File "/usr/local/bin/evtx_dump.py", line 4, in <module>
__import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py')
File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 739, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1501, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python2.7/dist-packages/python_evtx-0.6.1-py2.7.egg/EGG-INFO/scripts/evtx_dump.py", line 42, in <module>
File "/usr/local/lib/python2.7/dist-packages/python_evtx-0.6.1-py2.7.egg/EGG-INFO/scripts/evtx_dump.py", line 37, in main
File "build/bdist.linux-x86_64/egg/Evtx/Evtx.py", line 498, in xml
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 204, in evtx_record_xml_view
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 182, in render_root_node
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 64, in __call__
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 1019, in substitutions
Evtx.BinaryParser.ParseException: Parse Exception(Invalid substitution value size)
From a file extracted from memory: