????

Your IP : 18.219.90.165

Current Path : C:/Users/All Users/Microsoft/Windows Defender/Platform/4.18.25030.2-0/
Upload File :
Current File : C:/Users/All Users/Microsoft/Windows Defender/Platform/4.18.25030.2-0/MpEvMsg.dll

MZ����@���	�!�L�!This program cannot be run in DOS mode.

$	(��MI��MI��MI���~�LI��MI�LI��̃�LI��RichMI��PEd�.!��" )��

��` ����%T.rdata@@.rsrc�� � @@.!�
lll.!�$��.!�����GCTLT.rdataT.rdata$voltmdl�.rdata$zzzdbg P.rsrc$01P!0�.rsrc$02 Z톦e�L=0a�'wԕ�8M;B.!�0�0�H�`�x���������	�			 ��b�p%$�P!�}
WEVT_TEMPLATE4VS_VERSION_INFO���a�a?|StringFileInfoX040904b0LCompanyNameMicrosoft CorporationTFileDescriptionEvent Resource Module8InternalNameMpEvMsg.dll�.LegalCopyright� Microsoft Corporation. All rights reserved.@OriginalFilenameMpEvMsg.dllj%ProductNameMicrosoft� Windows� Operating System�8FileVersion4.18.25030.2 (000028f0c1f345a538ea89b768605447f1c02bdf)>
ProductVersion4.18.25030.2l&PrivateBuildGitEnlistment(ContainerAdministrator)DVarFileInfo$Translation	� g�j��PP���De�e������\�i�d7k�n��Z~��<f�����n�����q����X�����`���d��������������������@������ AntiVirus%0

$AntiSpyware%0

$Antimalware%0

Full%0

Delta%0

 Full Scan%0

$Quick Scan%0

$Custom Scan%0

Remove%0

$Quarantine%0

Clean%0

Allow%0

Unknown%0

 Suspended%0

Allowed%0

User%0

 Scheduled%0

TSecurity intelligence Update Folder%0

8Real-Time Protection%0

@Downloads and attachments%0

System%0

$Heuristics%0

 Concrete%0

Generic%0

Current%0

Backup%0

Default%0

HMicrosoft Defender Antivirus%0

\Microsoft Forefront Endpoint Protection%0

TMicrosoft Standalone System Sweeper%0

Crash%0

Hang%0

,Not Applicable%0

hIE Downloads and Outlook Express Attachments%0

 On Access%0

4Behavior Monitoring%0

hThe filter driver has successfully restarted.%0

hThe filter driver was unloaded unexpectedly.%0

�The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.%0

�The filter driver has restarted scanning items and is out of pass through mode.%0

�Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.%0

�Real-time protection has recovered from an unknown failure. It is recommended that you run a quick scan.%0

`The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.%0

$Suspicious%0

Unknown%0

(Local machine%0

(Network share%0

 Internet%0

 Executing%0

hInternal security intelligence Update Server%0

$File Share%0

TMicrosoft Malware Protection Center%0

Search%0

 Download%0

Install%0

Low%0

Medium%0

High%0

4Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.%0

<Microsoft Update Server%0

8Microsoft Antimalware%0

8Microsoft Antimalware%0

 FastPath%0

HSecurity intelligence update%0

dSecurity intelligence disable notification%0

$VDM version%0

 Timestamp%0

 No limit%0

Manual%0

 Automatic%0

 Duration%0

None%0

LInformation Protection Control%0

Unknown%0

 Detected%0

Cleaned%0

$Quarantined%0

Removed%0

Allowed%0

(Clean Failed%0

0Quarantine Failed%0

(Remove Failed%0

(Allow Failed%0

Unknown%0

@Network Inspection System%0

,Not Applicable%0

0Outgoing traffic%0

0Incoming traffic%0

Block%0

\Internet Explorer Extension Validation%0

(The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device.%0

@Early Launch Antimalware%0

4TCG Log Inspection%0

(Remote Server%0

�The Network Inspection System did not successfully start due to an error.%0

AMSI%0

0AMSI UAC provider%0

LMicrosoft Defender for Endpoint%0

PShared security intelligence Root%0

Enabled%0

 Disabled%0

Blocked%0

Ignored%0

Timeout%0

 Reverted%0

Error

Warning

 Information

PMicrosoft-Windows-Windows Defender

lMicrosoft Defender Antivirus state updated to %1.

%1 scan has started.%n %tScan ID:%b%3%n %tScan Type:%b%5%n %tScan Parameters:%b%7%n %tScan Resources:%b%11%n %tUser:%b%8\%9

%1 scan has finished.%n %tScan ID:%b%3%n %tScan Type:%b%5%n %tScan Parameters:%b%7%n %tUser:%b%8\%9%n %tScan Time:%b%11:%12:%13

%1 scan has been stopped before completion.%n %tScan ID:%b%3%n %tScan Type:%b%5%n %tScan Parameters:%b%7%n  %tUser:%b%8\%9

�%1 scan has been paused.%n %tScan ID:%b%3%n %tScan Type:%b%5%n %tScan Parameters:%b%7%n %tUser:%b%8\%9

�%1 scan has resumed.%n %tScan ID:%b%3%n  %tScan Type:%b%5%n %tScan Parameters:%b%7%n %tUser:%b%8\%9

h%1 scan has encountered an error and terminated.%n %tScan ID:%b%3%n %tScan Type:%b%5%n %tScan Parameters:%b%7%n %tUser:%b%8\%9%n %tError Code:%b%11%n %tError description:%b%12

�%1 has detected malware or other potentially unwanted software.%n For more information please see the following:%n%15%n %tName:%b%11%n %tID:%b%12%n %tSeverity:%b%25%n %tCategory:%b%26%n %tPath Found:%b%16%n %tDetection Type:%b%22%n %tDetection Source:%b%5%n %tStatus:%b%20%n %tUser:%b%8\%9%n %tProcess Name:%b%7%n %tSecurity intelligence Version:%b%27%n %tEngine Version:%b%28

�%1 has taken action to protect this machine from malware or other potentially unwanted software.%n For more information please see the following:%n%15%n %tUser:%b%8\%9%n %tName:%b%11%n %tID:%b%12%n %tSeverity:%b%25%n %tCategory:%b%26%n %tAction:%b%20%n %tStatus:%b%7%n %tSecurity intelligence Version:%b%27%n %tEngine Version:%b%28

$%1 has encountered an error when taking action on malware or other potentially unwanted software.%n For more information please see the following:%n%15%n %tUser:%b%8\%9%n %tName:%b%11%n %tID:%b%12%n %tSeverity:%b%25%n %tCategory:%b%26%n %tPath:%b%16%n %tAction:%b%20%n %tError Code:%b%21%n %tError description:%b%22%n %tStatus:%b%7%n %tSecurity intelligence Version:%b%27%n %tEngine Version:%b%28

�%1 has restored an item from quarantine.%n For more information please see the following:%n%15%n %tName:%b%11%n %tID:%b%12%n %tSeverity:%b%25%n %tCategory:%b%26%n %tUser:%b%8\%9%n %tSecurity intelligence Version:%b%27%n %tEngine Version:%b%28

�%1 has encountered an error trying to restore an item from quarantine.%n For more information please see the following:%n%15%n %tName:%b%11%n %tID:%b%12%n %tSeverity:%b%25%n %tCategory:%b%26%n %tUser:%b%8\%9%n %tError Code:%b%3%n %tError description:%b%4%n %tSecurity intelligence Version:%b%27%n %tEngine Version:%b%28

�%1 has deleted an item from quarantine.%n For more information please see the following:%n%15%n %tName:%b%11%n %tID:%b%12%n %tSeverity:%b%25%n %tCategory:%b%26%n %tUser:%b%8\%9%n %tSecurity intelligence Version:%b%27%n %tEngine Version:%b%28

�%1 has encountered an error trying to delete an item from quarantine.%n For more information please see the following:%n%15%n %tName:%b%11%n %tID:%b%12%n %tSeverity:%b%25%n %tCategory:%b%26%n %tUser:%b%8\%9%n %tError Code:%b%3%n %tError description:%b%4%n %tSecurity intelligence Version:%b%27%n %tEngine Version:%b%28

�%1 has removed history of malware and other potentially unwanted software.%n %tTime:%b%3%n %tUser:%b%8\%9%n

x%1 has encountered an error trying to remove history of malware and other potentially unwanted software.%n %tTime:%b%3%n %tUser:%b%8\%9%n %tError Code:%b%4%n %tError description:%b%5

H%1 has detected a suspicious behavior.%n %tName:%b%11%n %tID:%b%12%n %tSeverity:%b%25%n %tCategory:%b%26%n %tPath Found:%b%16%n %tDetection Origin:%b%18%n %tDetection Type:%b%22%n %tDetection Source:%b%5%n %tStatus:%b%20%n %tUser:%b%8\%9%n %tProcess Name:%b%7%n %tSecurity intelligence ID:%b%30%n %tSecurity intelligence Version:%b%27%n %tEngine Version:%b%28%n %tFidelity Label: %b%32%n %tTarget File Name: %b%36%n

%1 has detected malware or other potentially unwanted software.%n For more information please see the following:%n%13%n %tName:%b%8%n %tID:%b%7%n %tSeverity:%b%10%n %tCategory:%b%12%n %tPath:%b%22%n %tDetection Origin:%b%24%n %tDetection Type:%b%28%n %tDetection Source:%b%18%n %tUser:%b%20%n %tProcess Name:%b%19%n %tSecurity intelligence Version:%b%41%n %tEngine Version:%b%42

�%1 has taken action to protect this machine from malware or other potentially unwanted software.%n For more information please see the following:%n%13%n %tName:%b%8%n %tID:%b%7%n %tSeverity:%b%10%n %tCategory:%b%12%n %tPath:%b%22%n %tDetection Origin:%b%24%n %tDetection Type:%b%28%n %tDetection Source:%b%18%n %tUser:%b%39%n %tProcess Name:%b%19%n %tAction:%b%31%n %tAction Status: %b%38%n %tError Code:%b%33%n %tError description:%b%34%n %tSecurity intelligence Version:%b%41%n %tEngine Version:%b%42

%1 has encountered a non-critical error when taking action on malware or other potentially unwanted software.%n For more information please see the following:%n%13%n %tName:%b%8%n %tID:%b%7%n %tSeverity:%b%10%n %tCategory:%b%12%n %tPath:%b%22%n %tDetection Origin:%b%24%n %tDetection Type:%b%28%n %tDetection Source:%b%18%n %tUser:%b%39%n %tProcess Name:%b%19%n %tAction:%b%31%n %tAction Status: %b%38%n %tError Code:%b%33%n %tError description:%b%34%n %tSecurity intelligence Version:%b%41%n %tEngine Version:%b%42

