MZ@ !L!This program cannot be run in DOS mode. $yU) ) RichPEd қW" 8v= S`AdDxg8P.text246 h.rdataP:@H.dataTpX@.pdataZ@H.idataD^@HINIT#b bGFIDSd@B.rsrcDFf@B.relocx@BH\$WH LT$`3MDHD$PMJDIBEB(AR$fA;z*IB8AJ(AHIB@8 vuHt0IRtIJHH#H;tMB0A˃HAA!MB0A˃HAA AB*ED;rDAB*Az$Az(IzIzft*IJ0AA+3ALcI0H\$0H _H=ct3L cL `HH @H%8H(H bHu3H%bH(@UHHH `H3HEH bL1E3fDMAAfEHHfE9 @uELEEE3HEDMHEAHEHEHEHEHD$ HEp~HMH3+HĀ]HhHm_H3HD$PH aL'1H3HfA9@uELD$0D$8AH$T$4 HMD3.HeHHEHMH^E3HL$(LHM]EHHHL$ H g^}؅x7H\^LM<HUH B^H|HEHHuM"H=L`t``t \$ HM?H3)L$I[0Is8IA^_]H]E3H ]AH0X|H]LEHUH ]H5|؅gH]L _H v]HUE3HX|؅4HY]Hr_H C]H{H7]HP_H !]H{3H5;[L N_tDH<HI{y* $_tD$(H`<H!.DHD$ 8H"rH8^t H<H8H\$WH03H=<^tDH-<tHzy* ^tD$(H;H-DHD$ H"rH\H(^H [HzH\$@H0_%LEK HXHZ[H3HD$@H ]IC ICAd$<ICE3ICD$8yHL$@H3'HXDL$ UHHpHZH3HEHM0HE(L]E3HELHEHtHHfD9AuE HɉUH,DEHEHEHEAHE8IHEIHEHD$ KyHMH3_&Hp]LL$ UHHpHDZH3HEH \HE(HEAHE0HEHEE3HE8HEHEHEHD$ HExHMH3%Hp]DL$ UHl$HHYH3HEH U\HE/HD$0H]9E3HD$8HE7HD$HHD$@E3HE?HD$XHD$PEJ HEGHD$hHD$`HEOHEHEWHEHE_HEHEgHEHEoHEHEwHEHEHEEwEHD$0HD$ HEHEHEHEHEHEDUwHMH3$H]H\$Hl$ VWAVHHXH3HD$x3H@|$pLo@tNHr W0D-[LH)w=@u-D[W0HvuDZW0LHvZʃt HC0LHLL$pt HC0DD tH{@sINLL$hfDD$`H|$XAXDI(Ht$PD$HH@l$@HD$8AxfD$0AHfD$(AhD$ HL$xH3#L$I[0Ik8IA^_^H83҅u%ZtSA9PtI@HHT$(H{7(u3Yt)A9PtI@HHT$(HA7MD$ 3H8LHhHVH3HD$Pd$0H(9LYD$ IcISICHFICtuHL$PH3"Hh@UHl$HHVH3HEHE7H6H YE3HD$@E3HE?LL$0HD$PHEGHD$`EJ HEOHD$8HEHEWHEHE_HEHEgHEHEoHEHEwHEHEHEEwEHD$0HD$ HD$HHD$XHD$hHEHEHEHEHEHEDU}tHMH3!H]H\$Hl$ VWAVHHdUH3HD$x3H@|$pLo@tNHr W2DWLHs=@u-DWW2HsuDWW2LHsWʃt HC0L@LD$ptHC0 tH{@sMNLD$hfL$`H|$XAAXHt$PD$HI@l$@HD$8AAxfD$0AAHfD$(IAhMI(HD$ HL$xH3H L$I[0Ik8IA^_^H83҅u%VtSA9PtI@HHT$(H;4(u3Vt)A9PtI@HHT$(H4MD$ q3H8LHhHSH3HD$Pd$0H(8LDVD$ IcISICHFIC4rHL$PH3_HhH\$Hl$ VWAUAVAWHH0SH3H$L|$x3@@t$xHLD@tPHZ V,DULHq=@u4DUV,HquDvUV,LHwqH\$pIEDH(HhPXD@HDPxHLs@ tHw@t HG0D0LxUt8L|$hfDt$`Ht$XH\$PT$H@l$@L\$8fDT$0fDD$(L$ IH$H3L$I[@IkHIA_A^A]_^H83҅u%TtSA9PtI@HHT$(H1(u3rTt)A9PtI@HHT$(H1MD$ 13H8LHhHrQH3HD$Pd$0H(8LTD$ IcISICHFICoHL$PH3HhH\$Hl$ VWAVHHPH3HD$x3H@|$pLo@tNHr W.DqSLHyo=@u-DWSW.HOouD@SW.LHEo;Sʃt HC0L@LD$ptHC0 tH{@sMNLD$hfL$`H|$XAAXHt$PD$HI@l$@HD$8AAxfD$0AAHfD$(IAhMI(HD$ MHL$xH3L$I[0Ik8IA^_^H83҅u%lRtSA9PtI@HHT$(H/(u3BRt)A9PtI@HHT$(H/MD$ 3H8LHhHBOH3HD$Pd$0H(8LQD$ IcISICHFICmHL$PH3HhDL$ UHHpHNH3HEH fQHE(HEHO.HE0HEHEAHE8HEHEE3HEHEHD$ WmHMH3kHp]H8QtHBDJHD$(BD$ QH83LHhHNH3HD$Pd$0E3HcHD9HHISD$ IcICHIClHL$PH3Hhú̺ z̺ j̺ Z̺ J̺ :̺*̺̺ ̺̺̺̺̺̺̺̺̺z̺j̺Z̺J̺:̺*̺̺ ̺!H\$ UVWAVAWHpH LH3HD$`IHLIMu3N(D!D$(HE3HD$ H+R,E3Hd$ E3Hj!D$PL$3HD$TD$\(D$PfD$PHCH3HLH HD@H(MtM +AQ(;sLHHT$PHIGD$@Lt$8HT$0P(DD$(D@L$ Hvt* MtD$(H*HE3HD$ HHmHHQU,E3E3H2iHL$`H3H$HpA_A^_^]H83҅u-9;;<vxL ;toH;I#H;;u\EH1L|$0LƉl$(Dd$ :L|$8LH$fl$0HD$(DD$ tLLLLHID$LD;D+D$H?Ht~o(tA;AGG tL!E3D$(@3҉\$ HEAZLHD$@ID$AvH$AH$M>HXA_A^A]A\_^][DD$T$UHHpH:H3HE3L3ɊD DЊD #HɈDHH}HEЉE؋EԉEHE8HEE0fEDMuP=1:):<HH9H9H#H;9unHF0B=9t\9<vPHH9t=H9H#H;9u*H/HEAlHD$0E@D$(D$ HMH3Hp]@SUVWATAUAVAWHL$I$A@3DD$AET$TL$X$T$xLT$`\$@ G(;r H?+HuD$EHo(+A;AGH9tA;sD$@AD%;ADd$TG tL0DL$(3E3ɉ\$ HEAWLT$`LL$XT$TDD$AMu gILAl$ AHI#IALL$hIHD$p;uL t$hL H8\$@LEI$ EȉD$8DH$IDd$0HD$(fDl$ (97)7<IL 7H7I#H;x7LD$`AlLtR9^7V7<L -7H(7I#H;7EHV-M9 7s7<cL 6VH6I#H;6?EMH-?I$ EȉD$8DH$Dd$0IHD$(fDl$ 9{6s6<IL @6H;6I#H;16LD$`AlLtO96~6<nL 5aH5I#H;5JEH+MM95/5<L 5H5I#H;5EMH+L|$0l$(Dd$ L|$8fl$0Lt_$D$D$D$E$D$FD${D$HD$zD$ID$yD$JH$HD$(L$GDL$DT$KDD$ DD$H]D${D$LD$zD$MD$yD$N$D$P$D$Q$D$RH$HD$(T$ODL$LL$SDD$ DD$PIIOL;t+H?Htpo(t;GG tL!E3D$(@3҉\$ HEAPSLLT$`IL$XAlT$TDD$AHD$pM>HĘA_A^A]A\_^][̹)ffH; 3uHfuHH(H E2L94H22H 4H(BH\$WH HH bHHH\$0H _H\$Hl$Ht$WH 3HHHu zH 3H3H 3H33!RL 3HL1Hi3Hu3H f1HHHp3C؅xh؅x]HH؅xLH*3@8h0t&HOhH3HHEH3HTHGh@tH0H33H\$0Hl$8Ht$@H _kH(H2HtHH;tH(9H\$WH H/2H=82H;v{6H%2H;s(H92{(u(HHtHCH(HCH;r3H\$0H _øH\$Ht$WH HH51H 13H;v{ZH1H;sN;PuDHC8H~1HtL1H LHH1LHx HP벸H\$0Ht$8H _H\$WH H1H1HH 0H;tEH;w@HC@HtL41H mLHH1LHQHPH;0vH\$0H _%O%N%N%NH(MA8HI H(@SAHDLALѨtA@McPLHcL#IcJHCHHKAt HLL3I[ffHIr,IIIGs`MIIITIuItDATIufffffffffffffffffffffكtL+HHMIMIItIJ IILOAHHQHQHQHQ HQ(HQ0HQ8H@IuIt ATIuNULL\Device\WFPCaptureWFPCaptureLayer data is NULL.Transport layer V4 trace failed.Transport layer V6 trace failed.gqFKmdfLibraryvl%N$N#N!N''''''-BIvXXDHFn=M g(*p@M}]HyLhFT-CU`y 5CݗWCA˧I^lyMr@]gHLx:>U_09|JŋqyMGj@{q&?s#|i@` -J:*G?r {Ws Oϭ RmXDHFn=M g(*p@M}]HyLhFT-CU`y 5CݗWCA˧I^lyMr@]gHLx:>U_09|JŋqyMGj@{q&?s#|i@` -J:*G?r {Ws Oϭ RmXDHFn=M g(*p@M}]HyLhFT-CU`y 5CݗWCA˧I^lyMr@]gHLx:>U_09|JŋqyMGj@{q&?s#|i@` -J:*G?r {Ws Oϭ RmXDHFn=M g(*p@M}]HyLhFT-CU`y 5CݗWCA˧I^lyMr@]gHLx:>U_09|JŋqyMGj@{q&?s#|i@` -J:*G?r {Ws Oϭ RmXDHFn=M g(*p@M}]HyLhFT-CU`y 5CݗWCA˧I^lyMr@]gHLx:>U_09|JŋqyMGj@{q&?s#|i@` -J:*G?r {Ws Oϭ RmXDHFn=M g(*p@M}]HyLhFT-CU`y 5CݗWCA˧I^lyMr@]gHLx:>U_09|JŋqyMGj@{q&?s#|i@` -J:*G?r {Ws Oϭ RmXDHFn=M g(*p@M}]HyLhFT-CU`y 5CݗWCA˧I^lyMr@]gHLx:>U_09|JŋqyMGj@{q&?s#|i@` -J:*G?r {Ws Oϭ RmXDHFn=M g(*p@M}]HyLhFT-CU`y 5CݗWCA˧I^lyMr@]gHLx:>U_09|JŋqyMGj@{q&?s#|i@` -J:*G?r {Ws Oϭ RmXDHFn=M g(*p@M}]HyLhFT-CU`y 5CݗWCA˧I^lyMr@]gHLx:>U_09|JŋqyMGj@{q&?s#|i@` -J:*G?r {Ws Oϭ RmXDHFn=M g(*p@M}]HyLhFT-CU`y 5CݗWCA˧I^lyMr@]gHLx:>U_09|JŋqyMGj@{q&?s#|i@` -J:*G?r {Ws Oϭ Rm@@D:PқW'hRқW $@h@RRSDS(;RKÙvUwfpcapture.pdbGCTL1.text$mnA .text$mn$00B.text$mn$21C2.text$sP.rdata$brcP8.rdatahP.rdata$zzzdbghj.xdatap.data$brcq.dataq.kmdfclassbind$aq.kmdfclassbind$cq.kmdfclassbind$dq.kmdftypeinit$aq.kmdftypeinit$cqt.bss.pdata.idata$5.00cfgP.idata$2.idata$3.idata$4.idata$6#INIT.cfguard.rsrc$01 C.rsrc$02  4 2pB P`Ap`AP( =d4 p P`Ab  4 Rp `A@ P`A` P`A$ T4 p ``Axb`APP`A+ T4 p ``A 4 p`P`A` 4 p`P`A`P`Ap% P`AP`A `Ap p`P0 P`A`  p`P0 dT42p  4 2pB   4 2pd42 p00Pr',)0. @"###$$ $0$@$P$`$p$$$$$$$$$%% %0%@%P%`%LtQP2-+qhjHoxjpjj\j`j#j$j7k8kk,k LkXklk`,k`Lk6Xk@k Lk v Xk !,k!>"Lk@""Xk"+#k0#\#Lkd##Xkp%&k'w'Lk''Xk'r)k))Lk)R*Xk`*+k+,Lk,r,Xk,-k-..Lk0..Xk./k //k00l01,l16@l67\l7m=pl==l==l= >l>7?lP?w?l??l?@l@Ahj`A}AxjAAlAAlBBmz :TґƑ̒PAAxhPl@’(8z :TґƑ̒nEtwRegisterrEtwUnregistersEtwWriteMmMapLockedPagesSpecifyCachentoskrnl.exeFwpsCalloutUnregisterByKey0FwpsFlowAssociateContext0FwpsFlowRemoveContext0FwpsCalloutRegister2fwpkclnt.sysNdisRetreatNetBufferListDataStart NdisAdvanceNetBufferListDataStartNDIS.SYS RtlCopyUnicodeStringWdfVersionBindWdfVersionUnbindWdfVersionBindClass WdfVersionUnbindClassWDFLDR.SYSHHtH2-+H;u)` `@ !@"0#`####$$ $0$@$P$`$p$$$$$$$$$%% %0%@%P%`%p%'''))`*+,,-0.p===>@?P???@A A0A@APA8xPh 9 ( 8 H X hh+  WEVT_TEMPLATEMUI4VS_VERSION_INFO 98 98?.StringFileInfo 000004B0LCompanyNameMicrosoft Corporation-FileDescriptionMicrosoft WFP Message Capture Callout Drivern'FileVersion10.0.14393.0 (rs1_release.160715-1616)>InternalNameWFPCAPTURE.SYS.LegalCopyright Microsoft Corporation. All rights reserved.FOriginalFilenameWFPCAPTURE.SYSj%ProductNameMicrosoft Windows Operating System> ProductVersion10.0.14393.0DVarFileInfo$Translation PP@''!N%Nkkuux"X Information Verbose h Microsoft-Pef-WFP-MessageProvider/Operational System |The generic ETW message fragment that ORT can reassemble. Driver Load $Driver Unload ,Callout Register 0Callout Unregister <Callout Notify Filter Add DCallout Notify Filter Delete pAn error was encountered while loading the driver. tAn error was encountered while unloading the driver. tAn error was encountered while registering a callout. xAn error was encountered while unregistering a callout. lAn error was encountered in a classify function. The Transport Layer Message for IPv4. The Transport header is in the MessageFrame. The Transport