https://www.anquanke.com/post/id/156704
https://docs.microsoft.com/en-us/windows/win32/etw/retrieving-event-data-using-mof