%1 has encountered a critical error when taking action on malware or other potentially unwanted software.%n For more information please see the following:%n%13%n %tName:%b%8%n %tID:%b%7%n %tSeverity:%b%10%n %tCategory:%b%12%n %tPath:%b%22%n %tDetection Origin:%b%24%n %tDetection Type:%b%28%n %tDetection Source:%b%18%n %tUser:%b%39%n %tProcess Name:%b%19%n %tAction:%b%31%n %tAction Status: %b%38%n %tError Code:%b%33%n %tError description:%b%34%n %tSecurity intelligence Version:%b%41%n %tEngine Version:%b%42

%1 has deduced the hashes for a threat resource.%n %tCurrent Platform Version:%b%2%n %tThreat resource path:%b%4%n %tHashes:%b%5

�Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator.%n For more information please contact your IT administrator.%n %tID:%b%4%n %tDetection time:%b%5%n %tUser:%b%6%n %tPath:%b%7%n %tProcess Name:%b%8%n %tTarget Commandline:%b%12%n %tParent Commandline:%b%13%n %tInvolved File:%b%14%n %tInheritance Flags:%b%15%n %tSecurity intelligence Version:%b%9%n %tEngine Version:%b%10%n %tProduct Version:%b%2%n

�Microsoft Defender Exploit Guard audited an operation that is not allowed by your IT administrator.%n For more information please contact your IT administrator.%n %tID:%b%4%n %tDetection time:%b%5%n %tUser:%b%6%n %tPath:%b%7%n %tProcess Name:%b%8%n %tTarget Commandline:%b%12%n %tParent Commandline:%b%13%n %tInvolved File:%b%14%n %tInheritance Flags:%b%15%n %tSecurity intelligence Version:%b%9%n %tEngine Version:%b%10%n %tProduct Version:%b%2%n

�%8 has been blocked from modifying %7 by Controlled Folder Access.%n %tDetection time:%b%5%n %tUser:%b%6%n %tPath:%b%7%n %tProcess Name:%b%8%n %tSecurity intelligence Version:%b%9%n %tEngine Version:%b%10%n %tProduct Version:%b%2%n

�%8 would have been blocked from modifying %7 by Controlled Folder Access.%n %tDetection time:%b%5%n %tUser:%b%6%n %tPath:%b%7%n %tProcess Name:%b%8%n %tSecurity intelligence Version:%b%9%n %tEngine Version:%b%10%n %tProduct Version:%b%2%n

�Your IT administrator would have caused Microsoft Defender Exploit Guard to block a potentially dangerous network connection.%n %tDetection time:%b%4%n %tUser:%b%5%n %tDestination:%b%6%n %tProcess Name:%b%7%n

�Your IT administrator has caused Microsoft Defender Exploit Guard to block a potentially dangerous network connection.%n %tDetection time:%b%4%n %tUser:%b%5%n %tDestination:%b%6%n %tProcess Name:%b%7%n

�Controlled Folder Access blocked %8 from making changes to memory.%n %tDetection time:%b%5%n %tUser:%b%6%n %tPath:%b%7%n %tProcess Name:%b%8%n %tSecurity intelligence Version:%b%9%n %tEngine Version:%b%10%n %tProduct Version:%b%2%n

�Controlled Folder Access would have blocked %8 from making changes to memory.%n %tDetection time:%b%5%n %tUser:%b%6%n %tPath:%b%7%n %tProcess Name:%b%8%n %tSecurity intelligence Version:%b%9%n %tEngine Version:%b%10%n %tProduct Version:%b%2%n

HA user has allowed a blocked Microsoft Defender Exploit Guard operation.%n %tID:%b%4%n %tUser:%b%5%n %tPath:%b%6%n %tProcess Name:%b%7%n %tInvolved File:%b%8%n

�%1 has blocked an operation that your administrator doesn't allow.%n For more information please contact your IT administrator.%n %tID:%b%4%n %tState:%b%5%n %tTimestamp:%b%6%n %tAction:%b%7%n %tProcess:%b%8%n %tSource:%b%9%n %tTarget:%b%10%n %tUser:%b%11%n %Security intelligence Version:%b%12%n %tEngine Version:%b%13%n %tProduct Version:%b%2%n

p%1 has audited an operation.%n For more information please contact your IT administrator.%n %tID:%b%4%n %tState:%b%5%n %tTimestamp:%b%6%n %tAction:%b%7%n %tProcess:%b%8%n %tSource:%b%9%n %tTarget:%b%10%n %tUser:%b%11%n %Security intelligence Version:%b%12%n %tEngine Version:%b%13%n %tProduct Version:%b%2%n

@%1 has blocked an operation that your administrator doesn't allow.%nFor more information please contact your IT administrator.%n%tPolicy Version:%b%4%n%tPolicy Rule ID:%b%5%n%tEnforcement Level:%b%6%n%tTimestamp:%b%8%n%tAction Type:%b%9%n%tProcess:%b%10%n%tSource:%b%11%n%tTarget:%b%12%n%tSession ID:%b%13%n%tUser SID:%b%14%n%Security intelligence Version:%b%15%n%tEngine Version:%b%16%n%tProduct Version:%b%2%n

 %1 has audited an operation.%nFor more information please contact your IT administrator.%n%tPolicy Version:%b%4%n%tPolicy Rule ID:%b%5%n%tEnforcement Level:%b%6%n%tAudit Reason:%b%7%n%tTimestamp:%b%8%n%tAction Type:%b%9%n%tProcess:%b%10%n%tSource:%b%11%n%tTarget:%b%12%n%tSession ID:%b%13%n%tUser SID:%b%14%n%Security intelligence Version:%b%15%n%tEngine Version:%b%16%n%tProduct Version:%b%2%n

@Endpoint Protection client is up and running in a healthy state.%n %tPlatform version:%b%2%n %tEngine version:%b%4%n %tSecurity intelligence version:%b%5%n

Endpoint Protection client health report (time in UTC):%n %tPlatform version:%b%2%n %tEngine version:%b%4%n %tNetwork Realtime Inspection engine version:%b%5%n %tAntivirus security intelligence version:%b%6%n %tAntispyware security intelligence version:%b%7%n %tNetwork Realtime Inspection security intelligence version:%b%8%n %tRTP state:%b%9%n %tOA state:%b%10%n %tIOAV state:%b%11%n %tBM state:%b%12%n %tAntivirus security intelligence age:%b%13%n %tAntispyware security intelligence age:%b%14%n %tLast quick scan age:%b%15%n %tLast full scan age:%b%16%n %tAntivirus security intelligence creation time:%b%17%n %tAntispyware security intelligence creation time:%b%18%n %tLast quick scan start time:%b%19%n %tLast quick scan end time:%b%20%n %tLast quick scan source:%b%21%n %tLast full scan start time:%b%22%n %tLast full scan end time:%b%23%n %tLast full scan source:%b%24%n %tProduct status:%b%25%n

�%1 has detected potentially unwanted application(PUA).%n For more information please see the following:%n%13%n %tName:%b%8%n %tID:%b%7%n %tSeverity:%b%10%n %tCategory:%b%12%n %tPath:%b%22%n %tDetection Origin:%b%24%n %tDetection Type:%b%28%n %tDetection Source:%b%18%n %tUser:%b%20%n %tProcess Name:%b%19%n %tSecurity intelligence Version:%b%41%n %tEngine Version:%b%42

8%1 security intelligence version updated.%n %tCurrent security intelligence Version:%b%3%n %tPrevious security intelligence Version:%b%4%n %tSecurity intelligence Type:%b%12%n %tUpdate Type:%b%14%n %tUser:%b%8\%9%n %tCurrent Engine Version:%b%15%n %tPrevious Engine Version:%b%16

�%1 has encountered an error trying to update security intelligence.%n %tNew security intelligence Version:%b%3%n %tPrevious security intelligence Version:%b%4%n %tUpdate Source:%b%6%n %tSecurity intelligence Type:%b%12%n %tUpdate Type:%b%14%n %tUser:%b%8\%9%n %tCurrent Engine Version:%b%15%n %tPrevious Engine Version:%b%16%n %tError code:%b%17%n %tError description:%b%18

�%1 engine version has been updated.%n %tCurrent Engine Version:%b%3%n %tPrevious Engine Version:%b%4%n %tUser:%b%8\%9

x%1 has encountered an error trying to update the engine.%n %tNew Engine Version:%b%3%n %tPrevious Engine Version:%b%4%n %tUser:%b%8\%9%n %tError Code:%b%11%n %tError description:%b%12

$%1 has encountered an error trying to update security intelligence and will attempt to revert to a previous version.%n %tSecurity intelligence Attempted:%b%4%n %tError Code:%b%5%n %tError description:%b%6%n %tSecurity intelligence Version:%b%9%n %tEngine Version:%b%10

�%1 could not load antimalware engine because current platform version is not supported. %1 will revert back to the last known-good engine and a platform update will be attempted.%n %tCurrent Platform Version:%b%2

 %1 has encountered an error trying to update the platform.%n %tCurrent Platform Version:%b%2%n %tError code:%b%4%n %tError description:%b%5

�%1 will soon require a newer platform version to support future versions of the antimalware engine. Download the latest %1 platform to maintain the best level of protection available.%n %tCurrent Platform Version:%b%2

%1 platform update update to %4 is paused due to system activity. For more details see the latest MpLog*.log entry under ProgramData.%n

X%1 platform update to %4 has resumed.%n

�%1 used cloud protection to get additional security intelligence.%n %tCurrent security intelligence Version:%b%3%n %tSecurity intelligence Type:%b%12%n %tUser:%b%8\%9%n %tCurrent Engine Version:%b%15%n %tCloud protection intelligence Type:%b%23%n %tPersistence Path:%b%24%n %tCloud protection intelligence Version:%b%25%n %tCloud protection intelligence Compilation Timestamp:%b%26%n %tPersistence Limit Type:%b%28%n %tPersistence Limit:%b%29

�%1 used cloud protection to discard obsolete security intelligence updates.%n %tCurrent security intelligence Version:%b%3%n %tSecurity intelligence Type:%b%12%n %tCurrent Engine Version:%b%15%n %tCloud protection intelligence Type:%b%23%n %tPersistence Path:%b%24%n %tCloud protection intelligence Version:%b%25%n %tCloud protection intelligence Compilation Timestamp:%b%26%n %tRemoval Reason:%b%31%n %tPersistence Limit Type:%b%28%n %tPersistence Limit:%b%29

�%1 has encountered an error trying to use cloud protection.%n %tCurrent security intelligence Version:%b%3%n %tSecurity intelligence Type:%b%12%n %tUser:%b%8\%9%n %tCurrent Engine Version:%b%15%n %tError code:%b%17%n %tError description:%b%18 %tCloud protection intelligence Type:%b%23%n %tPersistence Path:%b%24%n %tCloud protection intelligence Version:%b%25%n %tCloud protection intelligence Compilation Timestamp:%b%26%n %tPersistence Limit Type:%b%28%n %tPersistence Limit:%b%29

�%1 discarded all cloud protection intelligence.%n %tUser:%b%8\%9%n %tCurrent Engine Version:%b%15

\%1 platform update to %2 has succeeded.%n

�%1 downloaded and configured Microsoft Defender Antivirus (offline scan) to run on the next reboot.