Layer Message for IPv6. The Transport header is in the MessageFrame. HThe ALE Layer Message for IPv4. TThe Transport Layer Message for IPv6. DA packet has been discarded. DCALLOUT_INBOUND_TRANSPORT_V4 DCALLOUT_OUTBOUND_TRANSPORT_V4 DCALLOUT_INBOUND_TRANSPORT_V6 DCALLOUT_OUTBOUND_TRANSPORT_V6 @CALLOUT_ALE_AUTH_CONNECT_V4 @CALLOUT_ALE_AUTH_CONNECT_V6 HCALLOUT_ALE_AUTH_RECV_ACCEPT_V4 HCALLOUT_ALE_AUTH_RECV_ACCEPT_V6 PCALLOUT_INBOUND_IPPACKET_V4_DISCARD PCALLOUT_INBOUND_IPPACKET_V6_DISCARD TCALLOUT_OUTBOUND_IPPACKET_V4_DISCARD TCALLOUT_OUTBOUND_IPPACKET_V6_DISCARD DCALLOUT_IPFORWARD_V4_DISCARD DCALLOUT_IPFORWARD_V6_DISCARD TCALLOUT_INBOUND_TRANSPORT_V4_DISCARD TCALLOUT_INBOUND_TRANSPORT_V6_DISCARD TCALLOUT_OUTBOUND_TRANSPORT_V4_DISCARD TCALLOUT_OUTBOUND_TRANSPORT_V6_DISCARD LCALLOUT_DATAGRAM_DATA_V4_DISCARD LCALLOUT_DATAGRAM_DATA_V6_DISCARD TCALLOUT_INBOUND_ICMP_ERROR_V4_DISCARD TCALLOUT_INBOUND_ICMP_ERROR_V6_DISCARD XCALLOUT_OUTBOUND_ICMP_ERROR_V4_DISCARD XCALLOUT_OUTBOUND_ICMP_ERROR_V6_DISCARD `CALLOUT_ALE_RESOURCE_ASSIGNMENT_V4_DISCARD `CALLOUT_ALE_RESOURCE_ASSIGNMENT_V6_DISCARD PCALLOUT_ALE_AUTH_LISTEN_V4_DISCARD PCALLOUT_ALE_AUTH_LISTEN_V6_DISCARD XCALLOUT_ALE_AUTH_RECV_ACCEPT_V4_DISCARD XCALLOUT_ALE_AUTH_RECV_ACCEPT_V6_DISCARD PCALLOUT_ALE_AUTH_CONNECT_V4_DISCARD PCALLOUT_ALE_AUTH_CONNECT_V6_DISCARD XCALLOUT_ALE_FLOW_ESTABLISHED_V4_DISCARD XCALLOUT_ALE_FLOW_ESTABLISHED_V6_DISCARD CRIM+-BIvX$WEVT+,|$$T%`%'CHAN`Microsoft-Pef-WFP-MessageProvider/DiagnosticSystemMAPSP<VMAP$`"  !!"CalloutMapTTBLd" TEMP<d:N/_Pժ8OD EventDataAEoData-KName Error Message A;oData#KNameNTSTATUS  Error MessageNTSTATUSTEMP9NDSͭRD EventDataA9oData!KNameCallout AEoData-KName Error Message A;oData#KNameNTSTATUS <0PCallout Error MessageNTSTATUSTEMP_tͧZW;mbD EventDataAAoData)KName Driver Name AEoData-KName Major Version AEoData-KName Minor Version Driver Name Major Version Minor VersionTEMPaff}^L@ZD EventDataA9oData!KNameCallout <CalloutTEMP ?^`ȹUD EventDataA=oData%KName Filter Id A9oData!KNameCallout AEoData-KName Filter Weight   D <\ p Filter IdCallout Filter WeightTEMP\ &~TS؛h%FD EventDataAGoData/KNameSource Address AQoData9KNameDestination Address A;oData#KNameProtocol AAoData)KName Byte Length AEoData-KName Message Frame    ( D $Source Address,Destination AddressProtocolByte Length Message FrameTEMPHt/'#Q*ND EventDataAGoData/KNameSource Address AQoData9KNameDestination Address A;oData#KNameProtocol A?oData'KName FlowHandle  AAoData)KName Byte Length AEoData-KName Message Frame < Tp$Source Address,Destination AddressProtocolFlowHandleByte Length Message FrameTEMPxY !