ofs | hex dump | ascii |
---|
0000 | 21 3c 61 72 63 68 3e 0a 2f 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 31 34 38 36 30 36 37 37 | !<arch>./...............14860677 |
0020 | 35 30 20 20 30 20 20 20 20 20 30 20 20 20 20 20 30 20 20 20 20 20 20 20 32 38 36 34 20 20 20 20 | 50..0.....0.....0.......2864.... |
0040 | 20 20 60 0a 00 00 00 5c 00 00 0b 74 00 00 0d f6 00 00 10 c2 00 00 10 c2 00 00 13 7c 00 00 13 7c | ..`....\...t...............|...| |
0060 | 00 00 16 2a 00 00 16 2a 00 00 18 fe 00 00 18 fe 00 00 1b da 00 00 1b da 00 00 1e 7a 00 00 1e 7a | ...*...*...................z...z |
0080 | 00 00 21 3e 00 00 21 3e 00 00 23 e2 00 00 23 e2 00 00 26 84 00 00 26 84 00 00 29 3a 00 00 29 3a | ..!>..!>..#...#...&...&...):..): |
00a0 | 00 00 2c 0c 00 00 2c 0c 00 00 2e d0 00 00 2e d0 00 00 31 7a 00 00 31 7a 00 00 34 4a 00 00 34 4a | ..,...,...........1z..1z..4J..4J |
00c0 | 00 00 37 0a 00 00 37 0a 00 00 39 d0 00 00 39 d0 00 00 3c 92 00 00 3c 92 00 00 3f 56 00 00 3f 56 | ..7...7...9...9...<...<...?V..?V |
00e0 | 00 00 42 18 00 00 42 18 00 00 44 b8 00 00 44 b8 00 00 47 a4 00 00 47 a4 00 00 4a 68 00 00 4a 68 | ..B...B...D...D...G...G...Jh..Jh |
0100 | 00 00 4d 2c 00 00 4d 2c 00 00 50 14 00 00 50 14 00 00 53 0a 00 00 53 0a 00 00 55 f4 00 00 55 f4 | ..M,..M,..P...P...S...S...U...U. |
0120 | 00 00 58 da 00 00 58 da 00 00 5b aa 00 00 5b aa 00 00 5e 6c 00 00 5e 6c 00 00 61 24 00 00 61 24 | ..X...X...[...[...^l..^l..a$..a$ |
0140 | 00 00 64 0c 00 00 64 0c 00 00 66 d2 00 00 66 d2 00 00 69 a6 00 00 69 a6 00 00 6c 56 00 00 6c 56 | ..d...d...f...f...i...i...lV..lV |
0160 | 00 00 6f 1c 00 00 6f 1c 00 00 71 f8 00 00 71 f8 00 00 74 b0 00 00 74 b0 00 00 77 8c 00 00 77 8c | ..o...o...q...q...t...t...w...w. |
0180 | 00 00 7a 46 00 00 7a 46 00 00 7c f4 00 00 7c f4 00 00 7f c2 00 00 7f c2 00 00 82 7c 00 00 82 7c | ..zF..zF..|...|............|...| |
01a0 | 00 00 85 1c 00 00 85 1c 00 00 87 c8 00 00 87 c8 00 00 8a 6a 00 00 8a 6a 5f 5f 6c 69 62 33 32 5f | ...................j...j__lib32_ |
01c0 | 6c 69 62 77 65 76 74 61 70 69 5f 61 5f 69 6e 61 6d 65 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f | libwevtapi_a_iname.__head_lib32_ |
01e0 | 6c 69 62 77 65 76 74 61 70 69 5f 61 00 5f 45 76 74 55 70 64 61 74 65 42 6f 6f 6b 6d 61 72 6b 40 | libwevtapi_a._EvtUpdateBookmark@ |
0200 | 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 55 70 64 61 74 65 42 6f 6f 6b 6d 61 72 6b 40 38 00 5f 45 76 | 8.__imp__EvtUpdateBookmark@8._Ev |
0220 | 74 53 75 62 73 63 72 69 62 65 40 33 32 00 5f 5f 69 6d 70 5f 5f 45 76 74 53 75 62 73 63 72 69 62 | tSubscribe@32.__imp__EvtSubscrib |
0240 | 65 40 33 32 00 5f 45 76 74 53 65 74 4f 62 6a 65 63 74 41 72 72 61 79 50 72 6f 70 65 72 74 79 40 | e@32._EvtSetObjectArrayProperty@ |
0260 | 32 30 00 5f 5f 69 6d 70 5f 5f 45 76 74 53 65 74 4f 62 6a 65 63 74 41 72 72 61 79 50 72 6f 70 65 | 20.__imp__EvtSetObjectArrayPrope |
0280 | 72 74 79 40 32 30 00 5f 45 76 74 53 65 74 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 67 50 72 6f 70 65 | rty@20._EvtSetChannelConfigPrope |
02a0 | 72 74 79 40 31 36 00 5f 5f 69 6d 70 5f 5f 45 76 74 53 65 74 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 | rty@16.__imp__EvtSetChannelConfi |
02c0 | 67 50 72 6f 70 65 72 74 79 40 31 36 00 5f 45 76 74 53 65 65 6b 40 32 34 00 5f 5f 69 6d 70 5f 5f | gProperty@16._EvtSeek@24.__imp__ |
02e0 | 45 76 74 53 65 65 6b 40 32 34 00 5f 45 76 74 53 61 76 65 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 67 | EvtSeek@24._EvtSaveChannelConfig |
0300 | 40 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 53 61 76 65 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 67 40 38 | @8.__imp__EvtSaveChannelConfig@8 |
0320 | 00 5f 45 76 74 52 65 6e 64 65 72 40 32 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 52 65 6e 64 65 72 40 | ._EvtRender@28.__imp__EvtRender@ |
0340 | 32 38 00 5f 45 76 74 51 75 65 72 79 40 31 36 00 5f 5f 69 6d 70 5f 5f 45 76 74 51 75 65 72 79 40 | 28._EvtQuery@16.__imp__EvtQuery@ |
0360 | 31 36 00 5f 45 76 74 4f 70 65 6e 53 65 73 73 69 6f 6e 40 31 36 00 5f 5f 69 6d 70 5f 5f 45 76 74 | 16._EvtOpenSession@16.__imp__Evt |
0380 | 4f 70 65 6e 53 65 73 73 69 6f 6e 40 31 36 00 5f 45 76 74 4f 70 65 6e 50 75 62 6c 69 73 68 65 72 | OpenSession@16._EvtOpenPublisher |
03a0 | 4d 65 74 61 64 61 74 61 40 32 30 00 5f 5f 69 6d 70 5f 5f 45 76 74 4f 70 65 6e 50 75 62 6c 69 73 | Metadata@20.__imp__EvtOpenPublis |
03c0 | 68 65 72 4d 65 74 61 64 61 74 61 40 32 30 00 5f 45 76 74 4f 70 65 6e 50 75 62 6c 69 73 68 65 72 | herMetadata@20._EvtOpenPublisher |
03e0 | 45 6e 75 6d 40 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 4f 70 65 6e 50 75 62 6c 69 73 68 65 72 45 6e | Enum@8.__imp__EvtOpenPublisherEn |
0400 | 75 6d 40 38 00 5f 45 76 74 4f 70 65 6e 4c 6f 67 40 31 32 00 5f 5f 69 6d 70 5f 5f 45 76 74 4f 70 | um@8._EvtOpenLog@12.__imp__EvtOp |
0420 | 65 6e 4c 6f 67 40 31 32 00 5f 45 76 74 4f 70 65 6e 45 76 65 6e 74 4d 65 74 61 64 61 74 61 45 6e | enLog@12._EvtOpenEventMetadataEn |
0440 | 75 6d 40 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 4f 70 65 6e 45 76 65 6e 74 4d 65 74 61 64 61 74 61 | um@8.__imp__EvtOpenEventMetadata |
0460 | 45 6e 75 6d 40 38 00 5f 45 76 74 4f 70 65 6e 43 68 61 6e 6e 65 6c 45 6e 75 6d 40 38 00 5f 5f 69 | Enum@8._EvtOpenChannelEnum@8.__i |
0480 | 6d 70 5f 5f 45 76 74 4f 70 65 6e 43 68 61 6e 6e 65 6c 45 6e 75 6d 40 38 00 5f 45 76 74 4f 70 65 | mp__EvtOpenChannelEnum@8._EvtOpe |
04a0 | 6e 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 67 40 31 32 00 5f 5f 69 6d 70 5f 5f 45 76 74 4f 70 65 6e | nChannelConfig@12.__imp__EvtOpen |
04c0 | 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 67 40 31 32 00 5f 45 76 74 4e 65 78 74 50 75 62 6c 69 73 68 | ChannelConfig@12._EvtNextPublish |
04e0 | 65 72 49 64 40 31 36 00 5f 5f 69 6d 70 5f 5f 45 76 74 4e 65 78 74 50 75 62 6c 69 73 68 65 72 49 | erId@16.__imp__EvtNextPublisherI |
0500 | 64 40 31 36 00 5f 45 76 74 4e 65 78 74 45 76 65 6e 74 4d 65 74 61 64 61 74 61 40 38 00 5f 5f 69 | d@16._EvtNextEventMetadata@8.__i |
0520 | 6d 70 5f 5f 45 76 74 4e 65 78 74 45 76 65 6e 74 4d 65 74 61 64 61 74 61 40 38 00 5f 45 76 74 4e | mp__EvtNextEventMetadata@8._EvtN |
0540 | 65 78 74 43 68 61 6e 6e 65 6c 50 61 74 68 40 31 36 00 5f 5f 69 6d 70 5f 5f 45 76 74 4e 65 78 74 | extChannelPath@16.__imp__EvtNext |
0560 | 43 68 61 6e 6e 65 6c 50 61 74 68 40 31 36 00 5f 45 76 74 4e 65 78 74 40 32 34 00 5f 5f 69 6d 70 | ChannelPath@16._EvtNext@24.__imp |
0580 | 5f 5f 45 76 74 4e 65 78 74 40 32 34 00 5f 45 76 74 49 6e 74 57 72 69 74 65 58 6d 6c 45 76 65 6e | __EvtNext@24._EvtIntWriteXmlEven |
05a0 | 74 54 6f 4c 6f 63 61 6c 4c 6f 67 66 69 6c 65 40 31 32 00 5f 5f 69 6d 70 5f 5f 45 76 74 49 6e 74 | tToLocalLogfile@12.__imp__EvtInt |
05c0 | 57 72 69 74 65 58 6d 6c 45 76 65 6e 74 54 6f 4c 6f 63 61 6c 4c 6f 67 66 69 6c 65 40 31 32 00 5f | WriteXmlEventToLocalLogfile@12._ |
05e0 | 45 76 74 49 6e 74 53 79 73 70 72 65 70 43 6c 65 61 6e 75 70 40 30 00 5f 5f 69 6d 70 5f 5f 45 76 | EvtIntSysprepCleanup@0.__imp__Ev |
0600 | 74 49 6e 74 53 79 73 70 72 65 70 43 6c 65 61 6e 75 70 40 30 00 5f 45 76 74 49 6e 74 52 65 74 72 | tIntSysprepCleanup@0._EvtIntRetr |
0620 | 61 63 74 43 6f 6e 66 69 67 40 31 32 00 5f 5f 69 6d 70 5f 5f 45 76 74 49 6e 74 52 65 74 72 61 63 | actConfig@12.__imp__EvtIntRetrac |
0640 | 74 43 6f 6e 66 69 67 40 31 32 00 5f 45 76 74 49 6e 74 52 65 70 6f 72 74 45 76 65 6e 74 41 6e 64 | tConfig@12._EvtIntReportEventAnd |
0660 | 53 6f 75 72 63 65 41 73 79 6e 63 40 34 34 00 5f 5f 69 6d 70 5f 5f 45 76 74 49 6e 74 52 65 70 6f | SourceAsync@44.__imp__EvtIntRepo |
0680 | 72 74 45 76 65 6e 74 41 6e 64 53 6f 75 72 63 65 41 73 79 6e 63 40 34 34 00 5f 45 76 74 49 6e 74 | rtEventAndSourceAsync@44._EvtInt |
06a0 | 52 65 70 6f 72 74 41 75 74 68 7a 45 76 65 6e 74 41 6e 64 53 6f 75 72 63 65 41 73 79 6e 63 40 34 | ReportAuthzEventAndSourceAsync@4 |
06c0 | 34 00 5f 5f 69 6d 70 5f 5f 45 76 74 49 6e 74 52 65 70 6f 72 74 41 75 74 68 7a 45 76 65 6e 74 41 | 4.__imp__EvtIntReportAuthzEventA |
06e0 | 6e 64 53 6f 75 72 63 65 41 73 79 6e 63 40 34 34 00 5f 45 76 74 49 6e 74 52 65 6e 64 65 72 52 65 | ndSourceAsync@44._EvtIntRenderRe |
0700 | 73 6f 75 72 63 65 45 76 65 6e 74 54 65 6d 70 6c 61 74 65 40 30 00 5f 5f 69 6d 70 5f 5f 45 76 74 | sourceEventTemplate@0.__imp__Evt |
0720 | 49 6e 74 52 65 6e 64 65 72 52 65 73 6f 75 72 63 65 45 76 65 6e 74 54 65 6d 70 6c 61 74 65 40 30 | IntRenderResourceEventTemplate@0 |
0740 | 00 5f 45 76 74 49 6e 74 47 65 74 43 6c 61 73 73 69 63 4c 6f 67 44 69 73 70 6c 61 79 4e 61 6d 65 | ._EvtIntGetClassicLogDisplayName |
0760 | 40 32 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 49 6e 74 47 65 74 43 6c 61 73 73 69 63 4c 6f 67 44 69 | @28.__imp__EvtIntGetClassicLogDi |
0780 | 73 70 6c 61 79 4e 61 6d 65 40 32 38 00 5f 45 76 74 49 6e 74 43 72 65 61 74 65 4c 6f 63 61 6c 4c | splayName@28._EvtIntCreateLocalL |
07a0 | 6f 67 66 69 6c 65 40 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 49 6e 74 43 72 65 61 74 65 4c 6f 63 61 | ogfile@8.__imp__EvtIntCreateLoca |
07c0 | 6c 4c 6f 67 66 69 6c 65 40 38 00 5f 45 76 74 49 6e 74 41 73 73 65 72 74 43 6f 6e 66 69 67 40 31 | lLogfile@8._EvtIntAssertConfig@1 |
07e0 | 32 00 5f 5f 69 6d 70 5f 5f 45 76 74 49 6e 74 41 73 73 65 72 74 43 6f 6e 66 69 67 40 31 32 00 5f | 2.__imp__EvtIntAssertConfig@12._ |
0800 | 45 76 74 47 65 74 51 75 65 72 79 49 6e 66 6f 40 32 30 00 5f 5f 69 6d 70 5f 5f 45 76 74 47 65 74 | EvtGetQueryInfo@20.__imp__EvtGet |
0820 | 51 75 65 72 79 49 6e 66 6f 40 32 30 00 5f 45 76 74 47 65 74 50 75 62 6c 69 73 68 65 72 4d 65 74 | QueryInfo@20._EvtGetPublisherMet |
0840 | 61 64 61 74 61 50 72 6f 70 65 72 74 79 40 32 34 00 5f 5f 69 6d 70 5f 5f 45 76 74 47 65 74 50 75 | adataProperty@24.__imp__EvtGetPu |
0860 | 62 6c 69 73 68 65 72 4d 65 74 61 64 61 74 61 50 72 6f 70 65 72 74 79 40 32 34 00 5f 45 76 74 47 | blisherMetadataProperty@24._EvtG |
0880 | 65 74 4f 62 6a 65 63 74 41 72 72 61 79 53 69 7a 65 40 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 47 65 | etObjectArraySize@8.__imp__EvtGe |
08a0 | 74 4f 62 6a 65 63 74 41 72 72 61 79 53 69 7a 65 40 38 00 5f 45 76 74 47 65 74 4f 62 6a 65 63 74 | tObjectArraySize@8._EvtGetObject |
08c0 | 41 72 72 61 79 50 72 6f 70 65 72 74 79 40 32 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 47 65 74 4f 62 | ArrayProperty@28.__imp__EvtGetOb |
08e0 | 6a 65 63 74 41 72 72 61 79 50 72 6f 70 65 72 74 79 40 32 38 00 5f 45 76 74 47 65 74 4c 6f 67 49 | jectArrayProperty@28._EvtGetLogI |
0900 | 6e 66 6f 40 32 30 00 5f 5f 69 6d 70 5f 5f 45 76 74 47 65 74 4c 6f 67 49 6e 66 6f 40 32 30 00 5f | nfo@20.__imp__EvtGetLogInfo@20._ |
0920 | 45 76 74 47 65 74 45 78 74 65 6e 64 65 64 53 74 61 74 75 73 40 31 32 00 5f 5f 69 6d 70 5f 5f 45 | EvtGetExtendedStatus@12.__imp__E |
0940 | 76 74 47 65 74 45 78 74 65 6e 64 65 64 53 74 61 74 75 73 40 31 32 00 5f 45 76 74 47 65 74 45 76 | vtGetExtendedStatus@12._EvtGetEv |
0960 | 65 6e 74 4d 65 74 61 64 61 74 61 50 72 6f 70 65 72 74 79 40 32 34 00 5f 5f 69 6d 70 5f 5f 45 76 | entMetadataProperty@24.__imp__Ev |
0980 | 74 47 65 74 45 76 65 6e 74 4d 65 74 61 64 61 74 61 50 72 6f 70 65 72 74 79 40 32 34 00 5f 45 76 | tGetEventMetadataProperty@24._Ev |
09a0 | 74 47 65 74 45 76 65 6e 74 49 6e 66 6f 40 32 30 00 5f 5f 69 6d 70 5f 5f 45 76 74 47 65 74 45 76 | tGetEventInfo@20.__imp__EvtGetEv |
09c0 | 65 6e 74 49 6e 66 6f 40 32 30 00 5f 45 76 74 47 65 74 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 67 50 | entInfo@20._EvtGetChannelConfigP |
09e0 | 72 6f 70 65 72 74 79 40 32 34 00 5f 5f 69 6d 70 5f 5f 45 76 74 47 65 74 43 68 61 6e 6e 65 6c 43 | roperty@24.__imp__EvtGetChannelC |
0a00 | 6f 6e 66 69 67 50 72 6f 70 65 72 74 79 40 32 34 00 5f 45 76 74 46 6f 72 6d 61 74 4d 65 73 73 61 | onfigProperty@24._EvtFormatMessa |
0a20 | 67 65 40 33 36 00 5f 5f 69 6d 70 5f 5f 45 76 74 46 6f 72 6d 61 74 4d 65 73 73 61 67 65 40 33 36 | ge@36.__imp__EvtFormatMessage@36 |
0a40 | 00 5f 45 76 74 45 78 70 6f 72 74 4c 6f 67 40 32 30 00 5f 5f 69 6d 70 5f 5f 45 76 74 45 78 70 6f | ._EvtExportLog@20.__imp__EvtExpo |
0a60 | 72 74 4c 6f 67 40 32 30 00 5f 45 76 74 43 72 65 61 74 65 52 65 6e 64 65 72 43 6f 6e 74 65 78 74 | rtLog@20._EvtCreateRenderContext |
0a80 | 40 31 32 00 5f 5f 69 6d 70 5f 5f 45 76 74 43 72 65 61 74 65 52 65 6e 64 65 72 43 6f 6e 74 65 78 | @12.__imp__EvtCreateRenderContex |
0aa0 | 74 40 31 32 00 5f 45 76 74 43 72 65 61 74 65 42 6f 6f 6b 6d 61 72 6b 40 34 00 5f 5f 69 6d 70 5f | t@12._EvtCreateBookmark@4.__imp_ |
0ac0 | 5f 45 76 74 43 72 65 61 74 65 42 6f 6f 6b 6d 61 72 6b 40 34 00 5f 45 76 74 43 6c 6f 73 65 40 34 | _EvtCreateBookmark@4._EvtClose@4 |
0ae0 | 00 5f 5f 69 6d 70 5f 5f 45 76 74 43 6c 6f 73 65 40 34 00 5f 45 76 74 43 6c 65 61 72 4c 6f 67 40 | .__imp__EvtClose@4._EvtClearLog@ |
0b00 | 31 36 00 5f 5f 69 6d 70 5f 5f 45 76 74 43 6c 65 61 72 4c 6f 67 40 31 36 00 5f 45 76 74 43 61 6e | 16.__imp__EvtClearLog@16._EvtCan |
0b20 | 63 65 6c 40 34 00 5f 5f 69 6d 70 5f 5f 45 76 74 43 61 6e 63 65 6c 40 34 00 5f 45 76 74 41 72 63 | cel@4.__imp__EvtCancel@4._EvtArc |
0b40 | 68 69 76 65 45 78 70 6f 72 74 65 64 4c 6f 67 40 31 36 00 5f 5f 69 6d 70 5f 5f 45 76 74 41 72 63 | hiveExportedLog@16.__imp__EvtArc |
0b60 | 68 69 76 65 45 78 70 6f 72 74 65 64 4c 6f 67 40 31 36 00 00 64 74 68 76 74 2e 6f 2f 20 20 20 20 | hiveExportedLog@16..dthvt.o/.... |
0b80 | 20 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 | ....1486067750..18779.5000..1006 |
0ba0 | 34 34 20 20 35 38 31 20 20 20 20 20 20 20 60 0a 4c 01 06 00 00 00 00 00 18 01 00 00 0f 00 00 00 | 44..581.......`.L............... |
0bc0 | 00 00 05 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .....text....................... |
0be0 | 00 00 00 00 00 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ..........0`.data............... |
0c00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 | ................@.0..bss........ |
0c20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 | ..........................0..ida |
0c40 | 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 04 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ta$4............................ |
0c60 | 40 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 08 01 00 00 00 00 00 00 | @.0..idata$5.................... |
0c80 | 00 00 00 00 00 00 00 00 40 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 0c 00 00 00 | ........@.0..idata$7............ |
0ca0 | 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 77 65 76 74 | ................@.0.........wevt |
0cc0 | 61 70 69 2e 64 6c 6c 00 2e 66 69 6c 65 00 00 00 00 00 00 00 fe ff 00 00 67 01 66 61 6b 65 00 00 | api.dll..file...........g.fake.. |
0ce0 | 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 01 00 00 | .............text............... |
0d00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 | .................data........... |
0d20 | 03 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 62 73 73 00 00 00 00 00 00 00 00 | .....................bss........ |
0d40 | 03 00 00 00 03 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 69 64 61 74 61 24 34 | .........................idata$4 |
0d60 | 00 00 00 00 04 00 00 00 03 01 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 69 64 61 | .............................ida |
0d80 | 74 61 24 35 00 00 00 00 05 00 00 00 03 01 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ta$5............................ |
0da0 | 2e 69 64 61 74 61 24 37 00 00 00 00 06 00 00 00 03 01 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 | .idata$7........................ |
0dc0 | 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 06 00 00 00 02 00 1f 00 00 00 5f 5f 6c 69 62 33 | ..........................__lib3 |
0de0 | 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 5f 69 6e 61 6d 65 00 0a 64 74 68 76 68 2e 6f 2f 20 20 | 2_libwevtapi_a_iname..dthvh.o/.. |
0e00 | 20 20 20 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 | ......1486067750..18779.5000..10 |
0e20 | 30 36 34 34 20 20 36 35 35 20 20 20 20 20 20 20 60 0a 4c 01 06 00 00 00 00 00 36 01 00 00 10 00 | 0644..655.......`.L.......6..... |
0e40 | 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .......text..................... |
0e60 | 00 00 00 00 00 00 00 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 | ............0`.data............. |
0e80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 | ..................@.0..bss...... |
0ea0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 | ............................0..i |
0ec0 | 64 61 74 61 24 32 00 00 00 00 00 00 00 00 14 00 00 00 04 01 00 00 18 01 00 00 00 00 00 00 03 00 | data$2.......................... |
0ee0 | 00 00 40 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ..@.0..idata$5.................. |
0f00 | 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 00 00 | ..........@.0..idata$4.......... |
0f20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 | ..................@.0........... |
