MZ@ !L!This program cannot be run in DOS mode. $<թRթRթRԩRPԩRRichթRPEd㛉W"  =` .rdatap@@.rsrc @@㛉W T.rdataT.rdata$zzzdbg .rsrc$01!.rsrc$02(@Xp   $r! WEVT_TEMPLATEMUI4VS_VERSION_INFO 98 98?StringFileInfo040904B0LCompanyNameMicrosoft CorporationTFileDescriptionEvent Resource Modulen'FileVersion4.10.14393.0 (rs1_release.160715-1616)8 InternalNameMpEvMsg.dll.LegalCopyright Microsoft Corporation. All rights reserved.@ OriginalFilenameMpEvMsg.dllj%ProductNameMicrosoft Windows Operating System> ProductVersion4.10.14393.0DVarFileInfo$Translation CRIMpN_߽,x$WEVTLp4@PCHANdMicrosoft-Windows-Windows Defender/OperationalTMicrosoft-Windows-Windows Defender/WHCTTBL,;TEMP3;U!2taiD EventDataACoData+KName Product Name AIoData1KNameProduct Version A]oDataEKNameCurrent Signature Version A_oDataGKNamePrevious Signature Version A7oDataKNameUnused A9oData!KNameUnused2 A9oData!KNameUnused3 A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID ASoData;KNameSignature Type Index AGoData/KNameSignature Type AMoData5KNameUpdate Type Index AAoData)KName Update Type AWoData?KNameCurrent Engine Version AYoDataAKNamePrevious Engine Version $\ 4 X    Product Name$Product Version8Current Signature Version<Previous Signature VersionUnusedUnused2Unused3DomainUser SID0Signature Type Index$Signature Type(Update Type IndexUpdate Type4Current Engine Version4Previous Engine VersionTEMP` UgKqD EventDataACoData+KName Product Name AIoData1KNameProduct Version A]oDataEKNameCurrent Signature Version A_oDataGKNamePrevious Signature Version AQoData9KNameUpdate Source Index AEoData-KName Update Source A7oDataKNameUnused A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID ASoData;KNameSignature Type Index AGoData/KNameSignature Type AMoData5KNameUpdate Type Index AAoData)KName Update Type AWoData?KNameCurrent Engine Version AYoDataAKNamePrevious Engine Version A?oData'KName Error Code AMoData5KNameError Description AOoData7KNameUpdate State Index ACoData+KName Update State AAoData)KName Source Path p(Tt 4P(H Product Name$Product Version8Current Signature Version<Previous Signature Version,Update Source Index Update SourceUnusedDomainUser SID0Signature Type Index$Signature Type(Update Type IndexUpdate Type4Current Engine Version4Previous Engine VersionError Code(Error Description,Update State Index Update StateSource PathTEMP]J^eVł?y4D EventDataACoData+KName Product Name AIoData1KNameProduct Version AWoData?KNameCurrent Engine Version AYoDataAKNamePrevious Engine Version A7oDataKNameUnused A9oData!KNameUnused2 A9oData!KNameUnused3 A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID A9oData!KNameUnused4 A9oData!KNameUnused5 AEoData-KName Feature Index ACoData+KName Feature Name  Th| Product Name$Product Version4Current Engine Version4Previous Engine VersionUnusedUnused2Unused3DomainUser SIDUnused4Unused5 Feature Index Feature NameTEMPx !76W ı#.YD EventDataACoData+KName Product Name AIoData1KNameProduct Version AWoData?KNameCurrent Engine Version AYoDataAKNamePrevious Engine Version A7oDataKNameUnused A9oData!KNameUnused2 A9oData!KNameUnused3 A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID A?oData'KName Error Code AMoData5KNameError Description AOoData7KNameUpdate State Index ACoData+KName Update State !!!"