_+T cD EventDataAGoData/KNameSource Address AQoData9KNameDestination Address A;oData#KNameProtocol AAoData)KName Byte Length AEoData-KName Message Frame ,D`$Source Address,Destination AddressProtocolByte Length Message FrameTEMPH9If;TUԧOy@D EventDataAGoData/KNameSource Address AQoData9KNameDestination Address A;oData#KNameProtocol A?oData'KName FlowHandle  AAoData)KName Byte Length AEoData-KName Message Frame ,X p$Source Address,Destination AddressProtocolFlowHandleByte Length Message FrameTEMP 0 Iz&R V}. 4D EventDataAGoData/KNameSource Address AQoData9KNameDestination Address AAoData)KName Source Port AKoData3KNameDestination Port A3oDataKNameLuid  A=oData%KName Direction A;oData#KNameProtocol A?oData'KName FlowHandle  A=oData%KName ProcessId  AAoData)KName Byte Length AAoData)KName ProcessPath  0\x    0$Source Address,Destination AddressSource Port(Destination PortLuidDirectionProtocolFlowHandleProcessIdByte LengthProcessPathTEMP K=%X u4D EventDataAGoData/KNameSource Address AQoData9KNameDestination Address AAoData)KName Source Port AKoData3KNameDestination Port A3oDataKNameLuid  A=oData%KName Direction A;oData#KNameProtocol A?oData'KName FlowHandle  A=oData%KName ProcessId  AAoData)KName Byte Length AAoData)KName ProcessPath  $ 4 L d    $Source Address,Destination AddressSource Port(Destination PortLuidDirectionProtocolFlowHandleProcessIdByte LengthProcessPathTEMP$8"3cQV6O9 G4D EventDataAKoData3KNameFragment EventId A9oData!KNameGroupId AAoData)KName Byte Length A9oData!KNamePayload """"(Fragment EventIdGroupIdByte LengthPayloadTEMP4$6`VV}o6U D EventDataAGoData/KNameDiscard Module AGoData/KNameDiscard Reason AMoData5KNameDiscard Filter ID  p$$ $$Discard Module$Discard Reason(Discard Filter IDOPCOLEVLhP%P8%(win:Informationalwin:VerboseTASKKEYW@ ,& T&@x&&&&&' '@'X' t'(CaptureClearIPsec$CaptureClearIkePacketStartPacketEndut:SendPath$ut:ReceivePathut:Globalut:Dropped ut:PiiPresentut:Packetut:Address,ut:StateTransitionEVNT $@+''h%X+''h%\+''0%`+''0%d+''%h+''%l+!N!N%p+"N"N%t+#N#N%x+$N$N%|+%N%N%+kk $+lkd $+uu$+vu$+$+L$+"$+%%%%%%%%%%%%%%%%%%%%%%%%%%%%Microsoft WFP Capture,Microsoft WFP Message Capture Callout Driver%r7P^wMr_ 0*  WEVT_TEMPLATEMUI MUI en-USPhpX 08@HPX`hpxȠРؠ (08px