0f40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 07 00 0c 00 00 00 0f 00 00 00 07 00 10 00 | ................................ |
0f60 | 00 00 0d 00 00 00 07 00 2e 66 69 6c 65 00 00 00 00 00 00 00 fe ff 00 00 67 01 66 61 6b 65 00 00 | .........file...........g.fake.. |
0f80 | 00 00 00 00 00 00 00 00 00 00 00 00 68 6e 61 6d 65 00 00 00 00 00 00 00 06 00 00 00 03 00 66 74 | ............hname.............ft |
0fa0 | 68 75 6e 6b 00 00 00 00 00 00 05 00 00 00 03 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 | hunk.............text........... |
0fc0 | 03 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 64 61 74 61 00 00 00 00 00 00 00 | .....................data....... |
0fe0 | 02 00 00 00 03 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 62 73 73 00 00 00 00 | .........................bss.... |
1000 | 00 00 00 00 03 00 00 00 03 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 69 64 61 | .............................ida |
1020 | 74 61 24 32 00 00 00 00 04 00 00 00 03 01 14 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 | ta$2............................ |
1040 | 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 | .idata$4...........idata$5...... |
1060 | 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 04 00 00 00 02 00 00 00 00 00 1e 00 00 00 00 00 | ................................ |
1080 | 00 00 00 00 00 00 02 00 39 00 00 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 | ........9...__head_lib32_libwevt |
10a0 | 61 70 69 5f 61 00 5f 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 5f 69 6e 61 6d 65 | api_a.__lib32_libwevtapi_a_iname |
10c0 | 00 0a 64 74 68 76 73 30 30 30 34 34 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 | ..dthvs00044.o/...1486067750..18 |
10e0 | 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 33 38 20 20 20 20 20 20 20 60 0a 4c 01 | 779.5000..100644..638.......`.L. |
1100 | 07 00 00 00 00 00 7c 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 | ......|............text......... |
1120 | 00 00 08 00 00 00 2c 01 00 00 54 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 | ......,...T.............0`.data. |
1140 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 | ..............................@. |
1160 | 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 0..bss.......................... |
1180 | 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 | ........0..idata$7............4. |
11a0 | 00 00 5e 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 | ..^.............0..idata$5...... |
11c0 | 00 00 04 00 00 00 38 01 00 00 68 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 | ......8...h.............0..idata |
11e0 | 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 72 01 00 00 00 00 00 00 01 00 00 00 00 00 | $4............<...r............. |
1200 | 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 14 00 00 00 40 01 00 00 00 00 00 00 00 00 | 0..idata$6............@......... |
1220 | 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 2c 00 | ...........%..................,. |
1240 | 45 76 74 55 70 64 61 74 65 42 6f 6f 6b 6d 61 72 6b 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 | EvtUpdateBookmark............... |
1260 | 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 | ...........................text. |
1280 | 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 | .............data..............b |
12a0 | 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 | ss...............idata$7........ |
12c0 | 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 | ...idata$5...........idata$4.... |
12e0 | 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 | .......idata$6.................. |
1300 | 00 00 00 00 01 00 00 00 02 00 00 00 00 00 19 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 | ................................ |
1320 | 34 00 00 00 00 00 00 00 00 00 00 00 02 00 4e 00 00 00 5f 45 76 74 55 70 64 61 74 65 42 6f 6f 6b | 4.............N..._EvtUpdateBook |
1340 | 6d 61 72 6b 40 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 55 70 64 61 74 65 42 6f 6f 6b 6d 61 72 6b 40 | mark@8.__imp__EvtUpdateBookmark@ |
1360 | 38 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 | 8.__head_lib32_libwevtapi_a.dthv |
1380 | 73 30 30 30 34 33 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 | s00043.o/...1486067750..18779.50 |
13a0 | 30 30 20 20 31 30 30 36 34 34 20 20 36 32 36 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 | 00..100644..626.......`.L....... |
13c0 | 78 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 | x............text............... |
13e0 | 2c 01 00 00 50 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 | ,...P.............0`.data....... |
1400 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 | ........................@.0..bss |
1420 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................................ |
1440 | 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 5a 01 00 00 | ..0..idata$7............4...Z... |
1460 | 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 | ..........0..idata$5............ |
1480 | 38 01 00 00 64 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 | 8...d.............0..idata$4.... |
14a0 | 00 00 00 00 04 00 00 00 3c 01 00 00 6e 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 | ........<...n.............0..ida |
14c0 | 74 61 24 36 00 00 00 00 00 00 00 00 10 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ta$6............@............... |
14e0 | 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 2b 00 45 76 74 53 75 62 | .....%..................+.EvtSub |
1500 | 73 63 72 69 62 65 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 | scribe.......................... |
1520 | 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 | .................text........... |
1540 | 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 | ...data..............bss........ |
1560 | 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 | .......idata$7...........idata$5 |
1580 | 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 | ...........idata$4...........ida |
15a0 | 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 | ta$6............................ |
15c0 | 00 00 00 00 15 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 2c 00 00 00 00 00 00 00 00 00 | ......................,......... |
15e0 | 00 00 02 00 46 00 00 00 5f 45 76 74 53 75 62 73 63 72 69 62 65 40 33 32 00 5f 5f 69 6d 70 5f 5f | ....F..._EvtSubscribe@32.__imp__ |
1600 | 45 76 74 53 75 62 73 63 72 69 62 65 40 33 32 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 | EvtSubscribe@32.__head_lib32_lib |
1620 | 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 34 32 2e 6f 2f 20 20 20 31 34 38 36 30 36 | wevtapi_a.dthvs00042.o/...148606 |
1640 | 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 36 34 20 20 20 | 7750..18779.5000..100644..664... |
1660 | 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 84 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 | ....`.L....................text. |
1680 | 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 5c 01 00 00 00 00 00 00 01 00 00 00 20 00 | ..............,...\............. |
16a0 | 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 0`.data......................... |
16c0 | 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ......@.0..bss.................. |
16e0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 | ................0..idata$7...... |
1700 | 00 00 04 00 00 00 34 01 00 00 66 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 | ......4...f.............0..idata |
1720 | 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 70 01 00 00 00 00 00 00 01 00 00 00 00 00 | $5............8...p............. |
1740 | 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 7a 01 00 00 00 00 | 0..idata$4............<...z..... |
1760 | 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 1c 00 00 00 40 01 | ........0..idata$6............@. |
1780 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 | ...................%............ |
17a0 | 00 00 00 00 00 00 2a 00 45 76 74 53 65 74 4f 62 6a 65 63 74 41 72 72 61 79 50 72 6f 70 65 72 74 | ......*.EvtSetObjectArrayPropert |
17c0 | 79 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 | y............................... |
17e0 | 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 | ...........text..............dat |
1800 | 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 | a..............bss.............. |
1820 | 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 | .idata$7...........idata$5...... |
1840 | 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 | .....idata$4...........idata$6.. |
1860 | 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 22 00 | ..............................". |
1880 | 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 02 00 60 00 | ................F.............`. |
18a0 | 00 00 5f 45 76 74 53 65 74 4f 62 6a 65 63 74 41 72 72 61 79 50 72 6f 70 65 72 74 79 40 32 30 00 | .._EvtSetObjectArrayProperty@20. |
18c0 | 5f 5f 69 6d 70 5f 5f 45 76 74 53 65 74 4f 62 6a 65 63 74 41 72 72 61 79 50 72 6f 70 65 72 74 79 | __imp__EvtSetObjectArrayProperty |
18e0 | 40 32 30 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 | @20.__head_lib32_libwevtapi_a.dt |
1900 | 68 76 73 30 30 30 34 31 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 | hvs00041.o/...1486067750..18779. |
1920 | 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 37 32 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 | 5000..100644..672.......`.L..... |
1940 | 00 00 88 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 | ...............text............. |
1960 | 00 00 2c 01 00 00 60 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 | ..,...`.............0`.data..... |
1980 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 | ..........................@.0..b |
19a0 | 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ss.............................. |
19c0 | 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 6a 01 | ....0..idata$7............4...j. |
19e0 | 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 | ............0..idata$5.......... |
1a00 | 00 00 38 01 00 00 74 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 | ..8...t.............0..idata$4.. |
1a20 | 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 7e 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 | ..........<...~.............0..i |
1a40 | 64 61 74 61 24 36 00 00 00 00 00 00 00 00 1e 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 | data$6............@............. |
1a60 | 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 29 00 45 76 74 53 | .......%..................).EvtS |
1a80 | 65 74 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 67 50 72 6f 70 65 72 74 79 00 00 00 02 00 00 00 04 00 | etChannelConfigProperty......... |
1aa0 | 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 | ................................ |
1ac0 | 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 | ...text..............data....... |
1ae0 | 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 | .......bss...............idata$7 |
1b00 | 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 | ...........idata$5...........ida |
1b20 | 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 | ta$4...........idata$6.......... |
1b40 | 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 24 00 00 00 00 00 00 00 05 00 | ......................$......... |
1b60 | 00 00 02 00 00 00 00 00 4a 00 00 00 00 00 00 00 00 00 00 00 02 00 64 00 00 00 5f 45 76 74 53 65 | ........J.............d..._EvtSe |
1b80 | 74 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 67 50 72 6f 70 65 72 74 79 40 31 36 00 5f 5f 69 6d 70 5f | tChannelConfigProperty@16.__imp_ |
1ba0 | 5f 45 76 74 53 65 74 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 67 50 72 6f 70 65 72 74 79 40 31 36 00 | _EvtSetChannelConfigProperty@16. |
1bc0 | 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 | __head_lib32_libwevtapi_a.dthvs0 |
1be0 | 30 30 34 30 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 | 0040.o/...1486067750..18779.5000 |
1c00 | 20 20 31 30 30 36 34 34 20 20 36 31 32 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 74 01 | ..100644..612.......`.L.......t. |
1c20 | 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 | ...........text...............,. |
1c40 | 00 00 4c 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 | ..L.............0`.data......... |
1c60 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 | ......................@.0..bss.. |
1c80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 | ................................ |
1ca0 | 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 56 01 00 00 00 00 | 0..idata$7............4...V..... |
1cc0 | 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 | ........0..idata$5............8. |
1ce0 | 00 00 60 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 | ..`.............0..idata$4...... |
1d00 | 00 00 04 00 00 00 3c 01 00 00 6a 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 | ......<...j.............0..idata |
1d20 | 24 36 00 00 00 00 00 00 00 00 0a 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | $6............@................. |
1d40 | 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 28 00 45 76 74 53 65 65 6b 00 | ...%..................(.EvtSeek. |
1d60 | 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 | ................................ |
1d80 | 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 | ...........text..............dat |
1da0 | 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 | a..............bss.............. |
1dc0 | 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 | .idata$7...........idata$5...... |
1de0 | 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 | .....idata$4...........idata$6.. |
1e00 | 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 10 00 | ................................ |
1e20 | 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 02 00 3c 00 | ................".............<. |
1e40 | 00 00 5f 45 76 74 53 65 65 6b 40 32 34 00 5f 5f 69 6d 70 5f 5f 45 76 74 53 65 65 6b 40 32 34 00 | .._EvtSeek@24.__imp__EvtSeek@24. |
1e60 | 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 | __head_lib32_libwevtapi_a.dthvs0 |
1e80 | 30 30 33 39 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 | 0039.o/...1486067750..18779.5000 |
1ea0 | 20 20 31 30 30 36 34 34 20 20 36 34 38 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 80 01 | ..100644..648.......`.L......... |
1ec0 | 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 | ...........text...............,. |
1ee0 | 00 00 58 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 | ..X.............0`.data......... |
1f00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 | ......................@.0..bss.. |
1f20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 | ................................ |
1f40 | 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 62 01 00 00 00 00 | 0..idata$7............4...b..... |
1f60 | 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 | ........0..idata$5............8. |
1f80 | 00 00 6c 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 | ..l.............0..idata$4...... |
1fa0 | 00 00 04 00 00 00 3c 01 00 00 76 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 | ......<...v.............0..idata |
1fc0 | 24 36 00 00 00 00 00 00 00 00 18 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | $6............@................. |
1fe0 | 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 27 00 45 76 74 53 61 76 65 43 | ...%..................'.EvtSaveC |
2000 | 68 61 6e 6e 65 6c 43 6f 6e 66 69 67 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 | hannelConfig.................... |
2020 | 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 | .......................text..... |
2040 | 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 | .........data..............bss.. |
2060 | 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 | .............idata$7...........i |
2080 | 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 | data$5...........idata$4........ |
20a0 | 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 | ...idata$6...................... |
20c0 | 01 00 00 00 02 00 00 00 00 00 1c 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 3a 00 00 00 | ............................:... |
20e0 | 00 00 00 00 00 00 00 00 02 00 54 00 00 00 5f 45 76 74 53 61 76 65 43 68 61 6e 6e 65 6c 43 6f 6e | ..........T..._EvtSaveChannelCon |
2100 | 66 69 67 40 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 53 61 76 65 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 | fig@8.__imp__EvtSaveChannelConfi |
2120 | 67 40 38 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 | g@8.__head_lib32_libwevtapi_a.dt |
