MZ@ !L!This program cannot be run in DOS mode. $Rؕ3}3}3}H̴3}H̱3}Rich3}PEL!  P`]@N.rsrcPP@@( @Xp   HpZMUI6CE7h=#kago4 MUI en-US0&DD XXL ZZ PP X  X  | " ` 4% %(+- .. ,14 8(?hG''\HdEFS Service failed to start. Error code: %3. EFS service was unable to populate SID information. Error code: %3. EFS service was unable to determine the computer name. Error code: %3. EFS service was unable to initialize cache lock. Error code: %3. EFS service was unable to initialize the BCrypt Algorithm Provider. Error code: %3. EFS service was unable to query Software Licensing for the cache size. Error code: %3. EFS service was unable to open handle to the MS_DEF_PROV provider. Error code: %3. EFS service was unable to setup notifications from LSA. Error code: %3. EFS service was unable to initialize the recovery policy resource. Error code: %3. EFS service was unable process the recovery policy. Error code: %3. EFS service was unable to notify NTFS of its state. Error code: %3. EFS service was unable to setup group policy change notifications. Error code: %3. EFS service was unable to process active user sessions. Error code: %3. <A client attempted to call an EFS service API without privacy level authentication. Error code: %3. See https://go.microsoft.com/fwlink/?linkid=2181030. TMachine role cannot be determined. %1 lDefault group policy object cannot be created. %1 Error Warning Information 4Microsoft-Windows-EFS Application dAn API call failed at %1.%2. Error code: %3 xAn API call failed at %1.%2. Error code: %3, Data: %4 An API call failed at %1.%2. Error code: %3, Data: %4, %5 P%1.%2: Failed to allocate %3 bytes. EFS key promoted from current key. CertValidated: %1, cbHash: %2, pbHash: %3, ContainerName: %4, ProviderName: %5, DisplayInformation: %6, dwCapabilities: %7, bIsCurrentKey: %8, eKeyType: %9 EFS key demoted from current key. CertValidated: %1, cbHash: %2, pbHash: %3, ContainerName: %4, ProviderName: %5, DisplayInformation: %6, dwCapabilities: %7, bIsCurrentKey: %8, eKeyType: %9 |EFS key flushed from cache. CertValidated: %1, cbHash: %2, pbHash: %3, ContainerName: %4, ProviderName: %5, DisplayInformation: %6, dwCapabilities: %7, bIsCurrentKey: %8, eKeyType: %9 d%1.%2: The specified key is not valid for EFS X%1.%2: Attempt to create a new EFS key d%1.%2: A new EFS key was successfully created x%1.%2: Begin searching the MY store for a valid EFS key \%1.%2: Deleting currentkey from registry %1.%2: The EFS cert is self-signed, but self-signed certs are disabled by policy %1.%2: RSA is required by policy, but the key does not support RSA encryption %1.%2: MASTERKEY is required by policy, but the key does not support MASTERKEY encryption %1.%2: SMARTCARDS are required by policy, but the key is not SMARTCARD-based 4%1.%2: key is expired 0%1.%2: key is valid |%1.%2: try and locate the matching key based on cert hash d%1.%2: key successfully loaded from registry h%1.%2: try and locate the matching key in cache `%1.%2: trying to load the masterkey history H%1.%2: masterkey history loaded \%1.%2: failed to encrypt: SIS or HSM file %1.%2: Suite B is disabled by policy, but the key is a Suite B key %1.%2: Suite B is required by policy, but the key is not a Suite B key l%1.%2: releasing user cache object. Refcount: %3 `%1.%2: trying to stop cache polling thread T%1.%2: no decryption status in cache l%1.%2: found matching decryption status in cache `%1.%2: attempting to add key to user cache |EFS key added to user cache. CertValidated: %1, cbHash: %2, pbHash: %3, ContainerName: %4, ProviderName: %5, DisplayInformation: %6, dwCapabilities: %7, bIsCurrentKey: %8, eKeyType: %9 P%1.%2: ensuring user has cache node T%1.%2: found cache node in user info X%1.%2: found cache node in global cache X%1.