8%1 has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).%n%tError code:%b%4%n%tError description:%b%5

TThe support for your operating system will expire shortly. Running %1 on an out of support operating system is not an adequate solution to protect against threats.%n

DThe support for your operating system has expired. Running %1 on an out of support operating system is not an adequate solution to protect against threats.%n

lThe support for your operating system has expired. %1 is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats.%n

�%1 has uploaded a file for further analysis.%n %tFilename:%b%3%n %tSha256:%b%4%n

�%1 has encountered an error trying to upload a suspicious file for further analysis.%n %tFilename:%b%3%n %tSha256:%b%4%n %tCurrent security intelligence Version:%b%5%n %tCurrent Engine Version:%b%6%n %tError code:%b%7%n

4%1 Real-Time Protection feature has encountered an error and failed.%n %tFeature:%b%3%n %tError Code:%b%5%n %tError description:%b%6%n %tReason:%b%4

�%1 Real-time Protection feature has restarted. It is recommended that you run a full system scan to detect any items that may have been missed while this agent was down.%n %tFeature:%b%3%n %tReason:%b%4

�%1 Real-time Protection scanning for malware and other potentially unwanted software was enabled.

�%1 Real-time Protection scanning for malware and other potentially unwanted software was disabled.

�%1 Real-time Protection feature configuration has changed.%n %tFeature:%b%3%n %tConfiguration:%b%4

X%1 Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.%n %tOld value:%b%3%n %tNew value:%b%4

(%1 engine has been terminated due to an unexpected error.%n %tFailure Type:%b%5%n %tException code:%b%6%n %tResource:%b%3%n %tEngine Code:%b%7

�%1 scanning for spyware and other potentially unwanted software has been enabled.

�%1 scanning for spyware and other potentially unwanted software is disabled.

\%1 scanning for viruses has been enabled.

T%1 scanning for viruses is disabled.

pTamper Protection %3 a change to %1.%n %tValue:%b%4

�%1 Resource Monitor: Memory consumption exceeded its limit.%n %tHit count: %b%3%n %tCurrent Threshold: %b%4

�%1 Resource Monitor: CPU utilization exceeded its limit.%n %tHit count: %b%3%n %tCurrent Threshold: %b%4

�%1 service seemed to be hung during shutdown.%n %tTimout (seconds): %b%3%n %tComponent: %b%4%n %tSelf-terminated: %b%5

p%1 service feature has encountered an error and failed.%n %tFeature:%b%3%n  %tFailure Reason:%b%5%n %tRecommended Mitigation:%b%6%n %tError Code:%b%7%n %tError description:%b%8%n

CRIM`������N��_�߽,x$WEVT<��tX
�`�l�����CHAN����������dMicrosoft-Windows-Windows Defender/OperationalTMicrosoft-Windows-Windows Defender/WHCTTBL��GTEMPH	��U�IKp�]e�����/��ND�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��u�oData]K�Name%Current security intelligence Version
A��w�oData_K�Name&Previous security intelligence Version
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��9�oData!K�NameUnused3
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��k�oDataSK�Name Security intelligence Type Index
A��_�oDataGK�NameSecurity intelligence Type
A��M�oData5K�NameUpdate Type Index
A��A�oData)K�NameUpdate Type

A��W�oData?K�NameCurrent Engine Version
A��Y�oDataAK�NamePrevious Engine Version
(Hl�	$	8	L	`	p	|	�	
(
D
x
 Product Name$Product VersionPCurrent security intelligence VersionTPrevious security intelligence VersionUnusedUnused2Unused3DomainUserSIDHSecurity intelligence Type Index<Security intelligence Type(Update Type IndexUpdate Type4Current Engine Version4Previous Engine VersionTEMP ��P}gR����&�����D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��u�oData]K�Name%Current security intelligence Version
A��w�oData_K�Name&Previous security intelligence Version
A��Q�oData9K�NameUpdate Source Index
A��E�oData-K�Name
Update Source
A��7�oDataK�NameUnused
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��k�oDataSK�Name Security intelligence Type Index
A��_�oDataGK�NameSecurity intelligence Type
A��M�oData5K�NameUpdate Type Index
A��A�oData)K�NameUpdate Type

A��W�oData?K�NameCurrent Engine Version
A��Y�oDataAK�NamePrevious Engine Version
A��?�oData'K�Name
Error Code
A��M�oData5K�NameError Description
A��O�oData7K�NameUpdate State Index
A��C�oData+K�NameUpdate State
A��A�oData)K�NameSource Path
x��`������8t��� <d�� Product Name$Product VersionPCurrent security intelligence VersionTPrevious security intelligence Version,Update Source Index Update SourceUnusedDomainUserSIDHSecurity intelligence Type Index<Security intelligence Type(Update Type IndexUpdate Type4Current Engine Version4Previous Engine VersionError Code(Error Description,Update State Index Update StateSource PathTEMP����]J^e�Vł?y�4�����D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��W�oData?K�NameCurrent Engine Version
A��Y�oDataAK�NamePrevious Engine Version
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��9�oData!K�NameUnused3
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��9�oData!K�NameUnused4
A��9�oData!K�NameUnused5
A��E�oData-K�Name
Feature Index
A��C�oData+K�NameFeature Name

0T�����(<Pp Product Name$Product Version4Current Engine Version4Previous Engine VersionUnusedUnused2Unused3DomainUserSIDUnused4Unused5 Feature Index Feature NameTEMP�!�!�76�W	ı#.�Y���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��W�oData?K�NameCurrent Engine Version
A��Y�oDataAK�NamePrevious Engine Version
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��9�oData!K�NameUnused3
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��?�oData'K�Name
Error Code
A��M�oData5K�NameError Description
A��O�oData7K�NameUpdate State Index
A��C�oData+K�NameUpdate State

�"#<#p#�#�#�#�#�#$$,$T$�$ Product Name$Product Version4Current Engine Version4Previous Engine VersionUnusedUnused2Unused3DomainUserSIDError Code(Error Description,Update State Index Update StateTEMPX

h(ԋ�f��U�'�dP�C���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��u�oData]K�Name%Security intelligence Attempted Index
A��i�oDataQK�NameSecurity intelligence Attempted
A��?�oData'K�Name
Error Code
A��M�oData5K�NameError Description
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��u�oData]K�Name%Loading security intelligence version
A��W�oData?K�NameLoading engine version
	0)P)t)�)*$*L*`*t*�* Product Name$Product VersionPSecurity intelligence Attempted IndexDSecurity intelligence AttemptedError Code(Error DescriptionUnusedUnused2PLoading security intelligence version4Loading engine versionTEMP��4�FK���[݇�|бm���	D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��u�oData]K�Name%Current security intelligence Version
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��9�oData!K�NameUnused3
A��9�oData!K�NameUnused4
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��k�oDataSK�Name Security intelligence Type Index
A��_�oDataGK�NameSecurity intelligence Type
A��9�oData!K�NameUnused5
A��9�oData!K�NameUnused6

A��W�oData?K�NameCurrent Engine Version
A��9�oData!K�NameUnused7
A��9�oData!K�NameUnused8
A��9�oData!K�NameUnused9
A��;�oData#K�NameUnused10
A��;�oData#K�NameUnused11
A��;�oData#K�NameUnused12
A��{�oDatacK�Name(Cloud protection intelligence Type Index
A��o�oDataWK�Name"Cloud protection intelligence Type
A��K�oData3K�NamePersistence Path
A��u�oData]K�Name%Cloud protection intelligence Version
A����oDatayK�Name3Cloud protection intelligence Compilation Timestamp
A��c�oDataKK�NamePersistence Limit Type Index
A��W�oData?K�NamePersistence Limit Type
A��Y�oDataAK�NamePersistence Limit Value
707T7�7�7�7�7�788$8l8�8�8�899,9@9X9p9�9�9,:T:�:;P;�; Product Name$Product VersionPCurrent security intelligence VersionUnusedUnused2Unused3Unused4DomainUserSIDHSecurity intelligence Type Index<Security intelligence TypeUnused5Unused64Current Engine VersionUnused7Unused8Unused9Unused10Unused11Unused12XCloud protection intelligence Type IndexLCloud protection intelligence Type(Persistence PathPCloud protection intelligence VersionlCloud protection intelligence Compilation Timestamp@Persistence Limit Type Index4Persistence Limit Type4Persistence Limit ValueTEMP�@F��-��ا]�5����'���T
D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��u�oData]K�Name%Current security intelligence Version
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��9�oData!K�NameUnused3
A��9�oData!K�NameUnused4
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��k�oDataSK�Name Security intelligence Type Index
A��_�oDataGK�NameSecurity intelligence Type
A��9�oData!K�NameUnused5
A��9�oData!K�NameUnused6

A��W�oData?K�NameCurrent Engine Version
A��9�oData!K�NameUnused7
A��9�oData!K�NameUnused8
A��9�oData!K�NameUnused9
A��;�oData#K�NameUnused10
A��;�oData#K�NameUnused11
A��;�oData#K�NameUnused12
A��{�oDatacK�Name(Cloud protection intelligence Type Index
A��o�oDataWK�Name"Cloud protection intelligence Type
A��K�oData3K�NamePersistence Path
A��u�oData]K�Name%Cloud protection intelligence Version
A����oDatayK�Name3Cloud protection intelligence Compilation Timestamp
A��c�oDataKK�NamePersistence Limit Type Index
A��W�oData?K�NamePersistence Limit Type
A��Y�oDataAK�NamePersistence Limit Value
A��S�oData;K�NameRemoval Reason Index
A��S�oData;K�NameRemoval Reason Value
�H�H�H@ITIhI|I�I�I�I�IJDJXJlJ�J�J�J�J�JK$K|K�K�K@L�L�L MTM�M Product Name$Product VersionPCurrent security intelligence VersionUnusedUnused2Unused3Unused4DomainUserSIDHSecurity intelligence Type Index<Security intelligence TypeUnused5Unused64Current Engine VersionUnused7Unused8Unused9Unused10Unused11Unused12XCloud protection intelligence Type IndexLCloud protection intelligence Type(Persistence PathPCloud protection intelligence VersionlCloud protection intelligence Compilation Timestamp@Persistence Limit Type Index4Persistence Limit Type4Persistence Limit Value0Removal Reason Index0Removal Reason ValueTEMP��WV��*t�Q��*�;4�K���	D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��u�oData]K�Name%Current security intelligence Version
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��9�oData!K�NameUnused3
A��9�oData!K�NameUnused4
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��k�oDataSK�Name Security intelligence Type Index
A��_�oDataGK�NameSecurity intelligence Type
A��9�oData!K�NameUnused5
A��9�oData!K�NameUnused6