2140 | 68 76 73 30 30 30 33 38 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 | hvs00038.o/...1486067750..18779. |
2160 | 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 31 36 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 | 5000..100644..616.......`.L..... |
2180 | 00 00 74 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 | ..t............text............. |
21a0 | 00 00 2c 01 00 00 4c 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 | ..,...L.............0`.data..... |
21c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 | ..........................@.0..b |
21e0 | 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ss.............................. |
2200 | 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 56 01 | ....0..idata$7............4...V. |
2220 | 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 | ............0..idata$5.......... |
2240 | 00 00 38 01 00 00 60 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 | ..8...`.............0..idata$4.. |
2260 | 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 6a 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 | ..........<...j.............0..i |
2280 | 64 61 74 61 24 36 00 00 00 00 00 00 00 00 0c 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 | data$6............@............. |
22a0 | 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 26 00 45 76 74 52 | .......%..................&.EvtR |
22c0 | 65 6e 64 65 72 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 | ender........................... |
22e0 | 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 | ...............text............. |
2300 | 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 | .data..............bss.......... |
2320 | 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 | .....idata$7...........idata$5.. |
2340 | 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 | .........idata$4...........idata |
2360 | 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 | $6.............................. |
2380 | 00 00 12 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 | ....................&........... |
23a0 | 02 00 40 00 00 00 5f 45 76 74 52 65 6e 64 65 72 40 32 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 52 65 | ..@..._EvtRender@28.__imp__EvtRe |
23c0 | 6e 64 65 72 40 32 38 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f | nder@28.__head_lib32_libwevtapi_ |
23e0 | 61 00 64 74 68 76 73 30 30 30 33 37 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 | a.dthvs00037.o/...1486067750..18 |
2400 | 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 31 34 20 20 20 20 20 20 20 60 0a 4c 01 | 779.5000..100644..614.......`.L. |
2420 | 07 00 00 00 00 00 74 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 | ......t............text......... |
2440 | 00 00 08 00 00 00 2c 01 00 00 4c 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 | ......,...L.............0`.data. |
2460 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 | ..............................@. |
2480 | 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 0..bss.......................... |
24a0 | 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 | ........0..idata$7............4. |
24c0 | 00 00 56 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 | ..V.............0..idata$5...... |
24e0 | 00 00 04 00 00 00 38 01 00 00 60 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 | ......8...`.............0..idata |
2500 | 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 6a 01 00 00 00 00 00 00 01 00 00 00 00 00 | $4............<...j............. |
2520 | 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 0c 00 00 00 40 01 00 00 00 00 00 00 00 00 | 0..idata$6............@......... |
2540 | 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 25 00 | ...........%..................%. |
2560 | 45 76 74 51 75 65 72 79 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 | EvtQuery........................ |
2580 | 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 | ...................text......... |
25a0 | 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 | .....data..............bss...... |
25c0 | 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 | .........idata$7...........idata |
25e0 | 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 | $5...........idata$4...........i |
2600 | 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 | data$6.......................... |
2620 | 02 00 00 00 00 00 11 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 24 00 00 00 00 00 00 00 | ........................$....... |
2640 | 00 00 00 00 02 00 3e 00 00 00 5f 45 76 74 51 75 65 72 79 40 31 36 00 5f 5f 69 6d 70 5f 5f 45 76 | ......>..._EvtQuery@16.__imp__Ev |
2660 | 74 51 75 65 72 79 40 31 36 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 | tQuery@16.__head_lib32_libwevtap |
2680 | 69 5f 61 00 64 74 68 76 73 30 30 30 33 36 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 | i_a.dthvs00036.o/...1486067750.. |
26a0 | 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 33 34 20 20 20 20 20 20 20 60 0a | 18779.5000..100644..634.......`. |
26c0 | 4c 01 07 00 00 00 00 00 7c 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 | L.......|............text....... |
26e0 | 00 00 00 00 08 00 00 00 2c 01 00 00 54 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 | ........,...T.............0`.dat |
2700 | 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | a............................... |
2720 | 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | @.0..bss........................ |
2740 | 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 | ..........0..idata$7............ |
2760 | 34 01 00 00 5e 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 | 4...^.............0..idata$5.... |
2780 | 00 00 00 00 04 00 00 00 38 01 00 00 68 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 | ........8...h.............0..ida |
27a0 | 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 72 01 00 00 00 00 00 00 01 00 00 00 | ta$4............<...r........... |
27c0 | 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 12 00 00 00 40 01 00 00 00 00 00 00 | ..0..idata$6............@....... |
27e0 | 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 | .............%.................. |
2800 | 24 00 45 76 74 4f 70 65 6e 53 65 73 73 69 6f 6e 00 00 00 00 02 00 00 00 04 00 00 00 06 00 00 00 | $.EvtOpenSession................ |
2820 | 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 | .............................tex |
2840 | 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 | t..............data............. |
2860 | 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 | .bss...............idata$7...... |
2880 | 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 | .....idata$5...........idata$4.. |
28a0 | 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 | .........idata$6................ |
28c0 | 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 17 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 | ................................ |
28e0 | 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 00 4a 00 00 00 5f 45 76 74 4f 70 65 6e 53 65 73 73 | ..0.............J..._EvtOpenSess |
2900 | 69 6f 6e 40 31 36 00 5f 5f 69 6d 70 5f 5f 45 76 74 4f 70 65 6e 53 65 73 73 69 6f 6e 40 31 36 00 | ion@16.__imp__EvtOpenSession@16. |
2920 | 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 | __head_lib32_libwevtapi_a.dthvs0 |
2940 | 30 30 33 35 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 | 0035.o/...1486067750..18779.5000 |
2960 | 20 20 31 30 30 36 34 34 20 20 36 36 32 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 84 01 | ..100644..662.......`.L......... |
2980 | 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 | ...........text...............,. |
29a0 | 00 00 5c 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 | ..\.............0`.data......... |
29c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 | ......................@.0..bss.. |
29e0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 | ................................ |
2a00 | 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 66 01 00 00 00 00 | 0..idata$7............4...f..... |
2a20 | 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 | ........0..idata$5............8. |
2a40 | 00 00 70 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 | ..p.............0..idata$4...... |
2a60 | 00 00 04 00 00 00 3c 01 00 00 7a 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 | ......<...z.............0..idata |
2a80 | 24 36 00 00 00 00 00 00 00 00 1c 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | $6............@................. |
2aa0 | 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 23 00 45 76 74 4f 70 65 6e 50 | ...%..................#.EvtOpenP |
2ac0 | 75 62 6c 69 73 68 65 72 4d 65 74 61 64 61 74 61 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 | ublisherMetadata................ |
2ae0 | 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 | ...........................text. |
2b00 | 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 | .............data..............b |
2b20 | 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 | ss...............idata$7........ |
2b40 | 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 | ...idata$5...........idata$4.... |
2b60 | 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 | .......idata$6.................. |
2b80 | 00 00 00 00 01 00 00 00 02 00 00 00 00 00 21 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 | ..............!................. |
2ba0 | 44 00 00 00 00 00 00 00 00 00 00 00 02 00 5e 00 00 00 5f 45 76 74 4f 70 65 6e 50 75 62 6c 69 73 | D.............^..._EvtOpenPublis |
2bc0 | 68 65 72 4d 65 74 61 64 61 74 61 40 32 30 00 5f 5f 69 6d 70 5f 5f 45 76 74 4f 70 65 6e 50 75 62 | herMetadata@20.__imp__EvtOpenPub |
2be0 | 6c 69 73 68 65 72 4d 65 74 61 64 61 74 61 40 32 30 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c | lisherMetadata@20.__head_lib32_l |
2c00 | 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 33 34 2e 6f 2f 20 20 20 31 34 38 36 | ibwevtapi_a.dthvs00034.o/...1486 |
2c20 | 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 34 38 20 | 067750..18779.5000..100644..648. |
2c40 | 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 80 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 | ......`.L....................tex |
2c60 | 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 58 01 00 00 00 00 00 00 01 00 00 00 | t...............,...X........... |
2c80 | 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ..0`.data....................... |
2ca0 | 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........@.0..bss................ |
2cc0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 | ..................0..idata$7.... |
2ce0 | 00 00 00 00 04 00 00 00 34 01 00 00 62 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 | ........4...b.............0..ida |
2d00 | 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 6c 01 00 00 00 00 00 00 01 00 00 00 | ta$5............8...l........... |
2d20 | 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 76 01 00 00 | ..0..idata$4............<...v... |
2d40 | 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 18 00 00 00 | ..........0..idata$6............ |
2d60 | 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 | @....................%.......... |
2d80 | 00 00 00 00 00 00 00 00 22 00 45 76 74 4f 70 65 6e 50 75 62 6c 69 73 68 65 72 45 6e 75 6d 00 00 | ........".EvtOpenPublisherEnum.. |
2da0 | 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 | ................................ |
2dc0 | 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 | .........text..............data. |
2de0 | 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 | .............bss...............i |
2e00 | 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 | data$7...........idata$5........ |
2e20 | 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 | ...idata$4...........idata$6.... |
2e40 | 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 1c 00 00 00 | ................................ |
2e60 | 00 00 00 00 05 00 00 00 02 00 00 00 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 02 00 54 00 00 00 | ..............:.............T... |
2e80 | 5f 45 76 74 4f 70 65 6e 50 75 62 6c 69 73 68 65 72 45 6e 75 6d 40 38 00 5f 5f 69 6d 70 5f 5f 45 | _EvtOpenPublisherEnum@8.__imp__E |
2ea0 | 76 74 4f 70 65 6e 50 75 62 6c 69 73 68 65 72 45 6e 75 6d 40 38 00 5f 5f 68 65 61 64 5f 6c 69 62 | vtOpenPublisherEnum@8.__head_lib |
2ec0 | 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 33 33 2e 6f 2f 20 20 20 | 32_libwevtapi_a.dthvs00033.o/... |
2ee0 | 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 | 1486067750..18779.5000..100644.. |
2f00 | 36 32 32 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 78 01 00 00 0a 00 00 00 00 00 04 01 | 622.......`.L.......x........... |
2f20 | 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 50 01 00 00 00 00 00 00 | .text...............,...P....... |
2f40 | 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ......0`.data................... |
2f60 | 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 | ............@.0..bss............ |
2f80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 | ......................0..idata$7 |
2fa0 | 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 5a 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 | ............4...Z.............0. |
2fc0 | 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 64 01 00 00 00 00 00 00 | .idata$5............8...d....... |
2fe0 | 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 | ......0..idata$4............<... |
3000 | 6e 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 | n.............0..idata$6........ |
3020 | 0e 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 | ....@....................%...... |
3040 | 00 00 00 00 00 00 00 00 00 00 00 00 21 00 45 76 74 4f 70 65 6e 4c 6f 67 00 00 00 00 02 00 00 00 | ............!.EvtOpenLog........ |
3060 | 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 | ................................ |
3080 | 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 | .....text..............data..... |
30a0 | 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 | .........bss...............idata |
30c0 | 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 | $7...........idata$5...........i |
30e0 | 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 | data$4...........idata$6........ |
3100 | 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 13 00 00 00 00 00 00 00 | ................................ |
3120 | 05 00 00 00 02 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 02 00 42 00 00 00 5f 45 76 74 | ..........(.............B..._Evt |
3140 | 4f 70 65 6e 4c 6f 67 40 31 32 00 5f 5f 69 6d 70 5f 5f 45 76 74 4f 70 65 6e 4c 6f 67 40 31 32 00 | OpenLog@12.__imp__EvtOpenLog@12. |
3160 | 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 | __head_lib32_libwevtapi_a.dthvs0 |
3180 | 30 30 33 32 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 | 0032.o/...1486067750..18779.5000 |
31a0 | 20 20 31 30 30 36 34 34 20 20 36 36 30 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 84 01 | ..100644..660.......`.L......... |
31c0 | 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 | ...........text...............,. |
31e0 | 00 00 5c 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 | ..\.............0`.data......... |
3200 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 | ......................@.0..bss.. |
3220 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 | ................................ |
3240 | 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 66 01 00 00 00 00 | 0..idata$7............4...f..... |
3260 | 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 | ........0..idata$5............8. |
3280 | 00 00 70 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 | ..p.............0..idata$4...... |
32a0 | 00 00 04 00 00 00 3c 01 00 00 7a 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 | ......<...z.............0..idata |
32c0 | 24 36 00 00 00 00 00 00 00 00 1c 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | $6............@................. |
32e0 | 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 20 00 45 76 74 4f 70 65 6e 45 | ...%....................EvtOpenE |
3300 | 76 65 6e 74 4d 65 74 61 64 61 74 61 45 6e 75 6d 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 | ventMetadataEnum................ |
3320 | 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 | ...........................text. |
3340 | 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 | .............data..............b |
3360 | 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 | ss...............idata$7........ |