<"P"d"x""""""# Product Name$Product Version4Current Engine Version4Previous Engine VersionUnusedUnused2Unused3DomainUser SIDError Code(Error Description,Update State Index Update StateTEMP &R^~?ND EventDataACoData+KName Product Name AIoData1KNameProduct Version A_oDataGKNameSignatures Attempted Index ASoData;KNameSignatures Attempted A?oData'KName Error Code AMoData5KNameError Description A7oDataKNameUnused A9oData!KNameUnused2 A]oDataEKNameLoading signature version AWoData?KNameLoading engine version '''(4(P(x(((( Product Name$Product Version<Signatures Attempted Index0Signatures AttemptedError Code(Error DescriptionUnusedUnused28Loading signature version4Loading engine versionTEMPp82KՕ&TMkD EventDataACoData+KName Product Name AIoData1KNameProduct Version A]oDataEKNameCurrent Signature Version A7oDataKNameUnused A9oData!KNameUnused2 A9oData!KNameUnused3 A9oData!KNameUnused4 A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID ASoData;KNameSignature Type Index AGoData/KNameSignature Type A9oData!KNameUnused5 A9oData!KNameUnused6 AWoData?KNameCurrent Engine Version A9oData!KNameUnused7 A9oData!KNameUnused8 A9oData!KNameUnused9 A;oData#KNameUnused10 A;oData#KNameUnused11 A;oData#KNameUnused12 AcoDataKKNameDynamic Signature Type Index AWoData?KNameDynamic Signature Type AKoData3KNamePersistence Path A]oDataEKNameDynamic Signature Version AyoDataaKName'Dynamic Signature Compilation Timestamp AcoDataKKNamePersistence Limit Type Index AWoData?KNamePersistence Limit Type AYoDataAKNamePersistence Limit Value |4444 5 545H5\5l5x55555(6<6P6d6|6666 7H7778H8 Product Name$Product Version8Current Signature VersionUnusedUnused2Unused3Unused4DomainUser SID0Signature Type Index$Signature TypeUnused5Unused64Current Engine VersionUnused7Unused8Unused9Unused10Unused11Unused12@Dynamic Signature Type Index4Dynamic Signature Type(Persistence Path8Dynamic Signature VersionTDynamic Signature Compilation Timestamp@Persistence Limit Type Index4Persistence Limit Type4Persistence Limit ValueTEMP\B\'I$OX]xD D EventDataACoData+KName Product Name AIoData1KNameProduct Version A]oDataEKNameCurrent Signature Version A7oDataKNameUnused A9oData!KNameUnused2 A9oData!KNameUnused3 A9oData!KNameUnused4 A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID ASoData;KNameSignature Type Index AGoData/KNameSignature Type A9oData!KNameUnused5 A9oData!KNameUnused6 AWoData?KNameCurrent Engine Version A9oData!KNameUnused7 A9oData!KNameUnused8 A9oData!KNameUnused9 A;oData#KNameUnused10 A;oData#KNameUnused11 A;oData#KNameUnused12 AcoDataKKNameDynamic Signature Type Index AWoData?KNameDynamic Signature Type AKoData3KNamePersistence Path A]oDataEKNameDynamic Signature Version AyoDataaKName'Dynamic Signature Compilation Timestamp AcoDataKKNamePersistence Limit Type Index AWoData?KNamePersistence Limit Type AYoDataAKNamePersistence Limit Value ASoData;KNameRemoval Reason Index ASoData;KNameRemoval Reason Value DD EDEXElEEEEEEEF,F@FtFFFFFFF8GlGGG H`HHHH Product Name$Product Version8Current Signature VersionUnusedUnused2Unused3Unused4DomainUser SID0Signature Type Index$Signature TypeUnused5Unused64Current Engine VersionUnused7Unused8Unused9Unused10Unused11Unused12@Dynamic Signature Type Index4Dynamic Signature Type(Persistence Path8Dynamic Signature VersionTDynamic Signature Compilation Timestamp@Persistence Limit Type Index4Persistence Limit Type4Persistence Limit Value0Removal Reason Index0Removal Reason ValueTEMPlRʡ97_$S9 D EventDataACoData+KName Product Name AIoData1KNameProduct Version A]oDataEKNameCurrent Signature Version A7oDataKNameUnused A9oData!KNameUnused2 A9oData!KNameUnused3 A9oData!KNameUnused4 A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID ASoData;KNameSignature Type Index AGoData/KNameSignature Type A9oData!KNameUnused5 A9oData!KNameUnused6 AWoData?KNameCurrent Engine Version A9oData!KNameUnused7 A?oData'KName Error Code AMoData5KNameError Description A9oData!KNameUnused8 A9oData!KNameUnused9 A;oData#KNameUnused10 AcoDataKKNameDynamic Signature Type Index AWoData?KNameDynamic Signature Type AKoData3KNamePersistence Path A]oDataEKNameDynamic Signature Version AyoDataaKName'Dynamic Signature Compilation Timestamp AcoDataKKNamePersistence Limit Type Index AWoData?KNamePersistence Limit Type AYoDataAKNamePersistence Limit Value TTT,U@UTUhU|UUUUUVV(V\VpVVVVVV4WhWWWX\XX Product Name$Product Version8Current Signature VersionUnusedUnused2Unused3Unused4DomainUser SID0Signature Type Index$Signature TypeUnused5Unused64Current Engine VersionUnused7Error Code(Error DescriptionUnused8Unused9Unused10@Dynamic Signature Type Index4Dynamic Signature Type(Persistence Path8Dynamic Signature VersionTDynamic Signature Compilation Timestamp@Persistence Limit Type Index4Persistence Limit Type4Persistence Limit ValueTEMPXD]DһUl4:LD EventDataACoData+KName Product Name AIoData1KNameProduct Version A]oDataEKNameCurrent Signature Version A7oDataKNameUnused A9oData!KNameUnused2 A9oData!KNameUnused3 A9oData!KNameUnused4 A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID ASoData;KNameSignature Type Index AGoData/KNameSignature Type A9oData!KNameUnused5 A9oData!KNameUnused6 AWoData?KNameCurrent Engine Version p^^^^__(_<_P_`_l_____ Product Name$Product Version8Current Signature VersionUnusedUnused2Unused3Unused4DomainUser SID0Signature Type Index$Signature TypeUnused5Unused64Current Engine VersionTEMPHbuS$^ěY.D EventDataACoData+KName Product Name AIoData1KNameProduct Version A7oDataKNameUnused A;oData#KNameFilename A]oDataEKNameCurrent Signature Version AWoData?KNameCurrent Engine Version bbcc0chc Product Name$Product VersionUnusedFilename8Current Signature Version4Current Engine VersionTEMP`fW\e(D EventDataACoData+KName Product Name AIoData1KNameProduct Version A7oDataKNameUnused A;oData#KNameFilename A]oDataEKNameCurrent Signature Version AWoData?KNameCurrent Engine Version A?oData'KName Error Code AMoData5KNameError Description g gDgXgpgggg Product Name$Product VersionUnusedFilename8Current Signature Version4Current Engine VersionError Code(Error DescriptionTEMPHiЂATQ"lD EventDataACoData+KName Product Name AIoData1KNameProduct Version A7oDataKNameUnused iii Product Name$Product VersionUnusedTEMPkOUW'D EventDataACoData+KName Product Name AIoData1KNameProduct Version A7oDataKNameUnused A?oData'KName Error Code AMoData5KNameError Description l lDlXltl Product Name$Product VersionUnusedError Code(Error DescriptionTEMPmЂATQ"lD EventDataACoData+KName Product Name AIoData1KNameProduct Version A7oDataKNameUnused n nDn Product Name$Product VersionUnusedTEMPT@o<+p!Y4pN^D EventDataACoData+KName Product Name AIoData1KNameProduct Version hoo Product Name$Product VersionTEMPlqOUW'D EventDataACoData+KName Product Name AIoData1KNameProduct Version A7oDataKNameUnused A?oData'KName Error Code AMoData5KNameError Description qqr(rDr Product Name$Product VersionUnusedError Code(Error DescriptionTEMPsj\cY{t&&ZD EventDataACoData+KName Product Name A7oDataKNameUnused A9oData!KNameUnused2 sss Product NameUnusedUnused2TEMP uj\cY{t&&ZD EventDataACoData+KName Product Name A7oDataKNameUnused A9oData!KNameUnused2 \u|uu Product NameUnusedUnused2TEMPvj\cY{t&&ZD EventDataACoData+KName Product Name A7oDataKNameUnused A9oData!KNameUnused2 vw,w Product NameUnusedUnused2TEMP(xnT:rP[/4D EventDataACoData+KName Product Name AIoData1KNameProduct Version A;oData#KNameFilename A7oDataKNameSha256 xyWkf`OHD EventDataACoData+KName Product Name AIoData1KNameProduct