drop windows etl binary files · parse event trace log · decode provider guids · bits wfp dns extraction · runs locally
BITS · WFP · DNS Client · kernel ETW traces
drop windows .etl event trace log files