A��W�oData?K�NameCurrent Engine Version
A��9�oData!K�NameUnused7
A��?�oData'K�Name
Error Code
A��M�oData5K�NameError Description
A��9�oData!K�NameUnused8
A��9�oData!K�NameUnused9
A��;�oData#K�NameUnused10
A��{�oDatacK�Name(Cloud protection intelligence Type Index
A��o�oDataWK�Name"Cloud protection intelligence Type
A��K�oData3K�NamePersistence Path
A��u�oData]K�Name%Cloud protection intelligence Version
A����oDatayK�Name3Cloud protection intelligence Compilation Timestamp
A��c�oDataKK�NamePersistence Limit Type Index
A��W�oData?K�NamePersistence Limit Type
A��Y�oDataAK�NamePersistence Limit Value
�YZ(ZxZ�Z�Z�Z�Z�Z�Z�Z@[|[�[�[�[�[\0\D\X\p\�\]<]�]�]8^l^ Product Name$Product VersionPCurrent security intelligence VersionUnusedUnused2Unused3Unused4DomainUserSIDHSecurity intelligence Type Index<Security intelligence TypeUnused5Unused64Current Engine VersionUnused7Error Code(Error DescriptionUnused8Unused9Unused10XCloud protection intelligence Type IndexLCloud protection intelligence Type(Persistence PathPCloud protection intelligence VersionlCloud protection intelligence Compilation Timestamp@Persistence Limit Type Index4Persistence Limit Type4Persistence Limit ValueTEMP�hcǾ�9���V64"������D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��u�oData]K�Name%Current security intelligence Version
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��9�oData!K�NameUnused3
A��9�oData!K�NameUnused4
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��k�oDataSK�Name Security intelligence Type Index
A��_�oDataGK�NameSecurity intelligence Type
A��9�oData!K�NameUnused5
A��9�oData!K�NameUnused6

A��W�oData?K�NameCurrent Engine Version
�d�d�d(e<ePedexe�e�e�e�e,f@fTf Product Name$Product VersionPCurrent security intelligence VersionUnusedUnused2Unused3Unused4DomainUserSIDHSecurity intelligence Type Index<Security intelligence TypeUnused5Unused64Current Engine VersionTEMPTpg<�+�p!Y�4p�N^���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
�g�g Product Name$Product VersionTEMP��iO�U��W�'���������D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��7�oDataK�NameUnused
A��?�oData'K�Name
Error Code
A��M�oData5K�NameError Description
j jDjXjtj Product Name$Product VersionUnusedError Code(Error DescriptionTEMPT�k<�+�p!Y�4p�N^���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
�k�k Product Name$Product VersionTEMPXpm�]�6��[�]&�ڲ��LD�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��7�oDataK�NameUnused
A��S�oData;K�NameNew Platform Version
�m�mnn Product Name$Product VersionUnused0New Platform VersionTEMPX�o�]�6��[�]&�ڲ��LD�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��7�oDataK�NameUnused
A��S�oData;K�NameNew Platform Version
p8p\ppp Product Name$Product VersionUnused0New Platform VersionTEMPT�q<�+�p!Y�4p�N^���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
�q�q Product Name$Product VersionTEMPT�r<�+�p!Y�4p�N^���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
s$s Product Name$Product VersionTEMP�uO�U��W�'���������D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��7�oDataK�NameUnused
A��?�oData'K�Name
Error Code
A��M�oData5K�NameError Description
lu�u�u�u�u Product Name$Product VersionUnusedError Code(Error DescriptionTEMP� wj\c��Y{�t��&&Z���D�	EventDataA��C�oData+K�NameProduct Name
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
\w|w�w Product NameUnusedUnused2TEMP��xj\c��Y{�t��&&Z���D�	EventDataA��C�oData+K�NameProduct Name
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
�xy,y Product NameUnusedUnused2TEMP�Xzj\c��Y{�t��&&Z���D�	EventDataA��C�oData+K�NameProduct Name
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
�z�z�z Product NameUnusedUnused2TEMP(D|�nT:rP[�/�������4D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��;�oData#K�NameFilename
A��7�oDataK�NameSha256
�|�|�|�| Product Name$Product VersionFilenameSha256TEMP$�ʝ�'qVC�x��ITw��TD�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��;�oData#K�NameFilename
A��7�oDataK�NameSha256
A��u�oData]K�Name%Current security intelligence Version
A��W�oData?K�NameCurrent Engine Version
A��?�oData'K�Name
Error Code
�8�\�t���؀� Product Name$Product VersionFilenameSha256PCurrent security intelligence Version4Current Engine VersionError CodeTEMPT�<�+�p!Y�4p�N^���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
8�X� Product Name$Product VersionTEMPD�o��!�C�]�	���k��BD�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��?�oData'K�Name
Error Code
A��A�oData)K�NameHttp Status
D�d����� Product Name$Product VersionError CodeHttp StatusTEMP�(�Ի��\�~,9����2D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��9�oData!K�NameScan ID
A��I�oData1K�NameScan Type Index
A��=�oData%K�Name	Scan Type
A��U�oData=K�NameScan Parameters Index
A��I�oData1K�NameScan Parameters
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��G�oData/K�NameScan Resources
�$�H�\�����ȉ���� Product Name$Product VersionScan ID$Scan Type IndexScan Type0Scan Parameters Index$Scan ParametersDomainUserSID$Scan ResourcesTEMP�

P���?�#��S�a�}.1:���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��9�oData!K�NameScan ID
A��I�oData1K�NameScan Type Index
A��=�oData%K�Name	Scan Type
A��U�oData=K�NameScan Parameters Index
A��I�oData1K�NameScan Parameters
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��I�oData1K�NameScan Time Hours
A��M�oData5K�NameScan Time Minutes
A��M�oData5K�NameScan Time Seconds
T�t�����Џ��<�P�`�l����� Product Name$Product VersionScan ID$Scan Type IndexScan Type0Scan Parameters Index$Scan ParametersDomainUserSID$Scan Time Hours(Scan Time Minutes(Scan Time SecondsTEMP�

����VY�Z{�	R�ϸ���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��9�oData!K�NameScan ID
A��I�oData1K�NameScan Type Index
A��=�oData%K�Name	Scan Type
A��U�oData=K�NameScan Parameters Index
A��I�oData1K�NameScan Parameters
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	�����<�T�������̕ Product Name$Product VersionScan ID$Scan Type IndexScan Type0Scan Parameters Index$Scan ParametersDomainUserSIDTEMP�

���VY�Z{�	R�ϸ���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��9�oData!K�NameScan ID
A��I�oData1K�NameScan Type Index
A��=�oData%K�Name	Scan Type
A��U�oData=K�NameScan Parameters Index
A��I�oData1K�NameScan Parameters
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	��ؙ���4�L�|�����Ě Product Name$Product VersionScan ID$Scan Type IndexScan Type0Scan Parameters Index$Scan ParametersDomainUserSIDTEMP�

���VY�Z{�	R�ϸ���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��9�oData!K�NameScan ID
A��I�oData1K�NameScan Type Index
A��=�oData%K�Name	Scan Type
A��U�oData=K�NameScan Parameters Index
A��I�oData1K�NameScan Parameters
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	��О��,�D�t������� Product Name$Product VersionScan ID$Scan Type IndexScan Type0Scan Parameters Index$Scan ParametersDomainUserSIDTEMP|��@�q���U��#mߖ$��~D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��9�oData!K�NameScan ID
A��I�oData1K�NameScan Type Index
A��=�oData%K�Name	Scan Type
A��U�oData=K�NameScan Parameters Index
A��I�oData1K�NameScan Parameters
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��?�oData'K�Name
Error Code
A��M�oData5K�NameError Description
l�����Ĥ��0�T�h�x����� Product Name$Product VersionScan ID$Scan Type IndexScan Type0Scan Parameters Index$Scan ParametersDomainUserSIDError Code(Error DescriptionTEMP\\�(}<A�xX��xhg����`D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��C�oData+K�NameDetection ID
A��W�oData?K�NameDetection Source Index
A��K�oData3K�NameDetection Source
A��7�oDataK�NameUnused
A��C�oData+K�NameProcess Name
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��A�oData)K�NameThreat Name
A��=�oData%K�Name	Threat ID
A��A�oData)K�NameSeverity ID
A��A�oData)K�NameCategory ID

A��7�oDataK�NameFWLink
A��?�oData'K�Name
Path Found
A��W�oData?K�NameDetection Origin Index
A��K�oData3K�NameDetection Origin
A��W�oData?K�NameExecution Status Index
A��K�oData3K�NameExecution Status
A��S�oData;K�NameDetection Type Index
A��G�oData/K�NameDetection Type
A��9�oData!K�NameUnused2
A��9�oData!K�NameUnused3
A��E�oData-K�Name
Severity Name
A��E�oData-K�Name
Category Name
A��e�oDataMK�NameSecurity intelligence Version
A��G�oData/K�NameEngine Version
����а�$�L�`���������̱���0�L�����ܲ�4�X�l�������� Product Name$Product Version Detection ID4Detection Source Index(Detection SourceUnused Process NameDomainUserSIDThreat NameThreat IDSeverity IDCategory IDFWLinkPath Found4Detection Origin Index(Detection Origin4Execution Status Index(Execution Status0Detection Type Index$Detection TypeUnused2Unused3 Severity Name Category Name@Security intelligence Version$Engine VersionTEMPD
4���~��G@XJt�[L����D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��C�oData+K�NameDetection ID
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��A�oData)K�NameStatus Code
A��O�oData7K�NameStatus Description
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��A�oData)K�NameThreat Name
A��=�oData%K�Name	Threat ID
A��A�oData)K�NameSeverity ID
A��A�oData)K�NameCategory ID

A��7�oDataK�NameFWLink
A��3�oDataK�NamePath
A��9�oData!K�NameUnused3
A��9�oData!K�NameUnused4
A��U�oData=K�NameCleaning Action Index
A��I�oData1K�NameCleaning Action
A��9�oData!K�NameUnused5
A��9�oData!K�NameUnused6
A��9�oData!K�NameUnused7
A��9�oData!K�NameUnused8
A��E�oData-K�Name
Severity Name
A��E�oData-K�Name
Category Name
A��e�oDataMK�NameSecurity intelligence Version
A��G�oData/K�NameEngine Version
d�����Ⱦܾ��8�L�\�h�������Կ���� �P�t����������D� Product Name$Product Version Detection IDUnusedUnused2Status Code,Status DescriptionDomainUserSIDThreat NameThreat IDSeverity IDCategory IDFWLinkPathUnused3Unused40Cleaning Action Index$Cleaning ActionUnused5Unused6Unused7Unused8 Severity Name Category Name@Security intelligence Version$Engine VersionTEMP|
��F�ֹ>S�T���c���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��C�oData+K�NameDetection ID
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��A�oData)K�NameStatus Code
A��O�oData7K�NameStatus Description
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��A�oData)K�NameThreat Name
A��=�oData%K�Name	Threat ID
A��A�oData)K�NameSeverity ID
A��A�oData)K�NameCategory ID