3380 | 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 | ...idata$5...........idata$4.... |
33a0 | 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 | .......idata$6.................. |
33c0 | 00 00 00 00 01 00 00 00 02 00 00 00 00 00 20 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 | ................................ |
33e0 | 42 00 00 00 00 00 00 00 00 00 00 00 02 00 5c 00 00 00 5f 45 76 74 4f 70 65 6e 45 76 65 6e 74 4d | B.............\..._EvtOpenEventM |
3400 | 65 74 61 64 61 74 61 45 6e 75 6d 40 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 4f 70 65 6e 45 76 65 6e | etadataEnum@8.__imp__EvtOpenEven |
3420 | 74 4d 65 74 61 64 61 74 61 45 6e 75 6d 40 38 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 | tMetadataEnum@8.__head_lib32_lib |
3440 | 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 33 31 2e 6f 2f 20 20 20 31 34 38 36 30 36 | wevtapi_a.dthvs00031.o/...148606 |
3460 | 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 34 34 20 20 20 | 7750..18779.5000..100644..644... |
3480 | 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 80 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 | ....`.L....................text. |
34a0 | 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 58 01 00 00 00 00 00 00 01 00 00 00 20 00 | ..............,...X............. |
34c0 | 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 0`.data......................... |
34e0 | 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ......@.0..bss.................. |
3500 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 | ................0..idata$7...... |
3520 | 00 00 04 00 00 00 34 01 00 00 62 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 | ......4...b.............0..idata |
3540 | 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 6c 01 00 00 00 00 00 00 01 00 00 00 00 00 | $5............8...l............. |
3560 | 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 76 01 00 00 00 00 | 0..idata$4............<...v..... |
3580 | 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 16 00 00 00 40 01 | ........0..idata$6............@. |
35a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 | ...................%............ |
35c0 | 00 00 00 00 00 00 1f 00 45 76 74 4f 70 65 6e 43 68 61 6e 6e 65 6c 45 6e 75 6d 00 00 00 00 02 00 | ........EvtOpenChannelEnum...... |
35e0 | 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 | ................................ |
3600 | 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 | .......text..............data... |
3620 | 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 | ...........bss...............ida |
3640 | 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 | ta$7...........idata$5.......... |
3660 | 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 | .idata$4...........idata$6...... |
3680 | 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 1a 00 00 00 00 00 | ................................ |
36a0 | 00 00 05 00 00 00 02 00 00 00 00 00 36 00 00 00 00 00 00 00 00 00 00 00 02 00 50 00 00 00 5f 45 | ............6.............P..._E |
36c0 | 76 74 4f 70 65 6e 43 68 61 6e 6e 65 6c 45 6e 75 6d 40 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 4f 70 | vtOpenChannelEnum@8.__imp__EvtOp |
36e0 | 65 6e 43 68 61 6e 6e 65 6c 45 6e 75 6d 40 38 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 | enChannelEnum@8.__head_lib32_lib |
3700 | 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 33 30 2e 6f 2f 20 20 20 31 34 38 36 30 36 | wevtapi_a.dthvs00030.o/...148606 |
3720 | 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 35 30 20 20 20 | 7750..18779.5000..100644..650... |
3740 | 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 80 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 | ....`.L....................text. |
3760 | 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 58 01 00 00 00 00 00 00 01 00 00 00 20 00 | ..............,...X............. |
3780 | 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 0`.data......................... |
37a0 | 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ......@.0..bss.................. |
37c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 | ................0..idata$7...... |
37e0 | 00 00 04 00 00 00 34 01 00 00 62 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 | ......4...b.............0..idata |
3800 | 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 6c 01 00 00 00 00 00 00 01 00 00 00 00 00 | $5............8...l............. |
3820 | 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 76 01 00 00 00 00 | 0..idata$4............<...v..... |
3840 | 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 18 00 00 00 40 01 | ........0..idata$6............@. |
3860 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 | ...................%............ |
3880 | 00 00 00 00 00 00 1e 00 45 76 74 4f 70 65 6e 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 67 00 00 02 00 | ........EvtOpenChannelConfig.... |
38a0 | 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 | ................................ |
38c0 | 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 | .......text..............data... |
38e0 | 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 | ...........bss...............ida |
3900 | 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 | ta$7...........idata$5.......... |
3920 | 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 | .idata$4...........idata$6...... |
3940 | 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 1d 00 00 00 00 00 | ................................ |
3960 | 00 00 05 00 00 00 02 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 02 00 56 00 00 00 5f 45 | ............<.............V..._E |
3980 | 76 74 4f 70 65 6e 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 67 40 31 32 00 5f 5f 69 6d 70 5f 5f 45 76 | vtOpenChannelConfig@12.__imp__Ev |
39a0 | 74 4f 70 65 6e 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 67 40 31 32 00 5f 5f 68 65 61 64 5f 6c 69 62 | tOpenChannelConfig@12.__head_lib |
39c0 | 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 32 39 2e 6f 2f 20 20 20 | 32_libwevtapi_a.dthvs00029.o/... |
39e0 | 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 | 1486067750..18779.5000..100644.. |
3a00 | 36 34 36 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 80 01 00 00 0a 00 00 00 00 00 04 01 | 646.......`.L................... |
3a20 | 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 58 01 00 00 00 00 00 00 | .text...............,...X....... |
3a40 | 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ......0`.data................... |
3a60 | 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 | ............@.0..bss............ |
3a80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 | ......................0..idata$7 |
3aa0 | 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 62 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 | ............4...b.............0. |
3ac0 | 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 6c 01 00 00 00 00 00 00 | .idata$5............8...l....... |
3ae0 | 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 | ......0..idata$4............<... |
3b00 | 76 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 | v.............0..idata$6........ |
3b20 | 16 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 | ....@....................%...... |
3b40 | 00 00 00 00 00 00 00 00 00 00 00 00 1d 00 45 76 74 4e 65 78 74 50 75 62 6c 69 73 68 65 72 49 64 | ..............EvtNextPublisherId |
3b60 | 00 00 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 | ................................ |
3b80 | 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 | .............text..............d |
3ba0 | 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 | ata..............bss............ |
3bc0 | 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 | ...idata$7...........idata$5.... |
3be0 | 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 | .......idata$4...........idata$6 |
3c00 | 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 | ................................ |
3c20 | 1b 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 02 00 | ..................8............. |
3c40 | 52 00 00 00 5f 45 76 74 4e 65 78 74 50 75 62 6c 69 73 68 65 72 49 64 40 31 36 00 5f 5f 69 6d 70 | R..._EvtNextPublisherId@16.__imp |
3c60 | 5f 5f 45 76 74 4e 65 78 74 50 75 62 6c 69 73 68 65 72 49 64 40 31 36 00 5f 5f 68 65 61 64 5f 6c | __EvtNextPublisherId@16.__head_l |
3c80 | 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 32 38 2e 6f 2f 20 | ib32_libwevtapi_a.dthvs00028.o/. |
3ca0 | 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 | ..1486067750..18779.5000..100644 |
3cc0 | 20 20 36 34 38 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 80 01 00 00 0a 00 00 00 00 00 | ..648.......`.L................. |
3ce0 | 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 58 01 00 00 00 00 | ...text...............,...X..... |
3d00 | 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........0`.data................. |
3d20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 | ..............@.0..bss.......... |
3d40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 | ........................0..idata |
3d60 | 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 62 01 00 00 00 00 00 00 01 00 00 00 00 00 | $7............4...b............. |
3d80 | 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 6c 01 00 00 00 00 | 0..idata$5............8...l..... |
3da0 | 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 | ........0..idata$4............<. |
3dc0 | 00 00 76 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 | ..v.............0..idata$6...... |
3de0 | 00 00 18 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 | ......@....................%.... |
3e00 | 90 90 00 00 00 00 00 00 00 00 00 00 00 00 1c 00 45 76 74 4e 65 78 74 45 76 65 6e 74 4d 65 74 61 | ................EvtNextEventMeta |
3e20 | 64 61 74 61 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 | data............................ |
3e40 | 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 | ...............text............. |
3e60 | 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 | .data..............bss.......... |
3e80 | 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 | .....idata$7...........idata$5.. |
3ea0 | 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 | .........idata$4...........idata |
3ec0 | 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 | $6.............................. |
3ee0 | 00 00 1c 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 | ....................:........... |
3f00 | 02 00 54 00 00 00 5f 45 76 74 4e 65 78 74 45 76 65 6e 74 4d 65 74 61 64 61 74 61 40 38 00 5f 5f | ..T..._EvtNextEventMetadata@8.__ |
3f20 | 69 6d 70 5f 5f 45 76 74 4e 65 78 74 45 76 65 6e 74 4d 65 74 61 64 61 74 61 40 38 00 5f 5f 68 65 | imp__EvtNextEventMetadata@8.__he |
3f40 | 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 32 37 | ad_lib32_libwevtapi_a.dthvs00027 |
3f60 | 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 | .o/...1486067750..18779.5000..10 |
3f80 | 30 36 34 34 20 20 36 34 36 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 80 01 00 00 0a 00 | 0644..646.......`.L............. |
3fa0 | 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 58 01 | .......text...............,...X. |
3fc0 | 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 | ............0`.data............. |
3fe0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 | ..................@.0..bss...... |
4000 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 | ............................0..i |
4020 | 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 62 01 00 00 00 00 00 00 01 00 | data$7............4...b......... |
4040 | 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 6c 01 | ....0..idata$5............8...l. |
4060 | 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 | ............0..idata$4.......... |
4080 | 00 00 3c 01 00 00 76 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 | ..<...v.............0..idata$6.. |
40a0 | 00 00 00 00 00 00 16 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 | ..........@....................% |
40c0 | 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 1b 00 45 76 74 4e 65 78 74 43 68 61 6e 6e | ....................EvtNextChann |
40e0 | 65 6c 50 61 74 68 00 00 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 | elPath.......................... |
4100 | 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 | ...................text......... |
4120 | 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 | .....data..............bss...... |
4140 | 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 | .........idata$7...........idata |
4160 | 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 | $5...........idata$4...........i |
4180 | 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 | data$6.......................... |
41a0 | 02 00 00 00 00 00 1b 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 38 00 00 00 00 00 00 00 | ........................8....... |
41c0 | 00 00 00 00 02 00 52 00 00 00 5f 45 76 74 4e 65 78 74 43 68 61 6e 6e 65 6c 50 61 74 68 40 31 36 | ......R..._EvtNextChannelPath@16 |
41e0 | 00 5f 5f 69 6d 70 5f 5f 45 76 74 4e 65 78 74 43 68 61 6e 6e 65 6c 50 61 74 68 40 31 36 00 5f 5f | .__imp__EvtNextChannelPath@16.__ |
4200 | 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 | head_lib32_libwevtapi_a.dthvs000 |
4220 | 32 36 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 | 26.o/...1486067750..18779.5000.. |
4240 | 31 30 30 36 34 34 20 20 36 31 32 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 74 01 00 00 | 100644..612.......`.L.......t... |
4260 | 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 | .........text...............,... |
4280 | 4c 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 | L.............0`.data........... |
42a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 | ....................@.0..bss.... |
42c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 | ..............................0. |
42e0 | 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 56 01 00 00 00 00 00 00 | .idata$7............4...V....... |
4300 | 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 | ......0..idata$5............8... |
4320 | 60 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 | `.............0..idata$4........ |
4340 | 04 00 00 00 3c 01 00 00 6a 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 | ....<...j.............0..idata$6 |
4360 | 00 00 00 00 00 00 00 00 0a 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 | ............@................... |
4380 | ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 45 76 74 4e 65 78 74 00 00 00 | .%....................EvtNext... |
43a0 | 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 | ................................ |
43c0 | 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 | .........text..............data. |
43e0 | 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 | .............bss...............i |
4400 | 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 | data$7...........idata$5........ |
4420 | 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 | ...idata$4...........idata$6.... |
4440 | 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 10 00 00 00 | ................................ |
4460 | 00 00 00 00 05 00 00 00 02 00 00 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 02 00 3c 00 00 00 | ..............".............<... |
4480 | 5f 45 76 74 4e 65 78 74 40 32 34 00 5f 5f 69 6d 70 5f 5f 45 76 74 4e 65 78 74 40 32 34 00 5f 5f | _EvtNext@24.__imp__EvtNext@24.__ |
44a0 | 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 | head_lib32_libwevtapi_a.dthvs000 |
44c0 | 32 35 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 | 25.o/...1486067750..18779.5000.. |
44e0 | 31 30 30 36 34 34 20 20 36 38 38 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 8c 01 00 00 | 100644..688.......`.L........... |
4500 | 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 | .........text...............,... |
4520 | 64 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 | d.............0`.data........... |
4540 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 | ....................@.0..bss.... |
4560 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 | ..............................0. |
4580 | 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 6e 01 00 00 00 00 00 00 | .idata$7............4...n....... |
45a0 | 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 | ......0..idata$5............8... |
45c0 | 78 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 | x.............0..idata$4........ |