Version ACoData+KName Detection ID AWoData?KNameDetection Source Index AKoData3KNameDetection Source A7oDataKNameUnused ACoData+KName Process Name A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID AAoData)KName Threat Name A=oData%KName Threat ID AAoData)KName Severity ID AAoData)KName Category ID A7oDataKNameFWLink A?oData'KName Path Found AWoData?KNameDetection Origin Index AKoData3KNameDetection Origin AWoData?KNameExecution Status Index AKoData3KNameExecution Status ASoData;KNameDetection Type Index AGoData/KNameDetection Type A9oData!KNameUnused2 A9oData!KNameUnused3 AEoData-KName Severity Name AEoData-KName Category Name AMoData5KNameSignature Version AGoData/KNameEngine Version 0TtЩ(4PhЪ,`ܫ$Dl Product Name$Product Version Detection ID4Detection Source Index(Detection SourceUnused Process NameDomainUser SIDThreat NameThreat IDSeverity IDCategory IDFWLinkPath Found4Detection Origin Index(Detection Origin4Execution Status Index(Execution Status0Detection Type Index$Detection TypeUnused2Unused3 Severity Name Category Name(Signature Version$Engine VersionTEMP Hp ZeD EventDataACoData+KName Product Name AIoData1KNameProduct Version ACoData+KName Detection ID A7oDataKNameUnused A9oData!KNameUnused2 AAoData)KName Status Code AOoData7KNameStatus Description A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID AAoData)KName Threat Name A=oData%KName Threat ID AAoData)KName Severity ID AAoData)KName Category ID A7oDataKNameFWLink A3oDataKNamePath A9oData!KNameUnused3 A9oData!KNameUnused4 AUoData=KNameCleaning Action Index AIoData1KNameCleaning Action A9oData!KNameUnused5 A9oData!KNameUnused6 A9oData!KNameUnused7 A9oData!KNameUnused8 AEoData-KName Severity Name AEoData-KName Category Name AMoData5KNameSignature Version AGoData/KNameEngine Version ض0D`ط (<L`tȸܸ8X Product Name$Product Version Detection IDUnusedUnused2Status Code,Status DescriptionDomainUser SIDThreat NameThreat IDSeverity IDCategory IDFWLinkPathUnused3Unused40Cleaning Action Index$Cleaning ActionUnused5Unused6Unused7Unused8 Severity Name Category Name(Signature Version$Engine VersionTEMPL  `ϭ ^cǁQD EventDataACoData+KName Product Name AIoData1KNameProduct Version ACoData+KName Detection ID A7oDataKNameUnused A9oData!KNameUnused2 AAoData)KName Status Code AOoData7KNameStatus Description A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID AAoData)KName Threat Name A=oData%KName Threat ID AAoData)KName Severity ID AAoData)KName Category ID A7oDataKNameFWLink A3oDataKNamePath A9oData!KNameUnused3 A9oData!KNameUnused4 AUoData=KNameCleaning Action Index AIoData1KNameCleaning Action A?oData'KName Error Code AMoData5KNameError Description A9oData!KNameUnused5 A9oData!KNameUnused6 AEoData-KName Severity Name AEoData-KName Category Name AMoData5KNameSignature Version AGoData/KNameEngine Version ,L`t <Xl|<Pd Product Name$Product Version Detection IDUnusedUnused2Status Code,Status DescriptionDomainUser SIDThreat NameThreat IDSeverity IDCategory IDFWLinkPathUnused3Unused40Cleaning Action Index$Cleaning ActionError Code(Error DescriptionUnused5Unused6 Severity Name Category Name(Signature Version$Engine VersionTEMP m kUE.nxD EventDataACoData+KName Product Name AIoData1KNameProduct Version A7oDataKNameUnused A9oData!KNameUnused2 A9oData!KNameUnused3 A9oData!KNameUnused4 A9oData!KNameUnused5 A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID AAoData)KName Threat Name A=oData%KName Threat ID AAoData)KName Severity ID AAoData)KName Category ID A7oDataKNameFWLink A3oDataKNamePath A9oData!KNameUnused6 A9oData!KNameUnused7 