A��7�oDataK�NameFWLink
A��3�oDataK�NamePath
A��9�oData!K�NameUnused3
A��9�oData!K�NameUnused4
A��U�oData=K�NameCleaning Action Index
A��I�oData1K�NameCleaning Action
A��?�oData'K�Name
Error Code
A��M�oData5K�NameError Description
A��9�oData!K�NameUnused5
A��9�oData!K�NameUnused6
A��E�oData-K�Name
Severity Name
A��E�oData-K�Name
Category Name
A��e�oDataMK�NameSecurity intelligence Version
A��G�oData/K�NameEngine Version
�����(�<�P�l��������������4�H�X�l����������,�@�`����� Product Name$Product Version Detection IDUnusedUnused2Status Code,Status DescriptionDomainUserSIDThreat NameThreat IDSeverity IDCategory IDFWLinkPathUnused3Unused40Cleaning Action Index$Cleaning ActionError Code(Error DescriptionUnused5Unused6 Severity Name Category Name@Security intelligence Version$Engine VersionTEMP����59��$S=
�O��4���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��9�oData!K�NameUnused3
A��9�oData!K�NameUnused4
A��9�oData!K�NameUnused5
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��A�oData)K�NameThreat Name
A��=�oData%K�Name	Threat ID
A��A�oData)K�NameSeverity ID
A��A�oData)K�NameCategory ID

A��7�oDataK�NameFWLink
A��3�oDataK�NamePath
A��9�oData!K�NameUnused6
A��9�oData!K�NameUnused7
A��9�oData!K�NameUnused8
A��9�oData!K�NameUnused9
A��;�oData#K�NameUnused10
A��;�oData#K�NameUnused11
A��;�oData#K�NameUnused12
A��;�oData#K�NameUnused13
A��E�oData-K�Name
Severity Name
A��E�oData-K�Name
Category Name
A��e�oDataMK�NameSecurity intelligence Version
A��G�oData/K�NameEngine Version
�����0�D�X�l���������������0�@�T�h�|������������0�p� Product Name$Product VersionUnusedUnused2Unused3Unused4Unused5DomainUserSIDThreat NameThreat IDSeverity IDCategory IDFWLinkPathUnused6Unused7Unused8Unused9Unused10Unused11Unused12Unused13 Severity Name Category Name@Security intelligence Version$Engine VersionTEMP�p�2��z��Z�}yI�Qw����D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��?�oData'K�Name
Error Code
A��M�oData5K�NameError Description
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��9�oData!K�NameUnused3
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��A�oData)K�NameThreat Name
A��=�oData%K�Name	Threat ID
A��A�oData)K�NameSeverity ID
A��A�oData)K�NameCategory ID

A��7�oDataK�NameFWLink
A��3�oDataK�NamePath
A��9�oData!K�NameUnused4
A��9�oData!K�NameUnused5
A��9�oData!K�NameUnused6
A��9�oData!K�NameUnused7
A��9�oData!K�NameUnused8
A��9�oData!K�NameUnused9
A��;�oData#K�NameUnused10
A��;�oData#K�NameUnused11
A��E�oData-K�Name
Severity Name
A��E�oData-K�Name
Category Name
A��e�oDataMK�NameSecurity intelligence Version
A��G�oData/K�NameEngine Version
�������(�<�P�d�x�������������$�8�L�`�t������������L� Product Name$Product VersionError Code(Error DescriptionUnusedUnused2Unused3DomainUserSIDThreat NameThreat IDSeverity IDCategory IDFWLinkPathUnused4Unused5Unused6Unused7Unused8Unused9Unused10Unused11 Severity Name Category Name@Security intelligence Version$Engine VersionTEMP�4��59��$S=
�O��4���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��9�oData!K�NameUnused3
A��9�oData!K�NameUnused4
A��9�oData!K�NameUnused5
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��A�oData)K�NameThreat Name
A��=�oData%K�Name	Threat ID
A��A�oData)K�NameSeverity ID
A��A�oData)K�NameCategory ID

A��7�oDataK�NameFWLink
A��3�oDataK�NamePath
A��9�oData!K�NameUnused6
A��9�oData!K�NameUnused7
A��9�oData!K�NameUnused8
A��9�oData!K�NameUnused9
A��;�oData#K�NameUnused10
A��;�oData#K�NameUnused11
A��;�oData#K�NameUnused12
A��;�oData#K�NameUnused13
A��E�oData-K�Name
Severity Name
A��E�oData-K�Name
Category Name
A��e�oDataMK�NameSecurity intelligence Version
A��G�oData/K�NameEngine Version
d�������������� �0�<�X�p���������������4�L�d�|������� Product Name$Product VersionUnusedUnused2Unused3Unused4Unused5DomainUserSIDThreat NameThreat IDSeverity IDCategory IDFWLinkPathUnused6Unused7Unused8Unused9Unused10Unused11Unused12Unused13 Severity Name Category Name@Security intelligence Version$Engine VersionTEMP���2��z��Z�}yI�Qw����D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��?�oData'K�Name
Error Code
A��M�oData5K�NameError Description
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��9�oData!K�NameUnused3
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��A�oData)K�NameThreat Name
A��=�oData%K�Name	Threat ID
A��A�oData)K�NameSeverity ID
A��A�oData)K�NameCategory ID

A��7�oDataK�NameFWLink
A��3�oDataK�NamePath
A��9�oData!K�NameUnused4
A��9�oData!K�NameUnused5
A��9�oData!K�NameUnused6
A��9�oData!K�NameUnused7
A��9�oData!K�NameUnused8
A��9�oData!K�NameUnused9
A��;�oData#K�NameUnused10
A��;�oData#K�NameUnused11
A��E�oData-K�Name
Severity Name
A��E�oData-K�Name
Category Name
A��e�oDataMK�NameSecurity intelligence Version
A��G�oData/K�NameEngine Version
,�L�p�������� <Tp������(@Xx�� Product Name$Product VersionError Code(Error DescriptionUnusedUnused2Unused3DomainUserSIDThreat NameThreat IDSeverity IDCategory IDFWLinkPathUnused4Unused5Unused6Unused7Unused8Unused9Unused10Unused11 Severity Name Category Name@Security intelligence Version$Engine VersionTEMP�

�K�4?y{�X�0���G3���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��=�oData%K�Name	Timestamp
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��9�oData!K�NameUnused3
A��9�oData!K�NameUnused4
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	����$8L`p Product Name$Product VersionTimestampUnusedUnused2Unused3Unused4DomainUserSIDTEMP�

p	��1��Z+������6���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��=�oData%K�Name	Timestamp
A��?�oData'K�Name
Error Code
A��M�oData5K�NameError Description
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	8
X
|
�
�
�
�
$ Product Name$Product VersionTimestampError Code(Error DescriptionUnusedUnused2DomainUserSIDTEMP�%%p�ʾN̢�R�������D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��C�oData+K�NameDetection ID
A��W�oData?K�NameDetection Source Index
A��K�oData3K�NameDetection Source
A��7�oDataK�NameUnused
A��C�oData+K�NameProcess Name
A��7�oDataK�NameDomain
A��3�oDataK�NameUser
A��1�oDataK�NameSID
	A��A�oData)K�NameThreat Name
A��=�oData%K�Name	Threat ID
A��A�oData)K�NameSeverity ID
A��A�oData)K�NameCategory ID

A��7�oDataK�NameFWLink
A��?�oData'K�Name
Path Found
A��W�oData?K�NameDetection Origin Index
A��K�oData3K�NameDetection Origin
A��W�oData?K�NameExecution Status Index
A��K�oData3K�NameExecution Status
A��S�oData;K�NameDetection Type Index
A��G�oData/K�NameDetection Type
A��9�oData!K�NameUnused2
A��9�oData!K�NameUnused3
A��E�oData-K�Name
Severity Name
A��E�oData-K�Name
Category Name
A��e�oDataMK�NameSecurity intelligence Version
A��G�oData/K�NameEngine Version
A��?�oData'K�Name
Process ID
A��[�oDataCK�NameSecurity intelligence ID
A��E�oData-K�Name
FidelityValue
A��E�oData-K�Name
FidelityLabel
A��I�oData1K�NameImage File Hash
 A��9�oData!K�NameUnused4
!A��9�oData!K�NameUnused5
"A��G�oData/K�NameTargetFileName
#A��G�oData/K�NameTargetFileHash
$Tt���(H\lx�����Hp��� 4Hh���@`����� Product Name$Product Version Detection ID4Detection Source Index(Detection SourceUnused Process NameDomainUserSIDThreat NameThreat IDSeverity IDCategory IDFWLinkPath Found4Detection Origin Index(Detection Origin4Execution Status Index(Execution Status0Detection Type Index$Detection TypeUnused2Unused3 Severity Name Category Name@Security intelligence Version$Engine VersionProcess ID8Security intelligence ID FidelityValue FidelityLabel$Image File HashUnused4Unused5$TargetFileName$TargetFileHashTEMP�**�*�)�{�4P�
�C39F���<D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��C�oData+K�NameDetection ID
A��G�oData/K�NameDetection Time
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��=�oData%K�Name	Threat ID
A��A�oData)K�NameThreat Name
A��A�oData)K�NameSeverity ID
A��E�oData-K�Name
Severity Name
	A��A�oData)K�NameCategory ID
A��E�oData-K�Name
Category Name
A��7�oDataK�NameFWLink
A��A�oData)K�NameStatus Code

A��O�oData7K�NameStatus Description
A��5�oDataK�NameState
A��=�oData%K�Name	Source ID
A��A�oData)K�NameSource Name
A��C�oData+K�NameProcess Name
A��G�oData/K�NameDetection User
A��9�oData!K�NameUnused3
A��3�oDataK�NamePath
A��=�oData%K�Name	Origin ID
A��A�oData)K�NameOrigin Name
A��C�oData+K�NameExecution ID
A��G�oData/K�NameExecution Name
A��9�oData!K�NameType ID
A��=�oData%K�Name	Type Name
A��S�oData;K�NamePre Execution Status
A��=�oData%K�Name	Action ID
A��A�oData)K�NameAction Name
A��9�oData!K�NameUnused4
A��?�oData'K�Name
Error Code
 A��M�oData5K�NameError Description
!A��9�oData!K�NameUnused5
"A��M�oData5K�NamePost Clean Status
#A��U�oData=K�NameAdditional Actions ID
$A��]�oDataEK�NameAdditional Actions String
%A��K�oData3K�NameRemediation User
&A��9�oData!K�NameUnused6
'A��e�oDataMK�NameSecurity intelligence Version
(A��G�oData/K�NameEngine Version
)�-�-.0.T.h.|.�.�.�.�./(/</X/�/�/�/�/�/0 000H0d0�0�0�0�01181L1h1�1�1�1�142\2p2�2 Product Name$Product Version Detection ID$Detection TimeUnusedUnused2Threat IDThreat NameSeverity ID Severity NameCategory ID Category NameFWLinkStatus Code,Status DescriptionStateSource IDSource Name Process Name$Detection UserUnused3PathOrigin IDOrigin Name Execution ID$Execution NameType IDType Name0Pre Execution StatusAction IDAction NameUnused4Error Code(Error DescriptionUnused5(Post Clean Status0Additional Actions ID8Additional Actions String(Remediation UserUnused6@Security intelligence Version$Engine VersionTEMP�**D?�)�{�4P�
�C39F���<D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��C�oData+K�NameDetection ID
A��G�oData/K�NameDetection Time
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��=�oData%K�Name	Threat ID
A��A�oData)K�NameThreat Name
A��A�oData)K�NameSeverity ID
A��E�oData-K�Name
Severity Name
	A��A�oData)K�NameCategory ID
A��E�oData-K�Name
Category Name
A��7�oDataK�NameFWLink
A��A�oData)K�NameStatus Code

