ElfFilejElfChnkȰn&\ @+&ͳͳͳͳͳͳͳͳͳͳͳͳͳͳͳͳͳͳ~&*[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]]&S5:i0dD':^ic&-\ @i+@&*[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]]PSPr&i*[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]]EYt&*[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]]& *[System[Provider[@Name='Microsoft-Windows-FailoverClustering']]]& \ & @,S5:s>O]6|& C:\Windows\s&t m32\Windows.Networking.BackgroundTransfer.dllrovisi&i \ @+& *[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]]|&` S5:*|iC88Rro)&kc\ @+.&v8&|udTransfer.dlll̳;&y\ @n+E2&B\*[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]]M20 &Hcr &WoC:\Windows\system32\Windows.System.Profile.HardwareId.dllroller&^\ @+S5:ʦXOIJwpyl&%4̳&$߳C:\Program Files\Windows NT\Accessories\WORDPAD.EXEh&,u\ j&*?+S5:T""HwMAn#oma&3t\ @k*d&0DЌ5t@Mqm#lz&:eMicrosoft-Windows-TerminalSe~&ies-SessionBroker-Client/Adminll-Rs&oMicrosoft-Windows-TerminalServices-SH& v(JvieralicateC:\Wstem32\gackgB&u*[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]]trol\&tings.dll^&\ @+zS5:UI;-BC'V&lW&o\ @+S5:áMa*oBV'\ @+q(qlE6'2̳'۳C:\Windows\System32\MsSpellCheckingFacility.dll'i \ '*[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]]+'S5:<`rC'"Microsoft-Windows-Security-E'hngeActiveSyncProvisioning'#\ @s+J' *[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]]'!S5:̳F}%\ ̳: ̳:'G"*[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]]dll'g#''\ @>+#srHO o%In'$\ @+vS5:oDA!io'l)\ '%@5+ S5:Y?^OfSщ;'*\ 'f&4+ >tbԻg7F-fճnM'oa+\ @+('l'EOaK-{Ln8z#.'v,Microsoft-Windows-TerminalSe"'ri(*[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]]anag<'x.)eploymentProvider.dllificat0'De.\ @+6'N*.K7WKl 'K/\ @+'Ti+zC#rV'R0\ @G+S5:k~Nb''Z,'Yo1\ @+S5:. n\G-,).c' -̳ћ̳̳؛̳̳0ͳ ͳPͳͳpͳ@'ͳ"ͳ ͳ/ͳOͳp\ͳ0yͳ`iͳͳn'6.@*xneʤAU/Af'>i4\ x'<//+S5:Vy8cC~"'5\ @D+r'0 lDG킹rtiH' -6Microsoft-Windows-TerminalSeL'i1es-ServerUSBDevices/AdminlyticngeAA'i7\ @+F'2S5:-kOJX.sԞWSeZ'i8\ @1+P'3S5:,ᅌ,KpXWiS'o9\ @+S5: 48u0H,2 R :\ @+ QJL 5#cr o;\ @+tS5:sHTH".v 6*[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]]\ 7*[System[Provider[@Name='Microsoft-Windows-Search-ProfileNotify']]] 8*[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]]+ 9*[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]]` :S5:t3LOqE)`` A\ @+ ;*[System[TimeCreated[@SystemTime <= '2014-03-26T15:51:03.320230500Z']]] < ̳֛̳כ̳ě̳0̳`ͳͳPͳͳͳ!ͳ<ͳ`;ͳͳNͳ]ͳ`ͳ oͳͳ =vC^-dWi oD\ @+S5:Pk+I > E\ @+S5:?Cʄ=% ?\ @+W`vyG`W1 cG\ b@@ ,S5:E!>[jO^\lm* jH\ , hA,S5:ȶUz`QL 6+&# qI\ @#,& ~BS5: N JuVJZl< xJC:\Windows\system32\dsc\PSDS0 DiCeDownloadManagerEvents.dllllsys5 OK\ @+ JD-ۚM?= VLMicrosoft-Windows-International-RegionalOpti PsEontrolPanel.sys ]M\ @%,S5: &FFK\5l $N\ @,uG1Աh ,Gi +Ope̳k̳ճC:\Windows\system32\microsoft-windows-hal-events.dllb 2H\ @",#"M !Vr ޳{ 9Q\ | 8I@,<\`B}Aسt R\ v J+ϊQB^HI M S\ @ ,@ K_r @A]aF T\ @+Z LS5:cCvQǪKwEW_ U\ @',T MS5:vC܁!V\ @$,!Nh=z +A_.Đ!W\ @+!OOAE!!X\ @ ,S5:`HM. !P!Y\ @,S5:}y N ҄!Q̳ ̳ZͳC:\Program Files\Internet Explorer\iedvtool.dll![\ !R@+S5:%U) SA-P&*k!\\ !S,1kHI!]\ @,!TˏA2Wd!^\ @,!US5:GCrlNB~8!_\ @,!VS5:>mNFXVg !`\ @q+H!WS5:Uػ˫%D&!a\ @,S5:!/Xo$H B!b\ @!,S5:6K`T-!Y!gc\ @ ,'N|M'R ѳ!nZ\ @ ,S5: KGS+#T/!ue\ !t[@&,BRN]_k8!|f\ :!z\+'22OIl1!Cg\ @+4!@]S5:(O AyV/f^ !Jh\ @+!V^S5: I"KfN,_!Qi\ @,!\_}и'G̃N!Xj\ @(,!"`YŔH\^!/k\ @+l!(a~n#E)(9) n!6l\ @,S5:%vFD<:f!>bg!=m\ @+S5:봱2!3H9/p!c\ @,S5:<:"!?kͳ=".@lͳ(oͳj"+A m"(B*̳ʙ`"5C4 )̳ʙc"2D:f"?Eqͳy"#|:  a>#g}:#d~:г#a гZгS3#n4 *#kﳁS3-#h: гpгcz #u4 ##rﳄcz&#:г @г}9#| <#yﳇNг֔?#F4 г֔2#C:5#@ '#Mг  #J #Wﳍܿгa>#T4 гa>#Q:#^ﳐsг%#[ г_г<0#X4 #%ﳓ<0#":гг#/i#,ﳖгy l#)  V ao#64 b#3ae#0: гѳ x#=ﳛ{#:ﳜ8ѳf,KҳQҳS,,oRҳ,, Sҳ Tҳk,4 ,k,e: Uҳdҳ, ,b4 ,o, ),l:fҳ xҳ,,i /,v{ҳ",s4 yҳ%,p: 8,}0ҳ5;,z4 |ҳ5>,G: 1,DČҳs4,A4 ҳs7,N:  ,Ku  ,H4  9,U: ,Rҳ,_4 ҳ,\: ,YJҳXg,&4 ҳXg,#: , ȴҳmh,-4 ҳmk,*:n,7ҳa,4 ҳҳqd,1g,>qz,;:ҳ},8p,Z7s,ҳ !v,I, L, EventLog-SystemaO,B,HӳGNE,ӳhӳpX,[,G(ӳ^,)ӳQ,T,[ӳdW, x --Heӳ> -fӳiӳ--ӳe- ӳ6ӳ'-4 -'- : ӳ8Tӳu- 4 - u- : ӳxWӳ- 4 --: ӳkӳY-: -Y-:ӳ?ӳ--ӳ -ӳ8ӳ--ӳe-ӳӳR--#ӳ= -ӳu--| -ӳӳ-- pӳ+-! ӳxӳ.B-"4 -#.B-$: ӳ3ӳ_-%4 -&_-': ӳ+Գ. -f(4 -c). -`*: ԳyԳ3+(-m+4 +-j,3+.-w-:Գ Գ !