProvider-Sens%4mWMicrosoft-Windows-SoftwareInventoryLogging-Providercrverm_C:\Windows\system32\microsoft-windows-sleepstudy-events.dllmGC:\Windows\system32\Microsoft-Windows-System-Events.dll4OmOMicrosoft-Windows-Security-SPP-UX-GenuineCenter-LoggingmwToTXTC:\Windows\system32\sysprep\sysprep.exemMicrosoft-Windows-TerminalServices-ClientActiveXCorealinmMicrosoft-Windows-TerminalServices-SessionBroker-Clienterm+T $T C:\Windows\system32\drivers\usbhub.sysmC:\Windows\system32\Microsoft-Windows-System-Events.dllllmC:\Windows\system32\Speech\Engines\TTS\MSTTSEngine.dlldllmMicrosoft-Windows-Security-Audit-Configuration-Clientntimm -T $T C:\Windows\system32\drivers\usbport.sysmgTTz C:\Windows\system32\drivers\sdstor.sysmMicrosoft-Windows-TerminalServices-ServerUSBDevicesaybackm4ToT C:\Windows\system32\drivers\usbstor.sysmMicrosoft-Windows-ServerManager-ConfigureSMRemotingmאC:\Windows\system32\Microsoft-Windows-System-Events.dllncmߐ4T -T C:\Windows\system32\drivers\vdrvroot.sysmǐC:\Windows\system32\Microsoft-Windows-System-Events.dll-LmϐC:\Windows\system32\PortableDeviceSyncProvider.dllWABSyngl7tT 4T C:\Windows\system32\drivers\smbdirect.sysol? 1ToTGTC:\Windows\System32\MsSpellCheckingHost.exewl' "TtTOTC:\Windows\System32\TieringEngineService.exel/gT ,TTC:\Windows\system32\Windows.UI.Search.dllGlC:\Windows\system32\Microsoft-Windows-System-Events.dllmsOloToTbTC:\Windows\system32\UIAutomationCore.dllWl -T+T C:\Windows\system32\drivers\usbxhci.sys_lC:\Windows\system32\UserAccountControlSettings.dll.dll'lwoTtT C:\Windows\system32\drivers\mrxsmb.sys/l "T C:\Windows\system32\drivers\volsnap.sys7lg*tT`tTTC:\Windows\system32\ConnectedAccountState.dll?lomTrTTC:\Windows\system32\wbem\MgmtProvider.dlllWC:\Windows\system32\Microsoft-Windows-System-Events.dll Pl_C:\Windows\system32\Microsoft-Windows-System-Events.dllUSlGC:\Windows\system32\UserAccountControlSettings.dll.dllnclO+T)T C:\Windows\System32\drivers\usbhub3.syslC:\Windows\system32\UserAccountControlSettings.dll-USB-UCloT 1T C:\Windows\system32\drivers\spaceport.syslC:\Windows\system32\Microsoft-Windows-System-Events.dllrel=T0T C:\Windows\system32\drivers\classpnp.syslMicrosoft-Windows-TerminalServices-ClientUSBDevicesShell-lC:\Windows\system32\UserAccountControlSettings.dllicAutolC:\Windows\system32\Microsoft-Windows-System-Events.dllinlMicrosoft-Windows-Websocket-Protocol-Component/Tracing%4OlC:\Windows\System32\wbem\VpnClientPSProvider.dllalserMolC:\Windows\system32\Microsoft-Windows-System-Events.dllinlMicrosoft-Windows-ServerManager-DeploymentProviderl 1T0T C:\Windows\system32\drivers\storport.syslבC:\Windows\system32\Speech\Engines\TTS\MSTTSEngine.dllinlߑC:\Windows\system32\Speech\Engines\TTS\MSTTSEngine.dlllǑ{ToT