A9oData!KNameUnused8 A9oData!KNameUnused9 A;oData#KNameUnused10 A;oData#KNameUnused11 A;oData#KNameUnused12 A;oData#KNameUnused13 AEoData-KName Severity Name AEoData-KName Category Name AMoData5KNameSignature Version AGoData/KNameEngine Version $8L`t$4H\p$L Product Name$Product VersionUnusedUnused2Unused3Unused4Unused5DomainUser SIDThreat NameThreat IDSeverity IDCategory IDFWLinkPathUnused6Unused7Unused8Unused9Unused10Unused11Unused12Unused13 Severity Name Category Name(Signature Version$Engine VersionTEMP 4c'NU6`rhf>D EventDataACoData+KName Product Name AIoData1KNameProduct Version A?oData'KName Error Code AMoData5KNameError Description A7oDataKNameUnused A9oData!KNameUnused2 A9oData!KNameUnused3 A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID AAoData)KName Threat Name A=oData%KName Threat ID AAoData)KName Severity ID AAoData)KName Category ID A7oDataKNameFWLink A3oDataKNamePath A9oData!KNameUnused4 A9oData!KNameUnused5 A9oData!KNameUnused6 A9oData!KNameUnused7 A9oData!KNameUnused8 A9oData!KNameUnused9 A;oData#KNameUnused10 A;oData#KNameUnused11 AEoData-KName Severity Name AEoData-KName Category Name AMoData5KNameSignature Version AGoData/KNameEngine Version d(<LXt$8L`x Product Name$Product VersionError Code(Error DescriptionUnusedUnused2Unused3DomainUser SIDThreat NameThreat IDSeverity IDCategory IDFWLinkPathUnused4Unused5Unused6Unused7Unused8Unused9Unused10Unused11 Severity Name Category Name(Signature Version$Engine VersionTEMP m kUE.nxD EventDataACoData+KName Product Name AIoData1KNameProduct Version A7oDataKNameUnused A9oData!KNameUnused2 A9oData!KNameUnused3 A9oData!KNameUnused4 A9oData!KNameUnused5 A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID AAoData)KName Threat Name A=oData%KName Threat ID AAoData)KName Severity ID AAoData)KName Category ID A7oDataKNameFWLink A3oDataKNamePath A9oData!KNameUnused6 A9oData!KNameUnused7 A9oData!KNameUnused8 A9oData!KNameUnused9 A;oData#KNameUnused10 A;oData#KNameUnused11 A;oData#KNameUnused12 A;oData#KNameUnused13 AEoData-KName Severity Name AEoData-KName Category Name AMoData5KNameSignature Version AGoData/KNameEngine Version <Pdx <P`t0Px Product Name$Product VersionUnusedUnused2Unused3Unused4Unused5DomainUser SIDThreat NameThreat IDSeverity IDCategory IDFWLinkPathUnused6Unused7Unused8Unused9Unused10Unused11Unused12Unused13 Severity Name Category Name(Signature Version$Engine VersionTEMP `c'NU6`rhf>D EventDataACoData+KName Product Name AIoData1KNameProduct Version A?oData'KName Error Code AMoData5KNameError Description A7oDataKNameUnused A9oData!KNameUnused2 A9oData!KNameUnused3 A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID AAoData)KName Threat Name A=oData%KName Threat ID AAoData)KName Severity ID AAoData)KName Category ID A7oDataKNameFWLink A3oDataKNamePath A9oData!KNameUnused4 A9oData!KNameUnused5 A9oData!KNameUnused6 A9oData!KNameUnused7 A9oData!KNameUnused8 A9oData!KNameUnused9 A;oData#KNameUnused10 A;oData#KNameUnused11 AEoData-KName Severity Name AEoData-KName Category Name AMoData5KNameSignature Version AGoData/KNameEngine Version ,@Thx(<Pdx$ Product Name$Product VersionError Code(Error DescriptionUnusedUnused2Unused3DomainUser SIDThreat NameThreat IDSeverity IDCategory IDFWLinkPathUnused4Unused5Unused6Unused7Unused8Unused9Unused10Unused11 Severity Name Category Name(Signature Version$Engine VersionTEMP $K4?y{X0G3D EventDataACoData+KName Product Name AIoData1KNameProduct Version A=oData%KName Timestamp A7oDataKNameUnused A9oData!KNameUnused2 A9oData!KNameUnused3 A9oData!KNameUnused4 