45e0 | 04 00 00 00 3c 01 00 00 82 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 | ....<.................0..idata$6 |
4600 | 00 00 00 00 00 00 00 00 24 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 | ........$...@................... |
4620 | ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 19 00 45 76 74 49 6e 74 57 72 69 74 | .%....................EvtIntWrit |
4640 | 65 58 6d 6c 45 76 65 6e 74 54 6f 4c 6f 63 61 6c 4c 6f 67 66 69 6c 65 00 02 00 00 00 04 00 00 00 | eXmlEventToLocalLogfile......... |
4660 | 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 | ................................ |
4680 | 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 | .text..............data......... |
46a0 | 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 | .....bss...............idata$7.. |
46c0 | 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 | .........idata$5...........idata |
46e0 | 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 | $4...........idata$6............ |
4700 | 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 2a 00 00 00 00 00 00 00 05 00 00 00 | ....................*........... |
4720 | 02 00 00 00 00 00 56 00 00 00 00 00 00 00 00 00 00 00 02 00 70 00 00 00 5f 45 76 74 49 6e 74 57 | ......V.............p..._EvtIntW |
4740 | 72 69 74 65 58 6d 6c 45 76 65 6e 74 54 6f 4c 6f 63 61 6c 4c 6f 67 66 69 6c 65 40 31 32 00 5f 5f | riteXmlEventToLocalLogfile@12.__ |
4760 | 69 6d 70 5f 5f 45 76 74 49 6e 74 57 72 69 74 65 58 6d 6c 45 76 65 6e 74 54 6f 4c 6f 63 61 6c 4c | imp__EvtIntWriteXmlEventToLocalL |
4780 | 6f 67 66 69 6c 65 40 31 32 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 | ogfile@12.__head_lib32_libwevtap |
47a0 | 69 5f 61 00 64 74 68 76 73 30 30 30 32 34 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 | i_a.dthvs00024.o/...1486067750.. |
47c0 | 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 34 38 20 20 20 20 20 20 20 60 0a | 18779.5000..100644..648.......`. |
47e0 | 4c 01 07 00 00 00 00 00 80 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 | L....................text....... |
4800 | 00 00 00 00 08 00 00 00 2c 01 00 00 58 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 | ........,...X.............0`.dat |
4820 | 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | a............................... |
4840 | 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | @.0..bss........................ |
4860 | 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 | ..........0..idata$7............ |
4880 | 34 01 00 00 62 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 | 4...b.............0..idata$5.... |
48a0 | 00 00 00 00 04 00 00 00 38 01 00 00 6c 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 | ........8...l.............0..ida |
48c0 | 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 76 01 00 00 00 00 00 00 01 00 00 00 | ta$4............<...v........... |
48e0 | 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 18 00 00 00 40 01 00 00 00 00 00 00 | ..0..idata$6............@....... |
4900 | 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 | .............%.................. |
4920 | 18 00 45 76 74 49 6e 74 53 79 73 70 72 65 70 43 6c 65 61 6e 75 70 00 00 02 00 00 00 04 00 00 00 | ..EvtIntSysprepCleanup.......... |
4940 | 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 | ................................ |
4960 | 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 | .text..............data......... |
4980 | 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 | .....bss...............idata$7.. |
49a0 | 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 | .........idata$5...........idata |
49c0 | 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 | $4...........idata$6............ |
49e0 | 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 1c 00 00 00 00 00 00 00 05 00 00 00 | ................................ |
4a00 | 02 00 00 00 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 02 00 54 00 00 00 5f 45 76 74 49 6e 74 53 | ......:.............T..._EvtIntS |
4a20 | 79 73 70 72 65 70 43 6c 65 61 6e 75 70 40 30 00 5f 5f 69 6d 70 5f 5f 45 76 74 49 6e 74 53 79 73 | ysprepCleanup@0.__imp__EvtIntSys |
4a40 | 70 72 65 70 43 6c 65 61 6e 75 70 40 30 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 | prepCleanup@0.__head_lib32_libwe |
4a60 | 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 32 33 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 | vtapi_a.dthvs00023.o/...14860677 |
4a80 | 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 34 38 20 20 20 20 20 | 50..18779.5000..100644..648..... |
4aa0 | 20 20 60 0a 4c 01 07 00 00 00 00 00 80 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 | ..`.L....................text... |
4ac0 | 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 58 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 | ............,...X.............0` |
4ae0 | 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .data........................... |
4b00 | 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ....@.0..bss.................... |
4b20 | 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 | ..............0..idata$7........ |
4b40 | 04 00 00 00 34 01 00 00 62 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 | ....4...b.............0..idata$5 |
4b60 | 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 6c 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 | ............8...l.............0. |
4b80 | 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 76 01 00 00 00 00 00 00 | .idata$4............<...v....... |
4ba0 | 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 16 00 00 00 40 01 00 00 | ......0..idata$6............@... |
4bc0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 | .................%.............. |
4be0 | 00 00 00 00 17 00 45 76 74 49 6e 74 52 65 74 72 61 63 74 43 6f 6e 66 69 67 00 00 00 02 00 00 00 | ......EvtIntRetractConfig....... |
4c00 | 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 | ................................ |
4c20 | 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 | .....text..............data..... |
4c40 | 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 | .........bss...............idata |
4c60 | 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 | $7...........idata$5...........i |
4c80 | 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 | data$4...........idata$6........ |
4ca0 | 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 1c 00 00 00 00 00 00 00 | ................................ |
4cc0 | 05 00 00 00 02 00 00 00 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 02 00 54 00 00 00 5f 45 76 74 | ..........:.............T..._Evt |
4ce0 | 49 6e 74 52 65 74 72 61 63 74 43 6f 6e 66 69 67 40 31 32 00 5f 5f 69 6d 70 5f 5f 45 76 74 49 6e | IntRetractConfig@12.__imp__EvtIn |
4d00 | 74 52 65 74 72 61 63 74 43 6f 6e 66 69 67 40 31 32 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c | tRetractConfig@12.__head_lib32_l |
4d20 | 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 32 32 2e 6f 2f 20 20 20 31 34 38 36 | ibwevtapi_a.dthvs00022.o/...1486 |
4d40 | 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 38 34 20 | 067750..18779.5000..100644..684. |
4d60 | 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 8c 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 | ......`.L....................tex |
4d80 | 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 64 01 00 00 00 00 00 00 01 00 00 00 | t...............,...d........... |
4da0 | 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ..0`.data....................... |
4dc0 | 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........@.0..bss................ |
4de0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 | ..................0..idata$7.... |
4e00 | 00 00 00 00 04 00 00 00 34 01 00 00 6e 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 | ........4...n.............0..ida |
4e20 | 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 78 01 00 00 00 00 00 00 01 00 00 00 | ta$5............8...x........... |
4e40 | 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 82 01 00 00 | ..0..idata$4............<....... |
4e60 | 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 22 00 00 00 | ..........0..idata$6........"... |
4e80 | 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 | @....................%.......... |
4ea0 | 00 00 00 00 00 00 00 00 16 00 45 76 74 49 6e 74 52 65 70 6f 72 74 45 76 65 6e 74 41 6e 64 53 6f | ..........EvtIntReportEventAndSo |
4ec0 | 75 72 63 65 41 73 79 6e 63 00 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 | urceAsync....................... |
4ee0 | 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 | .....................text....... |
4f00 | 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 | .......data..............bss.... |
4f20 | 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 | ...........idata$7...........ida |
4f40 | 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 | ta$5...........idata$4.......... |
4f60 | 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 | .idata$6........................ |
4f80 | 00 00 02 00 00 00 00 00 28 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 52 00 00 00 00 00 | ........(.................R..... |
4fa0 | 00 00 00 00 00 00 02 00 6c 00 00 00 5f 45 76 74 49 6e 74 52 65 70 6f 72 74 45 76 65 6e 74 41 6e | ........l..._EvtIntReportEventAn |
4fc0 | 64 53 6f 75 72 63 65 41 73 79 6e 63 40 34 34 00 5f 5f 69 6d 70 5f 5f 45 76 74 49 6e 74 52 65 70 | dSourceAsync@44.__imp__EvtIntRep |
4fe0 | 6f 72 74 45 76 65 6e 74 41 6e 64 53 6f 75 72 63 65 41 73 79 6e 63 40 34 34 00 5f 5f 68 65 61 64 | ortEventAndSourceAsync@44.__head |
5000 | 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 32 31 2e 6f | _lib32_libwevtapi_a.dthvs00021.o |
5020 | 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 | /...1486067750..18779.5000..1006 |
5040 | 34 34 20 20 36 39 38 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 90 01 00 00 0a 00 00 00 | 44..698.......`.L............... |
5060 | 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 68 01 00 00 | .....text...............,...h... |
5080 | 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ..........0`.data............... |
50a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 | ................@.0..bss........ |
50c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 | ..........................0..ida |
50e0 | 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 72 01 00 00 00 00 00 00 01 00 00 00 | ta$7............4...r........... |
5100 | 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 7c 01 00 00 | ..0..idata$5............8...|... |
5120 | 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 | ..........0..idata$4............ |
5140 | 3c 01 00 00 86 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 | <.................0..idata$6.... |
5160 | 00 00 00 00 28 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 | ....(...@....................%.. |
5180 | 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 15 00 45 76 74 49 6e 74 52 65 70 6f 72 74 41 75 | ..................EvtIntReportAu |
51a0 | 74 68 7a 45 76 65 6e 74 41 6e 64 53 6f 75 72 63 65 41 73 79 6e 63 00 00 02 00 00 00 04 00 00 00 | thzEventAndSourceAsync.......... |
51c0 | 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 | ................................ |
51e0 | 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 | .text..............data......... |
5200 | 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 | .....bss...............idata$7.. |
5220 | 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 | .........idata$5...........idata |
5240 | 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 | $4...........idata$6............ |
5260 | 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 2d 00 00 00 00 00 00 00 05 00 00 00 | ....................-........... |
5280 | 02 00 00 00 00 00 5c 00 00 00 00 00 00 00 00 00 00 00 02 00 76 00 00 00 5f 45 76 74 49 6e 74 52 | ......\.............v..._EvtIntR |
52a0 | 65 70 6f 72 74 41 75 74 68 7a 45 76 65 6e 74 41 6e 64 53 6f 75 72 63 65 41 73 79 6e 63 40 34 34 | eportAuthzEventAndSourceAsync@44 |
52c0 | 00 5f 5f 69 6d 70 5f 5f 45 76 74 49 6e 74 52 65 70 6f 72 74 41 75 74 68 7a 45 76 65 6e 74 41 6e | .__imp__EvtIntReportAuthzEventAn |
52e0 | 64 53 6f 75 72 63 65 41 73 79 6e 63 40 34 34 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 | dSourceAsync@44.__head_lib32_lib |
5300 | 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 32 30 2e 6f 2f 20 20 20 31 34 38 36 30 36 | wevtapi_a.dthvs00020.o/...148606 |
5320 | 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 38 36 20 20 20 | 7750..18779.5000..100644..686... |
5340 | 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 8c 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 | ....`.L....................text. |
5360 | 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 64 01 00 00 00 00 00 00 01 00 00 00 20 00 | ..............,...d............. |
5380 | 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 0`.data......................... |
53a0 | 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ......@.0..bss.................. |
53c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 | ................0..idata$7...... |
53e0 | 00 00 04 00 00 00 34 01 00 00 6e 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 | ......4...n.............0..idata |
5400 | 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 78 01 00 00 00 00 00 00 01 00 00 00 00 00 | $5............8...x............. |
5420 | 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 82 01 00 00 00 00 | 0..idata$4............<......... |
5440 | 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 24 00 00 00 40 01 | ........0..idata$6........$...@. |
5460 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 | ...................%............ |
5480 | 00 00 00 00 00 00 14 00 45 76 74 49 6e 74 52 65 6e 64 65 72 52 65 73 6f 75 72 63 65 45 76 65 6e | ........EvtIntRenderResourceEven |
54a0 | 74 54 65 6d 70 6c 61 74 65 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 | tTemplate....................... |
54c0 | 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 | ...................text......... |
54e0 | 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 | .....data..............bss...... |
5500 | 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 | .........idata$7...........idata |
5520 | 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 | $5...........idata$4...........i |
5540 | 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 | data$6.......................... |
5560 | 02 00 00 00 00 00 29 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 54 00 00 00 00 00 00 00 | ......).................T....... |
5580 | 00 00 00 00 02 00 6e 00 00 00 5f 45 76 74 49 6e 74 52 65 6e 64 65 72 52 65 73 6f 75 72 63 65 45 | ......n..._EvtIntRenderResourceE |
55a0 | 76 65 6e 74 54 65 6d 70 6c 61 74 65 40 30 00 5f 5f 69 6d 70 5f 5f 45 76 74 49 6e 74 52 65 6e 64 | ventTemplate@0.__imp__EvtIntRend |
55c0 | 65 72 52 65 73 6f 75 72 63 65 45 76 65 6e 74 54 65 6d 70 6c 61 74 65 40 30 00 5f 5f 68 65 61 64 | erResourceEventTemplate@0.__head |
55e0 | 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 31 39 2e 6f | _lib32_libwevtapi_a.dthvs00019.o |
5600 | 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 | /...1486067750..18779.5000..1006 |
5620 | 34 34 20 20 36 38 32 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 8c 01 00 00 0a 00 00 00 | 44..682.......`.L............... |
5640 | 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 64 01 00 00 | .....text...............,...d... |
5660 | 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ..........0`.data............... |
5680 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 | ................@.0..bss........ |
56a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 | ..........................0..ida |
56c0 | 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 6e 01 00 00 00 00 00 00 01 00 00 00 | ta$7............4...n........... |
56e0 | 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 78 01 00 00 | ..0..idata$5............8...x... |
5700 | 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 | ..........0..idata$4............ |
5720 | 3c 01 00 00 82 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 | <.................0..idata$6.... |
5740 | 00 00 00 00 22 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 | ...."...@....................%.. |
5760 | 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 13 00 45 76 74 49 6e 74 47 65 74 43 6c 61 73 73 | ..................EvtIntGetClass |
5780 | 69 63 4c 6f 67 44 69 73 70 6c 61 79 4e 61 6d 65 00 00 00 00 02 00 00 00 04 00 00 00 06 00 00 00 | icLogDisplayName................ |