A��O�oData7K�NameStatus Description
A��5�oDataK�NameState
A��=�oData%K�Name	Source ID
A��A�oData)K�NameSource Name
A��C�oData+K�NameProcess Name
A��G�oData/K�NameDetection User
A��9�oData!K�NameUnused3
A��3�oDataK�NamePath
A��=�oData%K�Name	Origin ID
A��A�oData)K�NameOrigin Name
A��C�oData+K�NameExecution ID
A��G�oData/K�NameExecution Name
A��9�oData!K�NameType ID
A��=�oData%K�Name	Type Name
A��S�oData;K�NamePre Execution Status
A��=�oData%K�Name	Action ID
A��A�oData)K�NameAction Name
A��9�oData!K�NameUnused4
A��?�oData'K�Name
Error Code
 A��M�oData5K�NameError Description
!A��9�oData!K�NameUnused5
"A��M�oData5K�NamePost Clean Status
#A��U�oData=K�NameAdditional Actions ID
$A��]�oDataEK�NameAdditional Actions String
%A��K�oData3K�NameRemediation User
&A��9�oData!K�NameUnused6
'A��e�oDataMK�NameSecurity intelligence Version
(A��G�oData/K�NameEngine Version
)�B�B�B�BC(C<CTCpC�C�C�C�C�CDDDTDlD�D�D�D�D�DE$EDEhE|E�E�E�E�EF(FPFdF�F�F�FG0GpG Product Name$Product Version Detection ID$Detection TimeUnusedUnused2Threat IDThreat NameSeverity ID Severity NameCategory ID Category NameFWLinkStatus Code,Status DescriptionStateSource IDSource Name Process Name$Detection UserUnused3PathOrigin IDOrigin Name Execution ID$Execution NameType IDType Name0Pre Execution StatusAction IDAction NameUnused4Error Code(Error DescriptionUnused5(Post Clean Status0Additional Actions ID8Additional Actions String(Remediation UserUnused6@Security intelligence Version$Engine VersionTEMP�**T�)�{�4P�
�C39F���<D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��C�oData+K�NameDetection ID
A��G�oData/K�NameDetection Time
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��=�oData%K�Name	Threat ID
A��A�oData)K�NameThreat Name
A��A�oData)K�NameSeverity ID
A��E�oData-K�Name
Severity Name
	A��A�oData)K�NameCategory ID
A��E�oData-K�Name
Category Name
A��7�oDataK�NameFWLink
A��A�oData)K�NameStatus Code

A��O�oData7K�NameStatus Description
A��5�oDataK�NameState
A��=�oData%K�Name	Source ID
A��A�oData)K�NameSource Name
A��C�oData+K�NameProcess Name
A��G�oData/K�NameDetection User
A��9�oData!K�NameUnused3
A��3�oDataK�NamePath
A��=�oData%K�Name	Origin ID
A��A�oData)K�NameOrigin Name
A��C�oData+K�NameExecution ID
A��G�oData/K�NameExecution Name
A��9�oData!K�NameType ID
A��=�oData%K�Name	Type Name
A��S�oData;K�NamePre Execution Status
A��=�oData%K�Name	Action ID
A��A�oData)K�NameAction Name
A��9�oData!K�NameUnused4
A��?�oData'K�Name
Error Code
 A��M�oData5K�NameError Description
!A��9�oData!K�NameUnused5
"A��M�oData5K�NamePost Clean Status
#A��U�oData=K�NameAdditional Actions ID
$A��]�oDataEK�NameAdditional Actions String
%A��K�oData3K�NameRemediation User
&A��9�oData!K�NameUnused6
'A��e�oDataMK�NameSecurity intelligence Version
(A��G�oData/K�NameEngine Version
)LWlW�W�W�W�W�WX0XLXlX�X�X�X�XYY,YHYhY�Y�Y�Y�Y�YZ(Z<ZTZ�Z�Z�Z�Z�Z[$[L[|[�[�[�[0\ Product Name$Product Version Detection ID$Detection TimeUnusedUnused2Threat IDThreat NameSeverity ID Severity NameCategory ID Category NameFWLinkStatus Code,Status DescriptionStateSource IDSource Name Process Name$Detection UserUnused3PathOrigin IDOrigin Name Execution ID$Execution NameType IDType Name0Pre Execution StatusAction IDAction NameUnused4Error Code(Error DescriptionUnused5(Post Clean Status0Additional Actions ID8Additional Actions String(Remediation UserUnused6@Security intelligence Version$Engine VersionTEMP�**�h�)�{�4P�
�C39F���<D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��C�oData+K�NameDetection ID
A��G�oData/K�NameDetection Time
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��=�oData%K�Name	Threat ID
A��A�oData)K�NameThreat Name
A��A�oData)K�NameSeverity ID
A��E�oData-K�Name
Severity Name
	A��A�oData)K�NameCategory ID
A��E�oData-K�Name
Category Name
A��7�oDataK�NameFWLink
A��A�oData)K�NameStatus Code

A��O�oData7K�NameStatus Description
A��5�oDataK�NameState
A��=�oData%K�Name	Source ID
A��A�oData)K�NameSource Name
A��C�oData+K�NameProcess Name
A��G�oData/K�NameDetection User
A��9�oData!K�NameUnused3
A��3�oDataK�NamePath
A��=�oData%K�Name	Origin ID
A��A�oData)K�NameOrigin Name
A��C�oData+K�NameExecution ID
A��G�oData/K�NameExecution Name
A��9�oData!K�NameType ID
A��=�oData%K�Name	Type Name
A��S�oData;K�NamePre Execution Status
A��=�oData%K�Name	Action ID
A��A�oData)K�NameAction Name
A��9�oData!K�NameUnused4
A��?�oData'K�Name
Error Code
 A��M�oData5K�NameError Description
!A��9�oData!K�NameUnused5
"A��M�oData5K�NamePost Clean Status
#A��U�oData=K�NameAdditional Actions ID
$A��]�oDataEK�NameAdditional Actions String
%A��K�oData3K�NameRemediation User
&A��9�oData!K�NameUnused6
'A��e�oDataMK�NameSecurity intelligence Version
(A��G�oData/K�NameEngine Version
)l,lPlpl�l�l�l�l�lm,mHmhm|m�m�m�m�mn(nLn`npn�n�n�n�n�noDo\oxo�o�o�o�op<ptp�p�p�p Product Name$Product Version Detection ID$Detection TimeUnusedUnused2Threat IDThreat NameSeverity ID Severity NameCategory ID Category NameFWLinkStatus Code,Status DescriptionStateSource IDSource Name Process Name$Detection UserUnused3PathOrigin IDOrigin Name Execution ID$Execution NameType IDType Name0Pre Execution StatusAction IDAction NameUnused4Error Code(Error DescriptionUnused5(Post Clean Status0Additional Actions ID8Additional Actions String(Remediation UserUnused6@Security intelligence Version$Engine VersionTEMP��r_w�mHZV� ����1���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��7�oDataK�NameUnused
A��S�oData;K�NameThreat resource path
A��7�oDataK�NameHashes
8sXs|s�s�s Product Name$Product VersionUnused0Threat resource pathHashesTEMP

�v� *�1n^������C!���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��7�oDataK�NameUnused
A��/�oDataK�NameID
A��G�oData/K�NameDetection Time
A��3�oDataK�NameUser
A��3�oDataK�NamePath
A��C�oData+K�NameProcess Name
A��e�oDataMK�NameSecurity intelligence Version
A��G�oData/K�NameEngine Version
	�w�wxx$xHxXxhx�x�x Product Name$Product VersionUnusedID$Detection TimeUserPath Process Name@Security intelligence Version$Engine VersionTEMP��}�h� #�IR��ӄ �%��|D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��7�oDataK�NameUnused
A��/�oDataK�NameID
A��G�oData/K�NameDetection Time
A��3�oDataK�NameUser
A��3�oDataK�NamePath
A��C�oData+K�NameProcess Name
A��e�oDataMK�NameSecurity intelligence Version
A��G�oData/K�NameEngine Version
	A��;�oData#K�NameRuleType
A��O�oData7K�NameTarget Commandline
A��O�oData7K�NameParent Commandline
A��E�oData-K�Name
Involved File

A��M�oData5K�NameInhertiance Flags
�~�~ ,P`p����8�d��� Product Name$Product VersionUnusedID$Detection TimeUserPath Process Name@Security intelligence Version$Engine VersionRuleType,Target Commandline,Parent Commandline Involved File(Inhertiance FlagsTEMP����WW��^V�M�k��D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��/�oDataK�NameID
A��G�oData/K�NameDetection Time
A��3�oDataK�NameUser
A��A�oData)K�NameDestination
A��C�oData+K�NameProcess Name
p���������� Product Name$Product VersionID$Detection TimeUserDestination Process NameTEMP�����W]�ޟo��+��2D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��7�oDataK�NameUnused
A��/�oDataK�NameID
A��3�oDataK�NameUser
A��3�oDataK�NamePath
A��C�oData+K�NameProcess Name
A��E�oData-K�Name
Involved File
8�X�|���������܇ Product Name$Product VersionUnusedIDUserPath Process Name Involved FileTEMP������^�p��q
����D�	EventDataA��C�oData+K�NameProduct Name
A��K�oData3K�NamePlatform version
A��7�oDataK�NameUnused
A��G�oData/K�NameEngine version
A��e�oDataMK�NameSecurity intelligence version
D�d�����Ċ Product Name(Platform versionUnused$Engine version@Security intelligence versionTEMP�ĕ܊�~��^G�����G���
D�	EventDataA��C�oData+K�NameProduct Name
A��K�oData3K�NamePlatform version
A��7�oDataK�NameUnused
A��G�oData/K�NameEngine version
A��O�oData7K�NameNRI engine version
A��k�oDataSK�Name AV security intelligence version
A��k�oDataSK�Name AS security intelligence version
A��m�oDataUK�Name!NRI security intelligence version
A��=�oData%K�Name	RTP state
A��;�oData#K�NameOA state
	A��?�oData'K�Name
IOAV state
A��;�oData#K�NameBM state
A��m�oDataUK�Name!Last AV security intelligence age
A��m�oDataUK�Name!Last AS security intelligence age