A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID  0H\p Product Name$Product VersionTimestampUnusedUnused2Unused3Unused4DomainUser SIDTEMP 1Z+6D EventDataACoData+KName Product Name AIoData1KNameProduct Version A=oData%KName Timestamp A?oData'KName Error Code AMoData5KNameError Description A7oDataKNameUnused A9oData!KNameUnused2 A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID $8L`p Product Name$Product VersionTimestampError Code(Error DescriptionUnusedUnused2DomainUser SIDTEMP%%  K^nS,c D EventDataACoData+KName Product Name AIoData1KNameProduct Version ACoData+KName Detection ID AWoData?KNameDetection Source Index AKoData3KNameDetection Source A7oDataKNameUnused ACoData+KName Process Name A7oDataKNameDomain A3oDataKNameUser A1oDataKNameSID AAoData)KName Threat Name A=oData%KName Threat ID AAoData)KName Severity ID AAoData)KName Category ID A7oDataKNameFWLink A?oData'KName Path Found AWoData?KNameDetection Origin Index AKoData3KNameDetection Origin AWoData?KNameExecution Status Index AKoData3KNameExecution Status ASoData;KNameDetection Type Index AGoData/KNameDetection Type A9oData!KNameUnused2 A9oData!KNameUnused3 AEoData-KName Severity Name AEoData-KName Category Name AMoData5KNameSignature Version AGoData/KNameEngine Version A?oData'KName Process ID ACoData+KName Signature ID AEoData-KName FidelityValue AEoData-KName FidelityLabel AIoData1KNameImage File Hash A9oData!KNameUnused4 !A9oData!KNameUnused5 "AGoData/KNameTargetFileName #AGoData/KNameTargetFileHash $p0Ddx0d<Pd ,Ll Product Name$Product Version Detection ID4Detection Source Index(Detection SourceUnused Process NameDomainUser SIDThreat NameThreat IDSeverity IDCategory IDFWLinkPath Found4Detection Origin Index(Detection Origin4Execution Status Index(Execution Status0Detection Type Index$Detection TypeUnused2Unused3 Severity Name Category Name(Signature Version$Engine VersionProcess ID Signature ID FidelityValue FidelityLabel$Image File HashUnused4Unused5$TargetFileName$TargetFileHashTEMP**X!$^5*$ D EventDataACoData+KName Product Name AIoData1KNameProduct Version ACoData+KName Detection ID AGoData/KNameDetection Time A7oDataKNameUnused A9oData!KNameUnused2 A=oData%KName Threat ID AAoData)KName Threat Name AAoData)KName Severity ID AEoData-KName Severity Name AAoData)KName Category ID AEoData-KName Category Name A7oDataKNameFWLink AAoData)KName Status Code AOoData7KNameStatus Description A5oDataKNameState A=oData%KName Source ID AAoData)KName Source Name ACoData+KName Process Name AGoData/KNameDetection User A9oData!KNameUnused3 A3oDataKNamePath A=oData%KName Origin ID AAoData)KName Origin Name ACoData+KName Execution ID AGoData/KNameExecution Name A9oData!KNameType ID A=oData%KName Type Name ASoData;KNamePre Execution Status A=oData%KName Action ID AAoData)KName Action Name A9oData!KNameUnused4 A?oData'KName Error Code AMoData5KNameError Description !A9oData!KNameUnused5 "AMoData5KNamePost Clean Status #AUoData=KNameAdditional Actions ID $A]oDataEKNameAdditional Actions String %AKoData3KNameRemediation User &A9oData!KNameUnused6 'AMoData5KNameSignature Version (AGoData/KNameEngine Version )$$$%(%<%P%h%%%%%%&,&X&h&&&&&&''8'X'|''''' ( (<(d(x((()0)D)l) Product Name$Product Version Detection ID$Detection TimeUnusedUnused2Threat IDThreat NameSeverity ID Severity NameCategory ID Category NameFWLinkStatus Code,Status DescriptionStateSource IDSource Name Process Name$Detection UserUnused3PathOrigin IDOrigin Name Execution ID$Execution NameType IDType Name0Pre Execution StatusAction IDAction NameUnused4Error Code(Error DescriptionUnused5(Post