57a0 | 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 | .............................tex |
57c0 | 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 | t..............data............. |
57e0 | 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 | .bss...............idata$7...... |
5800 | 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 | .....idata$5...........idata$4.. |
5820 | 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 | .........idata$6................ |
5840 | 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 27 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 | ................'............... |
5860 | 00 00 50 00 00 00 00 00 00 00 00 00 00 00 02 00 6a 00 00 00 5f 45 76 74 49 6e 74 47 65 74 43 6c | ..P.............j..._EvtIntGetCl |
5880 | 61 73 73 69 63 4c 6f 67 44 69 73 70 6c 61 79 4e 61 6d 65 40 32 38 00 5f 5f 69 6d 70 5f 5f 45 76 | assicLogDisplayName@28.__imp__Ev |
58a0 | 74 49 6e 74 47 65 74 43 6c 61 73 73 69 63 4c 6f 67 44 69 73 70 6c 61 79 4e 61 6d 65 40 32 38 00 | tIntGetClassicLogDisplayName@28. |
58c0 | 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 | __head_lib32_libwevtapi_a.dthvs0 |
58e0 | 30 30 31 38 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 | 0018.o/...1486067750..18779.5000 |
5900 | 20 20 31 30 30 36 34 34 20 20 36 36 30 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 84 01 | ..100644..660.......`.L......... |
5920 | 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 | ...........text...............,. |
5940 | 00 00 5c 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 | ..\.............0`.data......... |
5960 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 | ......................@.0..bss.. |
5980 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 | ................................ |
59a0 | 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 66 01 00 00 00 00 | 0..idata$7............4...f..... |
59c0 | 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 | ........0..idata$5............8. |
59e0 | 00 00 70 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 | ..p.............0..idata$4...... |
5a00 | 00 00 04 00 00 00 3c 01 00 00 7a 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 | ......<...z.............0..idata |
5a20 | 24 36 00 00 00 00 00 00 00 00 1c 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | $6............@................. |
5a40 | 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 12 00 45 76 74 49 6e 74 43 72 | ...%....................EvtIntCr |
5a60 | 65 61 74 65 4c 6f 63 61 6c 4c 6f 67 66 69 6c 65 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 | eateLocalLogfile................ |
5a80 | 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 | ...........................text. |
5aa0 | 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 | .............data..............b |
5ac0 | 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 | ss...............idata$7........ |
5ae0 | 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 | ...idata$5...........idata$4.... |
5b00 | 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 | .......idata$6.................. |
5b20 | 00 00 00 00 01 00 00 00 02 00 00 00 00 00 20 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 | ................................ |
5b40 | 42 00 00 00 00 00 00 00 00 00 00 00 02 00 5c 00 00 00 5f 45 76 74 49 6e 74 43 72 65 61 74 65 4c | B.............\..._EvtIntCreateL |
5b60 | 6f 63 61 6c 4c 6f 67 66 69 6c 65 40 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 49 6e 74 43 72 65 61 74 | ocalLogfile@8.__imp__EvtIntCreat |
5b80 | 65 4c 6f 63 61 6c 4c 6f 67 66 69 6c 65 40 38 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 | eLocalLogfile@8.__head_lib32_lib |
5ba0 | 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 31 37 2e 6f 2f 20 20 20 31 34 38 36 30 36 | wevtapi_a.dthvs00017.o/...148606 |
5bc0 | 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 34 36 20 20 20 | 7750..18779.5000..100644..646... |
5be0 | 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 80 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 | ....`.L....................text. |
5c00 | 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 58 01 00 00 00 00 00 00 01 00 00 00 20 00 | ..............,...X............. |
5c20 | 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 0`.data......................... |
5c40 | 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ......@.0..bss.................. |
5c60 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 | ................0..idata$7...... |
5c80 | 00 00 04 00 00 00 34 01 00 00 62 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 | ......4...b.............0..idata |
5ca0 | 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 6c 01 00 00 00 00 00 00 01 00 00 00 00 00 | $5............8...l............. |
5cc0 | 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 76 01 00 00 00 00 | 0..idata$4............<...v..... |
5ce0 | 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 16 00 00 00 40 01 | ........0..idata$6............@. |
5d00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 | ...................%............ |
5d20 | 00 00 00 00 00 00 11 00 45 76 74 49 6e 74 41 73 73 65 72 74 43 6f 6e 66 69 67 00 00 00 00 02 00 | ........EvtIntAssertConfig...... |
5d40 | 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 | ................................ |
5d60 | 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 | .......text..............data... |
5d80 | 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 | ...........bss...............ida |
5da0 | 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 | ta$7...........idata$5.......... |
5dc0 | 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 | .idata$4...........idata$6...... |
5de0 | 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 1b 00 00 00 00 00 | ................................ |
5e00 | 00 00 05 00 00 00 02 00 00 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 02 00 52 00 00 00 5f 45 | ............8.............R..._E |
5e20 | 76 74 49 6e 74 41 73 73 65 72 74 43 6f 6e 66 69 67 40 31 32 00 5f 5f 69 6d 70 5f 5f 45 76 74 49 | vtIntAssertConfig@12.__imp__EvtI |
5e40 | 6e 74 41 73 73 65 72 74 43 6f 6e 66 69 67 40 31 32 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c | ntAssertConfig@12.__head_lib32_l |
5e60 | 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 31 36 2e 6f 2f 20 20 20 31 34 38 36 | ibwevtapi_a.dthvs00016.o/...1486 |
5e80 | 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 33 36 20 | 067750..18779.5000..100644..636. |
5ea0 | 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 7c 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 | ......`.L.......|............tex |
5ec0 | 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 54 01 00 00 00 00 00 00 01 00 00 00 | t...............,...T........... |
5ee0 | 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ..0`.data....................... |
5f00 | 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........@.0..bss................ |
5f20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 | ..................0..idata$7.... |
5f40 | 00 00 00 00 04 00 00 00 34 01 00 00 5e 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 | ........4...^.............0..ida |
5f60 | 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 68 01 00 00 00 00 00 00 01 00 00 00 | ta$5............8...h........... |
5f80 | 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 72 01 00 00 | ..0..idata$4............<...r... |
5fa0 | 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 12 00 00 00 | ..........0..idata$6............ |
5fc0 | 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 | @....................%.......... |
5fe0 | 00 00 00 00 00 00 00 00 10 00 45 76 74 47 65 74 51 75 65 72 79 49 6e 66 6f 00 00 00 02 00 00 00 | ..........EvtGetQueryInfo....... |
6000 | 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 | ................................ |
6020 | 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 | .....text..............data..... |
6040 | 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 | .........bss...............idata |
6060 | 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 | $7...........idata$5...........i |
6080 | 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 | data$4...........idata$6........ |
60a0 | 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 18 00 00 00 00 00 00 00 | ................................ |
60c0 | 05 00 00 00 02 00 00 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 02 00 4c 00 00 00 5f 45 76 74 | ..........2.............L..._Evt |
60e0 | 47 65 74 51 75 65 72 79 49 6e 66 6f 40 32 30 00 5f 5f 69 6d 70 5f 5f 45 76 74 47 65 74 51 75 65 | GetQueryInfo@20.__imp__EvtGetQue |
6100 | 72 79 49 6e 66 6f 40 32 30 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 | ryInfo@20.__head_lib32_libwevtap |
6120 | 69 5f 61 00 64 74 68 76 73 30 30 30 31 35 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 | i_a.dthvs00015.o/...1486067750.. |
6140 | 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 38 34 20 20 20 20 20 20 20 60 0a | 18779.5000..100644..684.......`. |
6160 | 4c 01 07 00 00 00 00 00 8c 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 | L....................text....... |
6180 | 00 00 00 00 08 00 00 00 2c 01 00 00 64 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 | ........,...d.............0`.dat |
61a0 | 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | a............................... |
61c0 | 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | @.0..bss........................ |
61e0 | 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 | ..........0..idata$7............ |
6200 | 34 01 00 00 6e 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 | 4...n.............0..idata$5.... |
6220 | 00 00 00 00 04 00 00 00 38 01 00 00 78 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 | ........8...x.............0..ida |
6240 | 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 82 01 00 00 00 00 00 00 01 00 00 00 | ta$4............<............... |
6260 | 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 22 00 00 00 40 01 00 00 00 00 00 00 | ..0..idata$6........"...@....... |
6280 | 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 | .............%.................. |
62a0 | 0f 00 45 76 74 47 65 74 50 75 62 6c 69 73 68 65 72 4d 65 74 61 64 61 74 61 50 72 6f 70 65 72 74 | ..EvtGetPublisherMetadataPropert |
62c0 | 79 00 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 | y............................... |
62e0 | 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 | .............text..............d |
6300 | 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 | ata..............bss............ |
6320 | 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 | ...idata$7...........idata$5.... |
6340 | 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 | .......idata$4...........idata$6 |
6360 | 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 | ................................ |
6380 | 28 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 52 00 00 00 00 00 00 00 00 00 00 00 02 00 | (.................R............. |
63a0 | 6c 00 00 00 5f 45 76 74 47 65 74 50 75 62 6c 69 73 68 65 72 4d 65 74 61 64 61 74 61 50 72 6f 70 | l..._EvtGetPublisherMetadataProp |
63c0 | 65 72 74 79 40 32 34 00 5f 5f 69 6d 70 5f 5f 45 76 74 47 65 74 50 75 62 6c 69 73 68 65 72 4d 65 | erty@24.__imp__EvtGetPublisherMe |
63e0 | 74 61 64 61 74 61 50 72 6f 70 65 72 74 79 40 32 34 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c | tadataProperty@24.__head_lib32_l |
6400 | 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 31 34 2e 6f 2f 20 20 20 31 34 38 36 | ibwevtapi_a.dthvs00014.o/...1486 |
6420 | 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 35 30 20 | 067750..18779.5000..100644..650. |
6440 | 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 80 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 | ......`.L....................tex |
6460 | 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 58 01 00 00 00 00 00 00 01 00 00 00 | t...............,...X........... |
6480 | 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ..0`.data....................... |
64a0 | 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........@.0..bss................ |
64c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 | ..................0..idata$7.... |
64e0 | 00 00 00 00 04 00 00 00 34 01 00 00 62 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 | ........4...b.............0..ida |
6500 | 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 6c 01 00 00 00 00 00 00 01 00 00 00 | ta$5............8...l........... |
6520 | 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 76 01 00 00 | ..0..idata$4............<...v... |
6540 | 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 18 00 00 00 | ..........0..idata$6............ |
6560 | 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 | @....................%.......... |
6580 | 00 00 00 00 00 00 00 00 0e 00 45 76 74 47 65 74 4f 62 6a 65 63 74 41 72 72 61 79 53 69 7a 65 00 | ..........EvtGetObjectArraySize. |
65a0 | 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 | ................................ |
65c0 | 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 | .........text..............data. |
65e0 | 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 | .............bss...............i |
6600 | 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 | data$7...........idata$5........ |
6620 | 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 | ...idata$4...........idata$6.... |
6640 | 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 1d 00 00 00 | ................................ |
6660 | 00 00 00 00 05 00 00 00 02 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 02 00 56 00 00 00 | ..............<.............V... |
6680 | 5f 45 76 74 47 65 74 4f 62 6a 65 63 74 41 72 72 61 79 53 69 7a 65 40 38 00 5f 5f 69 6d 70 5f 5f | _EvtGetObjectArraySize@8.__imp__ |
66a0 | 45 76 74 47 65 74 4f 62 6a 65 63 74 41 72 72 61 79 53 69 7a 65 40 38 00 5f 5f 68 65 61 64 5f 6c | EvtGetObjectArraySize@8.__head_l |
66c0 | 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 31 33 2e 6f 2f 20 | ib32_libwevtapi_a.dthvs00013.o/. |
66e0 | 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 | ..1486067750..18779.5000..100644 |
6700 | 20 20 36 36 34 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 84 01 00 00 0a 00 00 00 00 00 | ..664.......`.L................. |
6720 | 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 5c 01 00 00 00 00 | ...text...............,...\..... |
6740 | 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........0`.data................. |
6760 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 | ..............@.0..bss.......... |
6780 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 | ........................0..idata |
67a0 | 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 66 01 00 00 00 00 00 00 01 00 00 00 00 00 | $7............4...f............. |
67c0 | 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 70 01 00 00 00 00 | 0..idata$5............8...p..... |
67e0 | 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 | ........0..idata$4............<. |
6800 | 00 00 7a 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 | ..z.............0..idata$6...... |
6820 | 00 00 1c 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 | ......@....................%.... |
6840 | 90 90 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 45 76 74 47 65 74 4f 62 6a 65 63 74 41 72 72 61 | ................EvtGetObjectArra |
6860 | 79 50 72 6f 70 65 72 74 79 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 | yProperty....................... |
6880 | 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 | ...................text......... |
68a0 | 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 | .....data..............bss...... |
68c0 | 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 | .........idata$7...........idata |
68e0 | 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 | $5...........idata$4...........i |
6900 | 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 | data$6.......................... |
6920 | 02 00 00 00 00 00 22 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 46 00 00 00 00 00 00 00 | ......".................F....... |
6940 | 00 00 00 00 02 00 60 00 00 00 5f 45 76 74 47 65 74 4f 62 6a 65 63 74 41 72 72 61 79 50 72 6f 70 | ......`..._EvtGetObjectArrayProp |
6960 | 65 72 74 79 40 32 38 00 5f 5f 69 6d 70 5f 5f 45 76 74 47 65 74 4f 62 6a 65 63 74 41 72 72 61 79 | erty@28.__imp__EvtGetObjectArray |
6980 | 50 72 6f 70 65 72 74 79 40 32 38 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 | Property@28.__head_lib32_libwevt |