A��Q�oData9K�NameLast quick scan age
A��O�oData7K�NameLast full scan age
A��w�oData_K�Name&AV security intelligence creation time
A��w�oData_K�Name&AS security intelligence creation time
A��_�oDataGK�NameLast quick scan start time
A��[�oDataCK�NameLast quick scan end time
A��W�oData?K�NameLast quick scan source
A��]�oDataEK�NameLast full scan start time
A��Y�oDataAK�NameLast full scan end time
A��U�oData=K�NameLast full scan source
A��G�oData/K�NameProduct status
A��U�oData=K�NameLatest engine version
A��M�oData5K�NameEngine up-to-date
A��Y�oDataAK�NameLatest platform version
A��Q�oData9K�NamePlatform up-to-date
�(�P�d�������D�������ؙ�8�����ؚ,������(�`���Ĝ��@�t� Product Name(Platform versionUnused$Engine version,NRI engine versionHAV security intelligence versionHAS security intelligence versionHNRI security intelligence versionRTP stateOA stateIOAV stateBM stateHLast AV security intelligence ageHLast AS security intelligence age,Last quick scan age,Last full scan ageTAV security intelligence creation timeTAS security intelligence creation time<Last quick scan start time8Last quick scan end time4Last quick scan source8Last full scan start time4Last full scan end time0Last full scan source$Product status0Latest engine version(Engine up-to-date4Latest platform version,Platform up-to-dateTEMP�**��)�{�4P�
�C39F���<D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��C�oData+K�NameDetection ID
A��G�oData/K�NameDetection Time
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��=�oData%K�Name	Threat ID
A��A�oData)K�NameThreat Name
A��A�oData)K�NameSeverity ID
A��E�oData-K�Name
Severity Name
	A��A�oData)K�NameCategory ID
A��E�oData-K�Name
Category Name
A��7�oDataK�NameFWLink
A��A�oData)K�NameStatus Code

A��O�oData7K�NameStatus Description
A��5�oDataK�NameState
A��=�oData%K�Name	Source ID
A��A�oData)K�NameSource Name
A��C�oData+K�NameProcess Name
A��G�oData/K�NameDetection User
A��9�oData!K�NameUnused3
A��3�oDataK�NamePath
A��=�oData%K�Name	Origin ID
A��A�oData)K�NameOrigin Name
A��C�oData+K�NameExecution ID
A��G�oData/K�NameExecution Name
A��9�oData!K�NameType ID
A��=�oData%K�Name	Type Name
A��S�oData;K�NamePre Execution Status
A��=�oData%K�Name	Action ID
A��A�oData)K�NameAction Name
A��9�oData!K�NameUnused4
A��?�oData'K�Name
Error Code
 A��M�oData5K�NameError Description
!A��9�oData!K�NameUnused5
"A��M�oData5K�NamePost Clean Status
#A��U�oData=K�NameAdditional Actions ID
$A��]�oDataEK�NameAdditional Actions String
%A��K�oData3K�NameRemediation User
&A��9�oData!K�NameUnused6
'A��e�oDataMK�NameSecurity intelligence Version
(A��G�oData/K�NameEngine Version
)X�x�������� �<�X�x�����Ȯ�� �8�T�t�������ԯ��4�H�`�����İذ��0�X��������<� Product Name$Product Version Detection ID$Detection TimeUnusedUnused2Threat IDThreat NameSeverity ID Severity NameCategory ID Category NameFWLinkStatus Code,Status DescriptionStateSource IDSource Name Process Name$Detection UserUnused3PathOrigin IDOrigin Name Execution ID$Execution NameType IDType Name0Pre Execution StatusAction IDAction NameUnused4Error Code(Error DescriptionUnused5(Post Clean Status0Additional Actions ID8Additional Actions String(Remediation UserUnused6@Security intelligence Version$Engine VersionTEMP���U�J!��WU���:Z�K��D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��C�oData+K�NameFeature Name
A��7�oDataK�NameReason
A��?�oData'K�Name
Error Code
A��M�oData5K�NameError Description
A��?�oData'K�Name
Feature ID
<�\�������� Product Name$Product Version Feature NameReasonError Code(Error DescriptionFeature IDTEMP|H�U�.WFi�].3<<_�]��D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��C�oData+K�NameFeature Name
A��7�oDataK�NameReason
A��7�oDataK�NameUnused
A��9�oData!K�NameUnused2
A��?�oData'K�Name
Feature ID
Ը��8�L�`�t� Product Name$Product Version Feature NameReasonUnusedUnused2Feature IDTEMPTx�<�+�p!Y�4p�N^���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
���� Product Name$Product VersionTEMPT̻<�+�p!Y�4p�N^���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
�� Product Name$Product VersionTEMP0<��W�(.�T��;������D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��C�oData+K�NameFeature Name
A��E�oData-K�Name
Configuration
A��7�oDataK�NameUnused
A��?�oData'K�Name
Feature ID
��Ծ���8�L� Product Name$Product Version Feature Name ConfigurationUnusedFeature IDTEMP4��D��Yd�_�jrl���<D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��=�oData%K�Name	Old Value
A��=�oData%K�Name	New Value
(�H�l��� Product Name$Product VersionOld ValueNew ValueTEMP�����/"«X�en��/��,D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��;�oData#K�NameResource
A��O�oData7K�NameFailure Type Index
A��C�oData+K�NameFailure Type
A��G�oData/K�NameException Code
A��A�oData)K�NameEngine Code
���������0�T� Product Name$Product VersionResource,Failure Type Index Failure Type$Exception CodeEngine CodeTEMPTX�<�+�p!Y�4p�N^���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
���� Product Name$Product VersionTEMPT��<�+�p!Y�4p�N^���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
���� Product Name$Product VersionTEMPT�<�+�p!Y�4p�N^���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
(�H� Product Name$Product VersionTEMPTT�<�+�p!Y�4p�N^���D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
|��� Product Name$Product VersionTEMP�T���h�@hV]��*@%�C��`D�	EventDataA��?�oData'K�Name
hc_stateid
h�hc_stateidTEMP�

8�cr�(5�%X�;٠�����~D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��7�oDataK�NameUnused
A��/�oDataK�NameID
A��5�oDataK�NameState
A��=�oData%K�Name	Timestamp
A��7�oDataK�NameAction
A��9�oData!K�NameProcess
A��7�oDataK�NameSource
A��7�oDataK�NameTarget
	A��3�oDataK�NameUser
A��M�oData5K�NameSignature Version
A��G�oData/K�NameEngine Version
<�\�����������������(�P� Product Name$Product VersionUnusedIDStateTimestampActionProcessSourceTargetUser(Signature Version$Engine VersionTEMPT�FpSiC�V#v/M�o�����D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��7�oDataK�NameUnused
A��G�oData/K�NamePolicy Version
A��G�oData/K�NamePolicy Rule Id
A��M�oData5K�NameEnforcement Level
A��C�oData+K�NameAudit Reason
A��I�oData1K�NameEvent Timestamp
A��A�oData)K�NameAction Type
A��9�oData!K�NameProcess
	A��7�oDataK�NameSource
A��7�oDataK�NameTarget
A��?�oData'K�Name
Session Id
A��;�oData#K�NameUser Sid