Clean Status0Additional Actions ID8Additional Actions String(Remediation UserUnused6(Signature Version$Engine VersionTEMP**5$^5*$ D EventDataACoData+KName Product Name AIoData1KNameProduct Version ACoData+KName Detection ID AGoData/KNameDetection Time A7oDataKNameUnused A9oData!KNameUnused2 A=oData%KName Threat ID AAoData)KName Threat Name AAoData)KName Severity ID AEoData-KName Severity Name AAoData)KName Category ID AEoData-KName Category Name A7oDataKNameFWLink AAoData)KName Status Code AOoData7KNameStatus Description A5oDataKNameState A=oData%KName Source ID AAoData)KName Source Name ACoData+KName Process Name AGoData/KNameDetection User A9oData!KNameUnused3 A3oDataKNamePath A=oData%KName Origin ID AAoData)KName Origin Name ACoData+KName Execution ID AGoData/KNameExecution Name A9oData!KNameType ID A=oData%KName Type Name ASoData;KNamePre Execution Status A=oData%KName Action ID AAoData)KName Action Name A9oData!KNameUnused4 A?oData'KName Error Code AMoData5KNameError Description !A9oData!KNameUnused5 "AMoData5KNamePost Clean Status #AUoData=KNameAdditional Actions ID $A]oDataEKNameAdditional Actions String %AKoData3KNameRemediation User &A9oData!KNameUnused6 'AMoData5KNameSignature Version (AGoData/KNameEngine Version )09P9t999999:0:P:l::::::;,;L;p;;;;;; < <8<h<<<<<<=0=`===== Product Name$Product Version Detection ID$Detection TimeUnusedUnused2Threat IDThreat NameSeverity ID Severity NameCategory ID Category NameFWLinkStatus Code,Status DescriptionStateSource IDSource Name Process Name$Detection UserUnused3PathOrigin IDOrigin Name Execution ID$Execution NameType IDType Name0Pre Execution StatusAction IDAction NameUnused4Error Code(Error DescriptionUnused5(Post Clean Status0Additional Actions ID8Additional Actions String(Remediation UserUnused6(Signature Version$Engine VersionTEMP**xJ$^5*$ D EventDataACoData+KName Product Name AIoData1KNameProduct Version ACoData+KName Detection ID AGoData/KNameDetection Time A7oDataKNameUnused A9oData!KNameUnused2 A=oData%KName Threat ID AAoData)KName Threat Name AAoData)KName Severity ID AEoData-KName Severity Name AAoData)KName Category ID AEoData-KName Category Name A7oDataKNameFWLink AAoData)KName Status Code AOoData7KNameStatus Description A5oDataKNameState A=oData%KName Source ID AAoData)KName Source Name ACoData+KName Process Name AGoData/KNameDetection User A9oData!KNameUnused3 A3oDataKNamePath A=oData%KName Origin ID AAoData)KName Origin Name ACoData+KName Execution ID AGoData/KNameExecution Name A9oData!KNameType ID A=oData%KName Type Name ASoData;KNamePre Execution Status A=oData%KName Action ID AAoData)KName Action Name A9oData!KNameUnused4 A?oData'KName Error Code AMoData5KNameError Description !A9oData!KNameUnused5 "AMoData5KNamePost Clean Status #AUoData=KNameAdditional Actions ID $A]oDataEKNameAdditional Actions String %AKoData3KNameRemediation User &A9oData!KNameUnused6 'AMoData5KNameSignature Version (AGoData/KNameEngine Version )MMN$NHN\NpNNNNNNO0OLOxOOOOOPP$PD EventDataACoData+KName Product Name AIoData1KNameProduct Version A9oData!KNameUnused3 AMoData5KNameExpiration Reason AUoData=KNameExpiration Date (UTC) A?oData'KName Error Code AMoData5KNameError Description (<d Product Name$Product VersionUnused3(Expiration Reason0Expiration Date (UTC)Error Code(Error DescriptionTEMPlh@hV]*@%C`D EventDataA?oData'KName hc_stateid hc_stateidOPCOLEVLPأPP win:Errorwin:Warning(win:InformationalTASKKEYWEVNT ;e@eآ\}̣܂̣|ṭḷdḍ̣p̣Ḥ|\\]])̣^^ >̣__R``@g̣jjj~~lo|̣ ḍ(8# hil )̣|8̣(IX̣`̣cXṇolrtu@ẉhy    ć̣@̣̣̣̣Ḷ̣P̣̣ >w<-qqּ4:oޝvDf* WEVT_TEMPLATEMUIMUI en-US