69a0 | 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 31 32 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 | api_a.dthvs00012.o/...1486067750 |
69c0 | 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 32 38 20 20 20 20 20 20 20 | ..18779.5000..100644..628....... |
69e0 | 60 0a 4c 01 07 00 00 00 00 00 78 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 | `.L.......x............text..... |
6a00 | 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 50 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 | ..........,...P.............0`.d |
6a20 | 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ata............................. |
6a40 | 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ..@.0..bss...................... |
6a60 | 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 | ............0..idata$7.......... |
6a80 | 00 00 34 01 00 00 5a 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 | ..4...Z.............0..idata$5.. |
6aa0 | 00 00 00 00 00 00 04 00 00 00 38 01 00 00 64 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 | ..........8...d.............0..i |
6ac0 | 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 6e 01 00 00 00 00 00 00 01 00 | data$4............<...n......... |
6ae0 | 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 10 00 00 00 40 01 00 00 00 00 | ....0..idata$6............@..... |
6b00 | 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 | ...............%................ |
6b20 | 00 00 0c 00 45 76 74 47 65 74 4c 6f 67 49 6e 66 6f 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 | ....EvtGetLogInfo............... |
6b40 | 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 | ...........................text. |
6b60 | 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 | .............data..............b |
6b80 | 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 | ss...............idata$7........ |
6ba0 | 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 | ...idata$5...........idata$4.... |
6bc0 | 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 | .......idata$6.................. |
6be0 | 00 00 00 00 01 00 00 00 02 00 00 00 00 00 16 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 | ................................ |
6c00 | 2e 00 00 00 00 00 00 00 00 00 00 00 02 00 48 00 00 00 5f 45 76 74 47 65 74 4c 6f 67 49 6e 66 6f | ..............H..._EvtGetLogInfo |
6c20 | 40 32 30 00 5f 5f 69 6d 70 5f 5f 45 76 74 47 65 74 4c 6f 67 49 6e 66 6f 40 32 30 00 5f 5f 68 65 | @20.__imp__EvtGetLogInfo@20.__he |
6c40 | 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 31 31 | ad_lib32_libwevtapi_a.dthvs00011 |
6c60 | 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 | .o/...1486067750..18779.5000..10 |
6c80 | 30 36 34 34 20 20 36 35 30 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 80 01 00 00 0a 00 | 0644..650.......`.L............. |
6ca0 | 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 58 01 | .......text...............,...X. |
6cc0 | 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 | ............0`.data............. |
6ce0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 | ..................@.0..bss...... |
6d00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 | ............................0..i |
6d20 | 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 62 01 00 00 00 00 00 00 01 00 | data$7............4...b......... |
6d40 | 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 6c 01 | ....0..idata$5............8...l. |
6d60 | 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 | ............0..idata$4.......... |
6d80 | 00 00 3c 01 00 00 76 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 | ..<...v.............0..idata$6.. |
6da0 | 00 00 00 00 00 00 18 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 | ..........@....................% |
6dc0 | 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 45 76 74 47 65 74 45 78 74 65 6e 64 | ....................EvtGetExtend |
6de0 | 65 64 53 74 61 74 75 73 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 | edStatus........................ |
6e00 | 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 | ...................text......... |
6e20 | 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 | .....data..............bss...... |
6e40 | 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 | .........idata$7...........idata |
6e60 | 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 | $5...........idata$4...........i |
6e80 | 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 | data$6.......................... |
6ea0 | 02 00 00 00 00 00 1d 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 3c 00 00 00 00 00 00 00 | ........................<....... |
6ec0 | 00 00 00 00 02 00 56 00 00 00 5f 45 76 74 47 65 74 45 78 74 65 6e 64 65 64 53 74 61 74 75 73 40 | ......V..._EvtGetExtendedStatus@ |
6ee0 | 31 32 00 5f 5f 69 6d 70 5f 5f 45 76 74 47 65 74 45 78 74 65 6e 64 65 64 53 74 61 74 75 73 40 31 | 12.__imp__EvtGetExtendedStatus@1 |
6f00 | 32 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 | 2.__head_lib32_libwevtapi_a.dthv |
6f20 | 73 30 30 30 31 30 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 | s00010.o/...1486067750..18779.50 |
6f40 | 30 30 20 20 31 30 30 36 34 34 20 20 36 37 32 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 | 00..100644..672.......`.L....... |
6f60 | 88 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 | .............text............... |
6f80 | 2c 01 00 00 60 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 | ,...`.............0`.data....... |
6fa0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 | ........................@.0..bss |
6fc0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................................ |
6fe0 | 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 6a 01 00 00 | ..0..idata$7............4...j... |
7000 | 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 | ..........0..idata$5............ |
7020 | 38 01 00 00 74 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 | 8...t.............0..idata$4.... |
7040 | 00 00 00 00 04 00 00 00 3c 01 00 00 7e 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 | ........<...~.............0..ida |
7060 | 74 61 24 36 00 00 00 00 00 00 00 00 1e 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ta$6............@............... |
7080 | 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 45 76 74 47 65 74 | .....%....................EvtGet |
70a0 | 45 76 65 6e 74 4d 65 74 61 64 61 74 61 50 72 6f 70 65 72 74 79 00 00 00 02 00 00 00 04 00 00 00 | EventMetadataProperty........... |
70c0 | 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 | ................................ |
70e0 | 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 | .text..............data......... |
7100 | 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 | .....bss...............idata$7.. |
7120 | 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 | .........idata$5...........idata |
7140 | 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 | $4...........idata$6............ |
7160 | 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 24 00 00 00 00 00 00 00 05 00 00 00 | ....................$........... |
7180 | 02 00 00 00 00 00 4a 00 00 00 00 00 00 00 00 00 00 00 02 00 64 00 00 00 5f 45 76 74 47 65 74 45 | ......J.............d..._EvtGetE |
71a0 | 76 65 6e 74 4d 65 74 61 64 61 74 61 50 72 6f 70 65 72 74 79 40 32 34 00 5f 5f 69 6d 70 5f 5f 45 | ventMetadataProperty@24.__imp__E |
71c0 | 76 74 47 65 74 45 76 65 6e 74 4d 65 74 61 64 61 74 61 50 72 6f 70 65 72 74 79 40 32 34 00 5f 5f | vtGetEventMetadataProperty@24.__ |
71e0 | 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 | head_lib32_libwevtapi_a.dthvs000 |
7200 | 30 39 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 | 09.o/...1486067750..18779.5000.. |
7220 | 31 30 30 36 34 34 20 20 36 33 36 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 7c 01 00 00 | 100644..636.......`.L.......|... |
7240 | 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 | .........text...............,... |
7260 | 54 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 | T.............0`.data........... |
7280 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 | ....................@.0..bss.... |
72a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 | ..............................0. |
72c0 | 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 5e 01 00 00 00 00 00 00 | .idata$7............4...^....... |
72e0 | 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 | ......0..idata$5............8... |
7300 | 68 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 | h.............0..idata$4........ |
7320 | 04 00 00 00 3c 01 00 00 72 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 | ....<...r.............0..idata$6 |
7340 | 00 00 00 00 00 00 00 00 12 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 | ............@................... |
7360 | ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 09 00 45 76 74 47 65 74 45 76 65 6e | .%....................EvtGetEven |
7380 | 74 49 6e 66 6f 00 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 | tInfo........................... |
73a0 | 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 | .................text........... |
73c0 | 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 | ...data..............bss........ |
73e0 | 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 | .......idata$7...........idata$5 |
7400 | 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 | ...........idata$4...........ida |
7420 | 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 | ta$6............................ |
7440 | 00 00 00 00 18 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 32 00 00 00 00 00 00 00 00 00 | ......................2......... |
7460 | 00 00 02 00 4c 00 00 00 5f 45 76 74 47 65 74 45 76 65 6e 74 49 6e 66 6f 40 32 30 00 5f 5f 69 6d | ....L..._EvtGetEventInfo@20.__im |
7480 | 70 5f 5f 45 76 74 47 65 74 45 76 65 6e 74 49 6e 66 6f 40 32 30 00 5f 5f 68 65 61 64 5f 6c 69 62 | p__EvtGetEventInfo@20.__head_lib |
74a0 | 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 30 38 2e 6f 2f 20 20 20 | 32_libwevtapi_a.dthvs00008.o/... |
74c0 | 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 | 1486067750..18779.5000..100644.. |
74e0 | 36 37 32 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 88 01 00 00 0a 00 00 00 00 00 04 01 | 672.......`.L................... |
7500 | 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 60 01 00 00 00 00 00 00 | .text...............,...`....... |
7520 | 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ......0`.data................... |
7540 | 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 | ............@.0..bss............ |
7560 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 | ......................0..idata$7 |
7580 | 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 6a 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 | ............4...j.............0. |
75a0 | 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 74 01 00 00 00 00 00 00 | .idata$5............8...t....... |
75c0 | 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 | ......0..idata$4............<... |
75e0 | 7e 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 | ~.............0..idata$6........ |
7600 | 1e 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 | ....@....................%...... |
7620 | 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 76 74 47 65 74 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 | ..............EvtGetChannelConfi |
7640 | 67 50 72 6f 70 65 72 74 79 00 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 | gProperty....................... |
7660 | 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 | .....................text....... |
7680 | 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 | .......data..............bss.... |
76a0 | 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 | ...........idata$7...........ida |
76c0 | 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 | ta$5...........idata$4.......... |
76e0 | 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 | .idata$6........................ |
7700 | 00 00 02 00 00 00 00 00 24 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 4a 00 00 00 00 00 | ........$.................J..... |
7720 | 00 00 00 00 00 00 02 00 64 00 00 00 5f 45 76 74 47 65 74 43 68 61 6e 6e 65 6c 43 6f 6e 66 69 67 | ........d..._EvtGetChannelConfig |
7740 | 50 72 6f 70 65 72 74 79 40 32 34 00 5f 5f 69 6d 70 5f 5f 45 76 74 47 65 74 43 68 61 6e 6e 65 6c | Property@24.__imp__EvtGetChannel |
7760 | 43 6f 6e 66 69 67 50 72 6f 70 65 72 74 79 40 32 34 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c | ConfigProperty@24.__head_lib32_l |
7780 | 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 30 37 2e 6f 2f 20 20 20 31 34 38 36 | ibwevtapi_a.dthvs00007.o/...1486 |
77a0 | 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 33 38 20 | 067750..18779.5000..100644..638. |
77c0 | 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 7c 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 | ......`.L.......|............tex |
77e0 | 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 54 01 00 00 00 00 00 00 01 00 00 00 | t...............,...T........... |
7800 | 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ..0`.data....................... |
7820 | 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........@.0..bss................ |
7840 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 | ..................0..idata$7.... |
7860 | 00 00 00 00 04 00 00 00 34 01 00 00 5e 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 | ........4...^.............0..ida |
7880 | 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 68 01 00 00 00 00 00 00 01 00 00 00 | ta$5............8...h........... |
78a0 | 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 72 01 00 00 | ..0..idata$4............<...r... |
78c0 | 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 14 00 00 00 | ..........0..idata$6............ |
78e0 | 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 | @....................%.......... |
7900 | 00 00 00 00 00 00 00 00 07 00 45 76 74 46 6f 72 6d 61 74 4d 65 73 73 61 67 65 00 00 02 00 00 00 | ..........EvtFormatMessage...... |
7920 | 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 | ................................ |
7940 | 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 | .....text..............data..... |
7960 | 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 | .........bss...............idata |
7980 | 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 | $7...........idata$5...........i |
79a0 | 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 | data$4...........idata$6........ |
79c0 | 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 19 00 00 00 00 00 00 00 | ................................ |
79e0 | 05 00 00 00 02 00 00 00 00 00 34 00 00 00 00 00 00 00 00 00 00 00 02 00 4e 00 00 00 5f 45 76 74 | ..........4.............N..._Evt |
7a00 | 46 6f 72 6d 61 74 4d 65 73 73 61 67 65 40 33 36 00 5f 5f 69 6d 70 5f 5f 45 76 74 46 6f 72 6d 61 | FormatMessage@36.__imp__EvtForma |
7a20 | 74 4d 65 73 73 61 67 65 40 33 36 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 | tMessage@36.__head_lib32_libwevt |
7a40 | 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 30 36 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 | api_a.dthvs00006.o/...1486067750 |
7a60 | 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 32 36 20 20 20 20 20 20 20 | ..18779.5000..100644..626....... |
7a80 | 60 0a 4c 01 07 00 00 00 00 00 78 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 | `.L.......x............text..... |
7aa0 | 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 50 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 | ..........,...P.............0`.d |
7ac0 | 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ata............................. |
7ae0 | 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ..@.0..bss...................... |
7b00 | 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 | ............0..idata$7.......... |
7b20 | 00 00 34 01 00 00 5a 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 | ..4...Z.............0..idata$5.. |
7b40 | 00 00 00 00 00 00 04 00 00 00 38 01 00 00 64 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 | ..........8...d.............0..i |
7b60 | 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 6e 01 00 00 00 00 00 00 01 00 | data$4............<...n......... |
7b80 | 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 10 00 00 00 40 01 00 00 00 00 | ....0..idata$6............@..... |
7ba0 | 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 | ...............%................ |
7bc0 | 00 00 06 00 45 76 74 45 78 70 6f 72 74 4c 6f 67 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 | ....EvtExportLog................ |
7be0 | 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 | ...........................text. |
7c00 | 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 | .............data..............b |
7c20 | 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 | ss...............idata$7........ |
7c40 | 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 | ...idata$5...........idata$4.... |
7c60 | 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 | .......idata$6.................. |
7c80 | 00 00 00 00 01 00 00 00 02 00 00 00 00 00 15 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 | ................................ |
7ca0 | 2c 00 00 00 00 00 00 00 00 00 00 00 02 00 46 00 00 00 5f 45 76 74 45 78 70 6f 72 74 4c 6f 67 40 | ,.............F..._EvtExportLog@ |
7cc0 | 32 30 00 5f 5f 69 6d 70 5f 5f 45 76 74 45 78 70 6f 72 74 4c 6f 67 40 32 30 00 5f 5f 68 65 61 64 | 20.__imp__EvtExportLog@20.__head |
7ce0 | 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 30 35 2e 6f | _lib32_libwevtapi_a.dthvs00005.o |
7d00 | 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 | /...1486067750..18779.5000..1006 |
7d20 | 34 34 20 20 36 35 38 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 84 01 00 00 0a 00 00 00 | 44..658.......`.L............... |
7d40 | 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 5c 01 00 00 | .....text...............,...\... |
7d60 | 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ..........0`.data............... |
7d80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 | ................@.0..bss........ |
7da0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 | ..........................0..ida |
7dc0 | 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 66 01 00 00 00 00 00 00 01 00 00 00 | ta$7............4...f........... |
7de0 | 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 70 01 00 00 | ..0..idata$5............8...p... |
7e00 | 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 | ..........0..idata$4............ |
7e20 | 3c 01 00 00 7a 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 | <...z.............0..idata$6.... |
7e40 | 00 00 00 00 1a 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 | ........@....................%.. |
7e60 | 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 05 00 45 76 74 43 72 65 61 74 65 52 65 6e 64 65 | ..................EvtCreateRende |
7e80 | 72 43 6f 6e 74 65 78 74 00 00 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 | rContext........................ |
7ea0 | 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 | .....................text....... |
7ec0 | 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 | .......data..............bss.... |
7ee0 | 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 | ...........idata$7...........ida |
7f00 | 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 | ta$5...........idata$4.......... |
7f20 | 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 | .idata$6........................ |
7f40 | 00 00 02 00 00 00 00 00 1f 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 40 00 00 00 00 00 | ..........................@..... |
7f60 | 00 00 00 00 00 00 02 00 5a 00 00 00 5f 45 76 74 43 72 65 61 74 65 52 65 6e 64 65 72 43 6f 6e 74 | ........Z..._EvtCreateRenderCont |
7f80 | 65 78 74 40 31 32 00 5f 5f 69 6d 70 5f 5f 45 76 74 43 72 65 61 74 65 52 65 6e 64 65 72 43 6f 6e | ext@12.__imp__EvtCreateRenderCon |
7fa0 | 74 65 78 74 40 31 32 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f | text@12.__head_lib32_libwevtapi_ |
7fc0 | 61 00 64 74 68 76 73 30 30 30 30 34 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 | a.dthvs00004.o/...1486067750..18 |
7fe0 | 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 33 38 20 20 20 20 20 20 20 60 0a 4c 01 | 779.5000..100644..638.......`.L. |
8000 | 07 00 00 00 00 00 7c 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 | ......|............text......... |
8020 | 00 00 08 00 00 00 2c 01 00 00 54 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 | ......,...T.............0`.data. |
8040 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 | ..............................@. |
8060 | 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 0..bss.......................... |
8080 | 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 | ........0..idata$7............4. |
80a0 | 00 00 5e 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 | ..^.............0..idata$5...... |
80c0 | 00 00 04 00 00 00 38 01 00 00 68 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 | ......8...h.............0..idata |
80e0 | 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 72 01 00 00 00 00 00 00 01 00 00 00 00 00 | $4............<...r............. |
8100 | 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 14 00 00 00 40 01 00 00 00 00 00 00 00 00 | 0..idata$6............@......... |
8120 | 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 04 00 | ...........%.................... |
8140 | 45 76 74 43 72 65 61 74 65 42 6f 6f 6b 6d 61 72 6b 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 | EvtCreateBookmark............... |
8160 | 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 | ...........................text. |
8180 | 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 | .............data..............b |
81a0 | 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 | ss...............idata$7........ |
81c0 | 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 | ...idata$5...........idata$4.... |
81e0 | 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 | .......idata$6.................. |
8200 | 00 00 00 00 01 00 00 00 02 00 00 00 00 00 19 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 | ................................ |
8220 | 34 00 00 00 00 00 00 00 00 00 00 00 02 00 4e 00 00 00 5f 45 76 74 43 72 65 61 74 65 42 6f 6f 6b | 4.............N..._EvtCreateBook |
8240 | 6d 61 72 6b 40 34 00 5f 5f 69 6d 70 5f 5f 45 76 74 43 72 65 61 74 65 42 6f 6f 6b 6d 61 72 6b 40 | mark@4.__imp__EvtCreateBookmark@ |
8260 | 34 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 | 4.__head_lib32_libwevtapi_a.dthv |
8280 | 73 30 30 30 30 33 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 | s00003.o/...1486067750..18779.50 |
82a0 | 30 30 20 20 31 30 30 36 34 34 20 20 36 31 32 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 | 00..100644..612.......`.L....... |
82c0 | 74 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 | t............text............... |
82e0 | 2c 01 00 00 4c 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 | ,...L.............0`.data....... |
8300 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 | ........................@.0..bss |
8320 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................................ |
8340 | 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 56 01 00 00 | ..0..idata$7............4...V... |
8360 | 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 | ..........0..idata$5............ |
8380 | 38 01 00 00 60 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 | 8...`.............0..idata$4.... |
83a0 | 00 00 00 00 04 00 00 00 3c 01 00 00 6a 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 | ........<...j.............0..ida |
83c0 | 74 61 24 36 00 00 00 00 00 00 00 00 0c 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ta$6............@............... |
83e0 | 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 03 00 45 76 74 43 6c 6f | .....%....................EvtClo |
8400 | 73 65 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 | se.............................. |
8420 | 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 | .............text..............d |
8440 | 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 | ata..............bss............ |
8460 | 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 | ...idata$7...........idata$5.... |
8480 | 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 | .......idata$4...........idata$6 |
84a0 | 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 | ................................ |
84c0 | 10 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 02 00 | .................."............. |
84e0 | 3c 00 00 00 5f 45 76 74 43 6c 6f 73 65 40 34 00 5f 5f 69 6d 70 5f 5f 45 76 74 43 6c 6f 73 65 40 | <..._EvtClose@4.__imp__EvtClose@ |
8500 | 34 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 | 4.__head_lib32_libwevtapi_a.dthv |
8520 | 73 30 30 30 30 32 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 35 30 20 20 31 38 37 37 39 20 35 30 | s00002.o/...1486067750..18779.50 |
8540 | 30 30 20 20 31 30 30 36 34 34 20 20 36 32 34 20 20 20 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 | 00..100644..624.......`.L....... |
8560 | 78 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 | x............text............... |
8580 | 2c 01 00 00 50 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 | ,...P.............0`.data....... |
85a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 | ........................@.0..bss |
85c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................................ |
85e0 | 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 04 00 00 00 34 01 00 00 5a 01 00 00 | ..0..idata$7............4...Z... |
8600 | 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 00 00 00 00 00 00 00 00 04 00 00 00 | ..........0..idata$5............ |
8620 | 38 01 00 00 64 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 | 8...d.............0..idata$4.... |
8640 | 00 00 00 00 04 00 00 00 3c 01 00 00 6e 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 | ........<...n.............0..ida |
8660 | 74 61 24 36 00 00 00 00 00 00 00 00 0e 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ta$6............@............... |
8680 | 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 00 00 00 00 02 00 45 76 74 43 6c 65 | .....%....................EvtCle |
86a0 | 61 72 4c 6f 67 00 00 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 | arLog........................... |
86c0 | 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 | .................text........... |
86e0 | 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 | ...data..............bss........ |
8700 | 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 | .......idata$7...........idata$5 |
8720 | 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 | ...........idata$4...........ida |
8740 | 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 | ta$6............................ |
8760 | 00 00 00 00 14 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 2a 00 00 00 00 00 00 00 00 00 | ......................*......... |
8780 | 00 00 02 00 44 00 00 00 5f 45 76 74 43 6c 65 61 72 4c 6f 67 40 31 36 00 5f 5f 69 6d 70 5f 5f 45 | ....D..._EvtClearLog@16.__imp__E |
87a0 | 76 74 43 6c 65 61 72 4c 6f 67 40 31 36 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 77 65 | vtClearLog@16.__head_lib32_libwe |
87c0 | 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 30 31 2e 6f 2f 20 20 20 31 34 38 36 30 36 37 37 | vtapi_a.dthvs00001.o/...14860677 |
87e0 | 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 31 34 20 20 20 20 20 | 50..18779.5000..100644..614..... |
8800 | 20 20 60 0a 4c 01 07 00 00 00 00 00 74 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 00 00 | ..`.L.......t............text... |
8820 | 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 4c 01 00 00 00 00 00 00 01 00 00 00 20 00 30 60 | ............,...L.............0` |
8840 | 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .data........................... |
8860 | 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ....@.0..bss.................... |
8880 | 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 00 00 | ..............0..idata$7........ |
88a0 | 04 00 00 00 34 01 00 00 56 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 35 | ....4...V.............0..idata$5 |
88c0 | 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 60 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 | ............8...`.............0. |
88e0 | 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 6a 01 00 00 00 00 00 00 | .idata$4............<...j....... |
8900 | 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 0c 00 00 00 40 01 00 00 | ......0..idata$6............@... |
8920 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 00 00 | .................%.............. |
8940 | 00 00 00 00 01 00 45 76 74 43 61 6e 63 65 6c 00 02 00 00 00 04 00 00 00 06 00 00 00 00 00 09 00 | ......EvtCancel................. |
8960 | 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 | .........................text... |
8980 | 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 | ...........data..............bss |
89a0 | 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 74 61 24 37 00 00 00 00 04 00 00 00 03 00 | ...............idata$7.......... |
89c0 | 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 | .idata$5...........idata$4...... |
89e0 | 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 | .....idata$6.................... |
8a00 | 00 00 01 00 00 00 02 00 00 00 00 00 11 00 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 24 00 | ..............................$. |
8a20 | 00 00 00 00 00 00 00 00 00 00 02 00 3e 00 00 00 5f 45 76 74 43 61 6e 63 65 6c 40 34 00 5f 5f 69 | ............>..._EvtCancel@4.__i |
8a40 | 6d 70 5f 5f 45 76 74 43 61 6e 63 65 6c 40 34 00 5f 5f 68 65 61 64 5f 6c 69 62 33 32 5f 6c 69 62 | mp__EvtCancel@4.__head_lib32_lib |
8a60 | 77 65 76 74 61 70 69 5f 61 00 64 74 68 76 73 30 30 30 30 30 2e 6f 2f 20 20 20 31 34 38 36 30 36 | wevtapi_a.dthvs00000.o/...148606 |
8a80 | 37 37 35 30 20 20 31 38 37 37 39 20 35 30 30 30 20 20 31 30 30 36 34 34 20 20 36 35 32 20 20 20 | 7750..18779.5000..100644..652... |
8aa0 | 20 20 20 20 60 0a 4c 01 07 00 00 00 00 00 80 01 00 00 0a 00 00 00 00 00 04 01 2e 74 65 78 74 00 | ....`.L....................text. |
8ac0 | 00 00 00 00 00 00 00 00 00 00 08 00 00 00 2c 01 00 00 58 01 00 00 00 00 00 00 01 00 00 00 20 00 | ..............,...X............. |
8ae0 | 30 60 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 0`.data......................... |
8b00 | 00 00 00 00 00 00 40 00 30 c0 2e 62 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ......@.0..bss.................. |
8b20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 30 c0 2e 69 64 61 74 61 24 37 00 00 00 00 00 00 | ................0..idata$7...... |
8b40 | 00 00 04 00 00 00 34 01 00 00 62 01 00 00 00 00 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 | ......4...b.............0..idata |
8b60 | 24 35 00 00 00 00 00 00 00 00 04 00 00 00 38 01 00 00 6c 01 00 00 00 00 00 00 01 00 00 00 00 00 | $5............8...l............. |
8b80 | 30 c0 2e 69 64 61 74 61 24 34 00 00 00 00 00 00 00 00 04 00 00 00 3c 01 00 00 76 01 00 00 00 00 | 0..idata$4............<...v..... |
8ba0 | 00 00 01 00 00 00 00 00 30 c0 2e 69 64 61 74 61 24 36 00 00 00 00 00 00 00 00 18 00 00 00 40 01 | ........0..idata$6............@. |
8bc0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c0 ff 25 00 00 00 00 90 90 00 00 00 00 00 00 | ...................%............ |
8be0 | 00 00 00 00 00 00 00 00 45 76 74 41 72 63 68 69 76 65 45 78 70 6f 72 74 65 64 4c 6f 67 00 02 00 | ........EvtArchiveExportedLog... |
8c00 | 00 00 04 00 00 00 06 00 00 00 00 00 09 00 00 00 07 00 00 00 00 00 06 00 00 00 07 00 00 00 00 00 | ................................ |
8c20 | 06 00 00 00 07 00 2e 74 65 78 74 00 00 00 00 00 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 | .......text..............data... |
8c40 | 00 00 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 00 00 00 00 03 00 00 00 03 00 2e 69 64 61 | ...........bss...............ida |
8c60 | 74 61 24 37 00 00 00 00 04 00 00 00 03 00 2e 69 64 61 74 61 24 35 00 00 00 00 05 00 00 00 03 00 | ta$7...........idata$5.......... |
8c80 | 2e 69 64 61 74 61 24 34 00 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 00 00 00 00 07 00 | .idata$4...........idata$6...... |
8ca0 | 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 1e 00 00 00 00 00 | ................................ |
8cc0 | 00 00 05 00 00 00 02 00 00 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 02 00 58 00 00 00 5f 45 | ............>.............X..._E |
8ce0 | 76 74 41 72 63 68 69 76 65 45 78 70 6f 72 74 65 64 4c 6f 67 40 31 36 00 5f 5f 69 6d 70 5f 5f 45 | vtArchiveExportedLog@16.__imp__E |
8d00 | 76 74 41 72 63 68 69 76 65 45 78 70 6f 72 74 65 64 4c 6f 67 40 31 36 00 5f 5f 68 65 61 64 5f 6c | vtArchiveExportedLog@16.__head_l |
8d20 | 69 62 33 32 5f 6c 69 62 77 65 76 74 61 70 69 5f 61 00 | ib32_libwevtapi_a. |