-t.$-q/`cԳ['-~0 Գ($ԳU{:-{14 =-x20-E3: %Գ(Գm3-B4: 6-O5m -L6: )Գ8/Գ -I74 -V8-S9:0Գ-P:-];P2Գ-Z< hL v-'= -$>pY 5-!?4  5-.@: j-+AX9Գ6m-(B4 3Գ6`-5C:c-2DGԳf-?E HԳIԳy-ֳC.[4 .X곒C.%: ?ֳpAֳ*."4 ./곕*i.,:BֳCֳ l.)o.6곘Dֳb.3 EֳFֳ:e.04 x.=곛ȓGֳ {.:4 Gֳ ~.: q.곞:t.:Hֳ/G(jس~ 1/D4 س~ 4/A: 7/Nسދ /K4 سދ /H:/U8Bس;/Rس8سM/_ /\@ سL/YWEVT_TEMPLATEL/&:/#F\ D/  سlٳvTh/-4 k/*vTn/7:ٳٳ a/4d/1Xٳ'g/> ٳٳz/;4 }/8p/:ٳ1ٳs/ v/P ٳI/ : ٳL/ :O/0)ٳqB/*ٳ+ٳuE/X/8ٳX [/ 9ٳ8M:ٳ{n^/4 Q/{nT/:;ٳ=ٳhW/ʳ̳ʳͳ(ʳ̳ʳp ͳ(WitnessClientAdmin(SystEvents(Application(WEVTEMPLAT(EventLog-(Applation(ʳ@̳̳@ͳ( Evenog-AT( ̳̳̳ͳ( Evenog-AT( ʳ̳ʳͳ( Appl̳ion(: bٳdgٳ6V(ʳ0̳̳ͳ(EVEN-SYS(ʳ̳ʳ̳(EventLog-yt(Apٳ(Applation(ʳ̳ʳ08̳(ʳ0̳̳ͳ(SmbWAnalyt(ʳ0̳ʳP ̳(SmbW̳alyt(ʳ ̳ʳPͳ(ʳ0̳ʳpͳ(̳̳̳ͳ(Evenog-yt(@̳̳ʳ0ͳ(WEVT_TEMPLATE( ʳ0̳ʳ@;̳(!0̳̳̳p̳("̳ ̳ʳͳ(#ʳ̳ʳ`ͳ($ʳp̳ʳͳ(%̳̳0̳`̳(&p̳̳̳@ͳ('ʳ̳ʳͳ(f(ݓ̳0̳`̳P>̳(c)ʳ@̳ʳͳ(`*0̳̳̳@ ̳((m+0̳̳̳̳+(j,ʳ0̳ʳͳ.(w-ʳ̳ʳͳ!(t.ʳ̳ʳ̳$(q/0̳̳@̳ͳ'(~0ʳ`̳ʳͳ:({1ʳ@̳ʳ`ͳ=(x2ʳ@̳ʳ ͳ0(E30̳̳̳ͳ3(B4@̳̳̳ ͳ6(O5ʳ@̳ʳPͳ (L6 ̳̳̳pͳ (I7̳̳ ̳ͳ(V8ʳ0̳ʳ̳(S9 ̳̳@̳ ͳ(P:ʳ̳ʳͳ(]; ̳̳@̳ͳ(Z<ʳp̳ʳ0ͳ('=ʳ̳ʳͳ($>̳̳ʳ`ͳ(!?p̳ ̳@̳ ͳ(.@) ڳ;j(+A ڳXڳm((B`(5Cڳ9k c(2Dڳ/ڳ~if(?Ey(۳)` )aEventLog-)b4 ?۳)c: )d0io )e: m )f: )gApplication)h: p 4t)i)j`r )k4 r )l: )mA۳҈)n4 A۳҈)o: )pG۳})q: B۳})r: )sO۳Y)t: H۳Y)u: )vx0Q۳)w4 P۳{)x: )yR۳)z4 R۳){:)|S۳&)g}T۳m۳p.)d~)a۳)n۳ ۳*)k-)h鳂۳ )u۳ד۳:#)r&)鳅(۳> 9)|۳a۳ˮ <)y?)F鳈۳12)C۳Xʰ۳\5)@)M鳋۳y )J ۳۳)W: )T鳎)Q:۳ "۳)^ )[鳑@۳J)X4 ۳J)%: )"鳔۳)/4 ۳i),: l))鳗P۳o)64 ۳b)3: e)0y yx)=: s y{):: ~)| q): z t): w) w J) : } w M): @)7 'C):  'F): Y)鳦۳g 4 ۳ 3Pʳͳ: ۳E۳4 ۳:۳۳H xJ C ܕ ۳۳ 軛 (J۳x۳/S۳HN۳D۳۳۳hx۳:۳۳J) ۳؉ܳnf4 ۳nf:  X b':  b':  $ :  :ܳx8ܳ ܳȄܳ94 ܳ9: ܳܳZ0fܳxdܳyܳ(ܳ)   ::  ::ܳxܳ}ܳܳi'ܳܳq+ܳPYݳEݳ ݳbݳe  й :  :ݳݳh ݳݳc4 ݳc: ݳݳY4 ݳY:  x, l:  l:ݳ`ݳݳ|޳޳.A޳ @  ( b:  b: f5  U :  :   0> #:  #: L  C޳U޳Ws4 C޳Ws:W޳pZ޳I3@-̳7̳x1̳+C:\Windows\system32\wcmsvc.dll+C:\Windows\system32\wldp.dll+Microsoft-Windows-WebServices.dll+C:\Windows\system32\webio.dll+C:\Windows\system32\wcmsvc.dllll+J\WJJste`̳̳xJ+C:\Windows\system32\win32k.syse+JdoJJ32\̳`̳xJ+C:\Windows\system32\webio.dll+ C:\Windows\system32\wldp.dll+ JJJ ̳P̳xJ+ C:\Windows\system32\wldp.dll+ Microsoft-Windows-WebAuth.dlll+ JofJJ-We̳@̳xJ+Microsoft-Windows-Win32klytic+JJJ̳̳xJ+C:\Windows\system32\webio.dll+C:\Windows\system32\win32k.sysll+Microsoft-Windows-WEPHOSTSVC+JdoJJ32\@̳ ̳xJ+Microsoft-Windows-Wcmsvcdll+C:\Windows\system32\win32k.sys+Microsoft-Windows-Win32kdll+C:\Windows\system32\win32k.sysl+eMicrosoft-Windows-Win32k/UIPI+`Microsoft-Windows-Win32k/Power++kC:\Windows\system32\win32k.sysdll +vMicrosoft-Windows-Win32k/Render%+qC:\Windows\system32\win32k.sys:+|Microsoft-Windows-Win32k/UIPI?+GC:\Windows\system32\win32k.sysl4+BMicrosoft-Windows-Win32k/Power +M C:\Windows\system32\webio.dll.dll+H!JdoJJ32\̳̳xJ+S"C:\Windows\system32\websocket.dll+^#Microsoft-Windows-WER-Diagl+Y$C:\Windows\system32\webio.dllll+$%C:\Windows\system32\AuthHost.exe+/&C:\Windows\system32\win32k.sysel+*'Microsoft-Windows-VolumeControla+5(JJJ̳̳xJf+0)C:\Windows\system32\wldp.dll{+;*C:\Windows\system32\wldp.dllp++C:\Windows\system32\wldp.dllu+,JJJ ̳̳xJJ+ -C:\Windows\system32\wcmsvc.dllO+.C:\Windows\system32\WebServices.dllD+/C:\Windows\system32\wldp.dllY+0C:\Windows\system32\wcmsvc.dll^+1C:\Windows\system32\wcmsvc.dllS+2JdoJJ32\̳̳xJ3C:\Windows\System32\wephostsvc.dll4C:\Windows\system32\wldp.dll5C:\Windows\system32\wcmsvc.dlldll6C:\Windows\system32\win32k.syse7Microsoft-Windows-VPN-Client8C:\Windows\system32\wcmsvc.dll9JofJJ-WE̳̳xJ:JJJ̳P̳xJ;C:\Windows\system32\webio.dlldll<JdoJJ32\̳̳xJ=C:\Windows\system32\werfault.exe>JJJ̳̳xJ?C:\Windows\System32\sndvolsso.dll@C:\Windows\system32\wininet.dllAC:\Windows\system32\wininet.dllBMicrosoft-Windows-WinINetp.dllCC:\Windows\system32\wininet.dlldllDC:\Windows\system32\wsmres.dllecEC:\Windows\system32\mscms.dllFC:\Windows\system32\wininit.exeketGC:\Windows\system32\wininit.exeHC:\Windows\system32\mscms.dllIC:\Windows\system32\winhttp.dllllJJdoJJ32\̳P̳xJfKJofJJ-Wi̳̳xJaLC:\Windows\system32\wininet.dlldll*lMC:\Windows\system32\winhttp.dll/wNC:\Windows\system32\wininit.exe$rOC:\Windows\system32\wininit.exe9}PJofJJ-Wi̳0 ̳xJ>xQC:\Windows\system32\wsmres.dll3CRC:\Windows\system32\wuaueng.dllNSC:\Windows\system32\wininet.dll ITMicrosoft-Windows-WinNatOpereTUC:\Windows\system32\wininit.exe_VC:\Windows\system32\wsmres.dllZWC:\Windows\system32\wsmres.dll%XC:\Windows\system32\wsmres.dll YC:\Windows\system32\mpssvc.dllk+ZJJJ̳P ̳xJ`6[C:\Windows\system32\mpssvc.dlle1\C:\Windows\system32\wsmres.dllllz<]Microsoft-Windows-Wininitninet.dll^C:\Windows\system32\wsmres.dll.dllt_C:\Windows\system32\wuaueng.dllI `C:\Windows\system32\wuaueng.dllNaC:\Windows\system32\mpssvc.dllCbC:\Windows\system32\mpssvc.dllXcC:\Windows\system32\mscms.dll.dll]dC:\Windows\system32\mscms.dllReC:\Windows\system32\mpssvc.dllWfMicrosoft-Windows-WinHttpg.dllgC:\Windows\system32\wsmres.dllehC:\Windows\system32\mpssvc.dlliC:\Windows\system32\mpssvc.dlljC:\Windows\system32\mpssvc.dllkJdoJJ32\̳̳xJlJJJ̳̳xJmMicrosoft-Windows-Winlogon.dlldllnC:\Windows\system32\mpssvc.dlloC:\Windows\system32\wuaueng.dllpJdoJJ32\̳0̳xJqC:\Windows\system32\wininet.dllrC:\Windows\system32\winhttp.dllsC:\Windows\system32\wininet.dlltMicrosoft-Windows-WindeployderuC:\Windows\system32\wuaueng.dllvJ\WJJste@̳̳xJwC:\Windows\system32\winhttp.dllxC:\Windows\system32\wininet.dllyJdoJJ32\ ̳̳xJzC:\Windows\system32\mscms.dll{C:\Windows\system32\winhttp.dll|JdoJJ32\̳̳xJ}JdoJJ32\ ̳@̳xJg~C:\Windows\system32\wuaueng.dllbC:\Windows\system32\wininet.dll)mC:\Windows\system32\winsrv.dlldll.hC:\Windows\system32\dot3svc.dllsys#sC:\Windows\system32\ws2_32.dll8~JofJJ-WM ̳ ̳xJ=yC:\Windows\system32\winsrv.dll2DC:\Windows\system32\dot3svc.dll7OC:\Windows\system32\ws2_32.dll JC:\Windows\system32\wsmres.dllUC:\Windows\system32\wsmres.dllPC:\Windows\system32\drivers\afd.sys[C:\Windows\system32\ws2_32.dll&JofJJ-Wi̳̳xJ!C:\Windows\system32\ws2_32.dllj,JdoJJ32\̳@̳xJo7C:\Windows\system32\WSService.dlld2C:\Windows\system32\ws2_32.dlldlly=C:\Windows\system32\dot3svc.dll~8C:\Windows\system32\dot3svc.dllsC:\Windows\system32\ws2_32.dllHJJJ ̳ ̳xJM C:\Windows\system32\dot3svc.dlldllBC:\Windows\system32\wusa.exeoinllGC:\Windows\system32\wusa.exe\