A��M�oData5K�NameSignature Version
A��G�oData/K�NameEngine Version
���������4�\�|������������,�T� Product Name$Product VersionUnused$Policy Version$Policy Rule Id(Enforcement Level Audit Reason$Event TimestampAction TypeProcessSourceTargetSession IdUser Sid(Signature Version$Engine VersionTEMP4��/8t���Uő�������:D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��C�oData+K�NameChanged Type
A��5�oDataK�NameValue
8�X�|��� Product Name$Product Version Changed TypeValueTEMP4�l�Aa�~�T��{F1�q���<D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��=�oData%K�Name	Hit Count
A��=�oData%K�Name	Threshold
l������� Product Name$Product VersionHit CountThresholdTEMP4P�l�Aa�~�T��{F1�q���<D�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��=�oData%K�Name	Hit Count
A��=�oData%K�Name	Threshold
�������� Product Name$Product VersionHit CountThresholdTEMP���<��BV]X`0P�$K��xD�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��9�oData!K�NameTimeout
A��=�oData%K�Name	Component
A��9�oData!K�NameCrashed
$�D�h�|��� Product Name$Product VersionTimeoutComponentCrashedTEMP\X���>�(Y�b�c�����zD�	EventDataA��C�oData+K�NameProduct Name
A��I�oData1K�NameProduct Version
A��C�oData+K�NameFeature Name
A��?�oData'K�Name
Failure Id
A��G�oData/K�NameFailure Reason
A��G�oData/K�NameRecommendation
A��?�oData'K�Name
Error Code
A��M�oData5K�NameError Description
���<�\�x������� Product Name$Product Version Feature NameFailure Id$Failure Reason$RecommendationError Code(Error DescriptionPRVA\�Microsoft-Windows-Windows DefenderOPCOLEVL�P��P��P��win:Errorwin:Warning(win:InformationalTASKKEYWEVNTPLe@e�����������������@����������������ؕ�������К�������ȟx������ȥ�������$��������h�x�����������������x������p�������� �x��������������|x������0���\�\����]�]��2���^�^��G���_�_�T\x��`�`�q���a�a��x���b�b��x���c�c��s���d�d��s���e�e������f�f������g�g��s���h�h��s���i�i�0����k�k������l�l������m�m�t����n�n�t����~�~�������������������������d��������
x���������������x�������$x�������f��������gx�������j��������k�������Hn��������*��������;��������Mx�������^��������p��������q�������Hsx������v��������wx������@yx�����z�����}x������`�x�������������������������������8��������h����������x������p�������������������������l��������x����������x��������x�������x�����������<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
�%0�%�	*�H��
��%�0�%�10
	`�He0\
+�7�N0L0
+�70	���010
	`�He �C��ӧ�[u.�*ט}�l���Y�ng��y�'��
�0�	0��3�>�"�4���0
	*�H��
0��10	UUS10U
Washington10URedmond10U
Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110
240912200406Z
250911200406Z0p10	UUS10U
Washington10URedmond10U
Microsoft Corporation10UMicrosoft Windows0�"0
	*�H��
�0�
���a��ya�q�k�o�{��pV���Q���8�i|<5�e�@��^�'�(ْ�.��g�aa`�n!7c,�i���ע�8�K��� }�hZ�����$��hE��@�*�Iƣ���
����o����2�,�����A�ա�����x����֤	N�P��U~�NI�t�3�I��х&Aw��Kk�������i��_hhe�u���v�J�ͷ���_x�|�<-�}-}}HU��[���r��$����0��0U%0
+�7
+0Ul�y�������%��޾����0TUM0K�I0G1-0+U$Microsoft Ireland Operations Limited10U
229879+5029620U#0��)9�ėx͐��O��|U�S0WUP0N0L�J�H�Fhttp://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl%200a+U0S0Q+0�Ehttp://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt0U�00
	*�H��
�e���b�]g��Q��ưr�����!:�MPFa={�
�g��=v{�*+4�5�t]A��r'�+�h��ͤ�`-�TOfT���X��*�Yq�Q[�]�{vC#�%�`�}��_Vv0�b+���K�.Y*B!�ě��Ig6�'�:�rɜ������X����*"�.8�I�ry�cӾ'��������A��G_oe�*\n�;_���'��P_[�ֻE�#u��oڠbۯ��:͡#puyϬ�u�5=o�0��0���
avV0
	*�H��
0��10	UUS10U
Washington10URedmond10U
Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100
111019184142Z
261019185142Z0��10	UUS10U
Washington10URedmond10U
Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110�"0
	*�H��
�0�
�����.	����i�!�i33��T����� ��ҋ�8����-|by��J?5 p���k�6u�1ݍp��7�tF�([�`#,��G�g�Q'�r��ɹ;S5|���'�����#	o�F��n�<A�ˣ?]jM�i%(\6��C
��������['�'x0�[*	k"�S`,�hS��I�a��h	sD]}�T+�y��5]l+\μ�#�on�&�6�O�'��2;A�,���w�TN�\�e�C���mw�Z$�H��C0�?0	+�70U�)9�ėx͐��O��|U�S0	+�7
SubCA0U�0U�0�0U#0��Vˏ�\bh�=��[�Κ�0VUO0M0K�I�G�Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0�>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
	*�H��
��|qQ�y�n��9>�<Rn+?s��h�H�4M��&�1F�ay�8.Ek��(�����	��L
6fj���������@26v�Zƿ���Ӭ�h�b��TlP0X��|���N���|�sW�R!s4Z�V��	����~�����?�rS��c��=1e�������=����BА�_T���G�o�sNA�@�_�*��s�!(���s9_>�\`����	���Q�fG���=�*hw��Lb{��Ǻz�4Kbz����J7�-�W|�=ܸZ��ij�:��n�i!7ށ�ugӓW^)9��-���Es[���z��FX�^���g�l5��?$�5�
u�V��x,��Ј���ߺ~,c��#!�xl�X6+�̤��-����@�E�Ί\k>��p*
j�_G��c
2��6*pZ�BYqKW�~���!<��Ź���E��� ����ŕ�]b֠c �uw}=�E�����W�o3��w�bY~1�*0�&0��0��10	UUS10U
Washington10URedmond10U
Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20113�>�"�4���0
	`�He���0	*�H��
	1
+�70
+�710
+�70/	*�H��
	1" ��I��^���{J�����a�
�v���/��0B
+�71402��Microsoft��http://www.microsoft.com0
	*�H��
�@�;So�"�����c��7q�~r��0��n�����/�W�
Ha�!
��1�#u�j�ʦ)�'Uc��r8�l" ��ʂ	�
[̌��UlŖfi�O��ۋ�!�<Q�*@���}w�6��|zp�jO�z��.=�b_F
�@ +@&�E8=�n�ǁ�z��T8���CQ	��םW~�=�z@p�)�C��
o\@j7�Y�4���1�����V��g��3���tC�T����Z��)�rs�-~N)#���0��
+�71��0��	*�H��
���0��10
	`�He0�Z*�H��
	��I�E0�A
+�Y
010
	`�He |��NS��ϖ }h5��w�I�N�Hlfg�2��G20250312050446.778Z0��٤��0��10	UUS10U
Washington10URedmond10U
Microsoft Corporation1-0+U$Microsoft Ireland Operations Limited1'0%UnShield TSS ESN:521A-05E0-D9471%0#UMicrosoft Time-Stamp Service���0�(0��3ת*V0
	*�H��
0|10	UUS10U
Washington10URedmond10U
Microsoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100
240725183121Z
251022183121Z0��10	UUS10U
Washington10URedmond10U
Microsoft Corporation1-0+U$Microsoft Ireland Operations Limited1'0%UnShield TSS ESN:521A-05E0-D9471%0#UMicrosoft Time-Stamp Service0�"0
	*�H��
�0�
��U�iҤ?d�z����{(�=����/۩��Hf�`��ؤ>��帅 w:.��z��O��i,�R��FP[f����yt����suZ(\v�QI���^�ֳ	��IV�ɳ�K����\�XJ���L��
���6[�@��6:q)�2V.�y%����~)���֜�JI�� J�wނ��y���XP
Y�9͇�:�6�y,��-���}���.��Aq�(8)٨XcX��{�'|�����I��R�a�/�/�v�˄�p�o�<�8e�Y��p�
ۑ-�5���:�su�X���a��u�+L|`=��͈Y��t�L,���[���3`m�ª�I�F����;c��e6������{)��Y�Y�3aQ���]ŦƮU�k�v��3��C�&�Y��wDh��Y���p��;���|"2&�!J��l����%z�=�>��-���Q�=6�eV1���pђ���)cW���y�8�ϴ�Y<���nɡ!�NӾ���\����I0�E0U�%$ھ	#*��^}�}ww:0U#0���]^b]����e�S5�r0_UX0V0T�R�P�Nhttp://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l+`0^0\+0�Phttp://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0U�00U%�0
+0U��0
	*�H��
�(�xѴ�����
sX�8�ǽn�W��`�9iS�`��ط��Ke-؀ǃL���U��]z��62����S�x�-5��`:z;]�;{z�-a=*��b����p"ĨK`����O(s0Z���e���
���q�f����~� �w=;�x87u�SZ���|P�bU�x B.�O@1��DR�q%0���t��q�"
e��\� a��w�F�^4L~y*I_)Q�]�[�� ^����F�V��2�5��/�]�5�	�#�U��06�^����x ob��}�_�X7��>ZbP7�N~��4x5�)��Z���fEÕ~Ⱥ��;���QR��ݜ;"l�s��m��))L��ы��Ԋ�q�����.��K�@�~���Nx��EpsL�U��3�yѵ��1%��LVw�a!��2%;��f���1J�}ㄤ"���`����
|�!�mͶ�%Oo�Ґ۟g�8ْ>B�����A��e�NML`ICN�C0�q0�Y�3��k��I�0
	*�H��
0��10	UUS10U
Washington10URedmond10U
Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100
210930182225Z
300930183225Z0|10	UUS10U
Washington10URedmond10U
Microsoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100�"0
	*�H��
�0�
���L�r!y���$y�Ղ��ҩlNu��5W�lJ�⽹>`3�\O�f��SqZ�~JZ��6g�F#���w2��`}jR�D���Fk��v��P�D�q\Q17�
8n����&S|9azĪ�ri����6�5&dژ;�{3��[~��R���b%�j�]�S���VM�ݼ��㑏�9,Q��pi
�6-p�1�5(�㴇$��ɏ~�T��U�mh;�F��z)7���E�Fn�2��0\O,�b�͹⍈䖬J��q�[g`���=� �s}A�Fu��_4���� }~�ٞE߶r/�}_��۪~6�6L�+n�Q���s�M7t�4���G��|?Lۯ^����s=CN�39L��Bh.�QF�ѽjZas�g�^�(v�3rק ��
�co�6d�[���!]_0t���عP��a�65�G������k�\RQ]�%��Pzl�r�Rą��<�7�?x�E���^ڏ�riƮ{��>j�.����0��0	+�70#	+�7*�R�dĚ���<F5)��/�0U��]^b]����e�S5�r0\U U0S0Q+�7L�}0A0?+3http://www.microsoft.com/pkiops/Docs/Repository.htm0U%0
+0	+�7
SubCA0U�0U�0�0U#0��Vˏ�\bh�=��[�Κ�0VUO0M0K�I�G�Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0�>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
	*�H��
��U}�*��,g1$[�rK��o�\�>NGdx���=13�9��q6?�dl|�u9m�1��lѡ�"��fg:SMݘ��x�6.���V����i�	�{�jo�)�n�?Hu��m��m#T�xSu$W�ݟ�=��h�e��V����(U'�$�@���]='�@�8���)�ü�T�B�������j�BRu�6��as.,k{n?,	x鑲�[�I�t�쑀�=�J>f;O���2ٖ����t��Lro�u0�4�z�P�
X�@<�Tm�ctH,�NG-�q�d�$�smʎ	��WITd�s�[D�Z�k
��(�g($�8K�n�!TkjEG����^O���Lv�WT	�iD~|�als�
��Af=i��AI~~���;����>�1Q������{��p���(��6ںL���
�4�$5g+�
�挙��"��'B=%��tt[jў>�~�13}���{�8pDѐ�ȫ:�:b�pcSM��m��qj�U3X��pf�V0�>0���٤��0��10	UUS10U
Washington10URedmond10U
Microsoft Corporation1-0+U$Microsoft Ireland Operations Limited1'0%UnShield TSS ESN:521A-05E0-D9471%0#UMicrosoft Time-Stamp Service�#
0+���-�����/{.U�l�֎d���0���~0|10	UUS10U
Washington10URedmond10U
Microsoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100
	*�H��
�{
�0"20250311192930Z20250312192930Z0t0:
+�Y
1,0*0
�{
�0�0�0
�|_06
+�Y
1(0&0
+�Y
�
0� �
0��0
	*�H��
�=��+h��{ÖH:$�PK_�Ry)���X n�F�I�T~a�{^�	�ZaE�ja۝�>��4��m��~��Q��LQ%M~��F��p�u�e����,��J��n7�)��� �
�
l[=��p?��P��Ūu\�]1�lj�v֍wO�ȵ垃��]�8��M~6����N�kYx@8g*p_���`��W�-�p%��N�|K������W�j����m)�w���ZYq��k�.�<�1�
0�	0��0|10	UUS10U
Washington10URedmond10U
Microsoft Corporation1&0$UMicrosoft Time-Stamp PCA 20103ת*V0
	`�He��J0	*�H��
	1
*�H��
	0/	*�H��
	1" ���$i>�P|���o>�Abj���Ԍ���8��0��*�H��
	/1��0��0��0�� ����5�ۺ�MeW�_3h᥮F�H��JO�'0��0���~0|10	UUS10U
Washington10URedmond10U
Microsoft Corporation1&0$UMicrosoft Time-Stamp PCA 20103ת*V0" ��r{��\Ū��1,��8��b���s��0
	*�H��
�o��I�3���n+z�a{k���m��齘�D{�6-�q�	2K~}+��gV�#�uJ�a��3�v�{g��H� ��^�E����.pkdҡ��NGE�I�!C����V�𒃷����I��M���f#Z��Ыc��r��5z��ef�A�N[��Iΐ``׌���Q]��l~ĶtÖq�"��4�$�����eO�]�쥥y�>F�A�U'T��ڷ�/Ã�I�hr���Mt���R�!����U� ç���7UFU~-WySDc����f��E��z
߀���#��ݠ�x
��|�RZ��=I@Q.�.�f�O�P�t!=�f̀��8Sֳx�~���YP���G��OA<�u��� jJ���NXc�V�B��yf2�fR"�H��M�^V��p�Ŀ�P�#]p��U�i�v�^��r͊��� �Q�����y�F��l�Pyh��(��ah�-�-̾k=a����P�l�0/gM��i�;���]�k�Ɨ�a���{m�v���