C:\Windows\system32\drivers\tsusbhub.syslϑC:\Windows\system32\Speech\Engines\TTS\MSTTSEngine.dllgk7C:\Windows\System32\wbem\VpnClientPSProvider.dllok? oTTTC:\Windows\system32\WABSyncProvider.dllwk'%SystemRoot%\System32\Winevt\Logs\WitnessClientAdmin.evtxk/C:\Windows\System32\wbem\VpnClientPSProvider.dllws-VolumeGkMicrosoft Windows.Globalization API Analytic Channel ChanOk%SystemRoot%\System32\Winevt\Logs\Windows.Globalization%4AWkpT4TkTC:\Windows\system32\oobe\windeploy.exe_k%SystemRoot%\System32\Winevt\Logs\WINDOWS_WMPHOTO_CHANNEL'kwSOFTWARE\Microsoft\Windows\CurrentVersion\WINEVTws-Win32k/kMicrosoft Windows.Globalization API Analytic Channel7kgSOFTWARE\Microsoft\Windows\CurrentVersion\WINEVTws-WinRM%?koC:\Windows\System32\wbem\VpnClientPSProvider.dllkW%SystemRoot%\System32\Winevt\Logs\Windows.Globalization%4Ak_%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-WMI-AckGSOFTWARE\Microsoft\Windows\CurrentVersion\WINEVTws-WordpakO%SystemRoot%\System32\Winevt\Logs\SystemEventsBroker.etlkpTpT& C:\Windows\system32\drivers\ndisuio.syskC:\Windows\system32\SystemEventsBrokerServer.dllP%4AkSOFTWARE\Microsoft\Windows\CurrentVersion\WINEVTedkC:\Windows\System32\wbem\VpnClientPSProvider.dllkC:\Windows\System32\wbem\VpnClientPSProvider.dllk%SystemRoot%\System32\Winevt\Logs\WitnessClientAdmin.evtxk%SystemRoot%\System32\Winevt\Logs\UIManager_Channel.etlttkpTTC:\Windows\System32\Windows.Globalization.dllk%SystemRoot%\System32\Winevt\Logs\WitnessClientAdmin.evtxkC:\Windows\system32\SystemEventsBrokerServer.dllalyticowkKTTTC:\Windows\system32\msctfuimanager.dllk\??\C:\Windows\System32\zh-CN\Windows.Globalization.dll.muikג{548c4417-ce45-41ff-99dd-528f01ce0fe1}Analytic.etlUSA%4kߒC:\Windows\System32\wbem\VpnClientPSProvider.dllkǒ{32254f6c-aa33-46f0-a5e3-1cbcc74bf683}ger_Channel.etllkϒC:\Windows\system32\SystemEventsBrokerServer.dlletling%4gj7C:\Windows\system32\SystemEventsBrokerServer.dllnaloj?C:\Windows\system32\SystemEventsBrokerServer.dllws-Wordpawj'C:\Windows\system32\SystemEventsBrokerServer.dllrd_Managej/C:\Windows\system32\SystemEventsBrokerServer.dlldlletlcGj%SystemRoot%\System32\Winevt\Logs\WINDOWS_KS_CHANNEL.etlcOjC:\Windows\system32\SystemEventsBrokerServer.dllding.etlWj%SystemRoot%\System32\Winevt\Logs\WINDOWS_WMPHOTO_CHANNEL_jSOFTWARE\Microsoft\Windows\CurrentVersion\WINEVTC'jwPTT C:\Windows\system32\drivers\winnat.sys/jSOFTWARE\Microsoft\Windows\CurrentVersion\WINEVTdll.etl7jgC:\Program Files\Windows NT\Accessories\WORDPAD.EXEWired-?jopTpTTTC:\Windows\system32\deviceregistration.dlljW%SystemRoot%\System32\Winevt\Logs\UIManager_Channel.etlatj_T CTxTC:\Windows\system32\Windows.UI.Immersive.dlljGC:\Program Files\Windows NT\Accessories\WORDPAD.EXEPHOSjOC:\Windows\system32\SystemEventsBrokerServer.dllws-WordpajSOFTWARE\Microsoft\Windows\CurrentVersion\WINEVTnded.etlj{be3a31ea-aa6c-4196-9dcc-9ca13a49e09f}S_KS_CHANNEL.etlej%SystemRoot%\System32\Winevt\Logs\WINDOWS_KS_CHANNEL.etljC:\Program Files\Windows NT\Accessories\WORDPAD.EXEWinNatjC:\Windows\system32\SystemEventsBrokerServer.dllcensing%4jC:\Program Files\Windows NT\Accessories\WORDPAD.EXEjpT HT^TC:\Windows\system32\windows.ui.xaml.dlljMicrosoft Windows.Globalization API Analytic Channelj%SystemRoot%\System32\Winevt\Logs\RTWorkQueueExtended.etljC:\Windows\system32\SystemEventsBrokerServer.dllws-Win32kj%SystemRoot%\System32\Winevt\Logs\OSK_SoftKeyboard_Channelj%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-Wordpajד{e978f84e-582d-4167-977e-32af52706888}n\WINEVTXEWMI-Acjߓ%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-XAML%4jǓSOFTWARE\Microsoft\Windows\CurrentVersion\WINEVTws-WordpaboL:HTT ЭH_Tfi5Microsoft-Windows-Security-SPP-UX-Notifications(A;;ai:7oT0oT TC:\Windows\system32\werfault.exehi#SC:\Windows\system32\Configure-SMRemoting.exeexesi(nTTTC:\Windows\system32\scwengb.dllziY@fTPzTs C:\Windows\system32\drivers\rdbss.sysEi;C:\Windows\system32\Configure-SMRemoting.exetic2-Li3C:\Windows\system32\wbem\MgmtProvider.dllvider0Wi0C:\Windows\system32\wbem\MgmtProvider.dllProvider0^i ;C:\Windows\system32\Configure-SMRemoting.exeYir- Microsoft-Windows-ServerManager-MultiMachine-1-15-2 i{) Microsoft-Windows-ServerEssentials-Deployments.mui+i`) qT qTTC:\Windows\system32\racengn.dll2iix C:\Windows\system32\Windows.Networking.dllui=in C:\Windows\system32\Configure-SMRemoting.exeiWPzTnTTC:\Windows\system32\RfxVmt.dlli\C:\Windows\system32\Windows.Graphics.dllglrTS(AiE0C:\Windows\system32\Windows.Web.Http.dllggRRiJC:\Windows\system32\Windows.Web.Http.dllcingiip`aTTTC:\Windows\system32\auditcse.dlliC:\Windows\system32\wbem\MgmtProvider.dlldlliderfiWMicrosoft-Windows-Reliability-Analysis-EngineiC:\Windows\system32\Windows.Graphics.dllreTSiC:\Windows\system32\Windows.Networking.dll;;SY)(A;;i7 TnT5TC:\Windows\system32\sppsvc.exeiS #T jTTC:\Windows\System32\vaultcli.dlli TsT C:\Windows\system32\WSEDeployRes.dlliYC:\Windows\system32\wbem\MgmtProvider.dll;;;SU)i;C:\Windows\system32\Windows.Networking.dll-5-32-i3C:\Windows\system32\Configure-SMRemoting.exe)(A;;0i0C:\Windows\system32\Configure-SMRemoting.exeR \MicisC:\Windows\system32\wbem\MgmtProvider.dll.muit-in "T@fTTC:\Windows\system32\SrvMgrInst.dlliՔ) PzT~TFTC:\Windows\system32\RdpCoreTS.dlliڔ)! T@fT*TC:\Windows\system32\sppcommdlg.dlliÔx"Microsoft-Windows-Serial-ClassExtension-V2ierx2;;;iȔ1#C:\Windows\system32\Windows.Web.Http.dll0x7;;;SO)(Ai10$Microsoft-Windows-SecuriT@TpT}TPT rT TT *TT/T`TT5TT``T`sTTT0TTTTPTTp| P Td! Td  d# $Td"Td%-Td$ d' d&GTd)GTd(Td+8Td*| d-Td,Td/)Td. dT