%2: creating new cache node for user %1.%2: Policy settings specified flush on card removal. Starting the polling thread... %1.%2: Policy settings specified NO flush on timeout. Stopping the polling thread... %1.%2: Policy settings specified flush on timeout. Starting the polling thread... %1.%2: Policy settings specified new cache flush interval: %3. Stop polling (will restart if there are active user caches) D%1.%2: Polling thread stopped %1.%2: Flush cache specified by policy, and we have active user caches. Start polling. D%1.%2: Polling thread started x%1.%2: User logon detected. Beginning SSO processing. %1.%2: User logon detected, but is not smartcard-based. No SSO processing required. %1.%2: Smartcard notification detected. Beginning SSO processing. %1.%2: Smartcard notification detected, but the logon cert is already cached. No processing required. %1.%2: Current key matches the logon cert. Setting up the PIN cache. %1.%2: User does not yet have a current key. If smartcard is required by policy, the logon cert and PIN will be cached. %1.%2: Logon notification detected on DC. Beginning DRA install. %1.%2: user does not already have a cache: generating one now p%1.%2: generating pre-cache for PIN and logon cert %1.%2: tried to install logon cert, but it's not available (not a smartcard logon, or the smartcard was removed) \%1.%2: logon cert successfully installed P%1.%2: trying to install logon cert t%1.%2: User lock detected. Beginning SSO processing. x%1.%2: User logoff detected. Beginning SSO processing. H%1.%2: Flushing the user cache %1.%2: User has locked workstation, but policy says not to flush cache \%1.%2: Checking for expired cache entries d%1.%2: Expired certificate in recovery policy x%1.%2: Certificate in recovery policy is not yet valid T%1.%2: SL policy successfully updated P%1.%2: EFS is disabled by SL policy L%1.%2: EFS is not yet initialized 8%1.%2: EFS is disabled %1.%2: the data received by the API was too large. Expected: %3, Actual: %4 %1.%2: the data received by the API was too small. Expected: %3, Actual: %4 h%1.%2: POSSIBLE EFS ATTACK DETECTED: %3, %4, %5 \%1.%2: attempting to validate EFS stream @%1.%2: EFS stream validated DPIN prompt dialog has closed tPrompt the user to select a smartcard-based EFS cert Smartcard-based EFS cert successfully selected by the user 8Prompt the user for PIN XPIN successfully acquired from the user DPerfect match found in cache. LMasterkey history already loaded DCurrent key loaded from cache LCurrent key loaded from registry %1.%2: Masterkey history: failed size consistency check. %3, %4, %5 H%1.%2: Encrypted keys not equal x%1.%2: doing a REKEY, but the DDF entry already exists l%1.%2: replace operation added a DDF (unexpected) %1.%2: user is modifying a DDF entry not matching the PoP entry. Require WRITE_ATTRIBUTES %1.%2: user is modifying a DDF matching the PoP entry, or the DRF. Don't require WRITE_ATTRIBUTES %1.%2: UNEXPECTED condition: no ENCRYPTED_KEY for SC failure %1.%2: Plug-n-Play service not ready. EFS server will not try to detect interrupted encryption/decryption operation(s). %1.%2: Cannot open log file. Encryption/decryption operation(s) cannot be recovered. %1.%2: Cannot read log file. Encryption/decryption operation(s) cannot be recovered. %1.%2: A corrupted or different format log file has been found. No action was taken. %1.%2: The log file cannot be opened as non-cached IO. No action was taken. %1.%2: Interrupted encryption/decryption operation(s) found on a volume. Recovery procedure started. %1.%2: EFS recovery service cannot open the file %3. The interrupted encryption/decryption operation cannot be recovered. d%1.%2: EFS service recovered %3 successfully. %1.%2: EFS service could not open all the streams on file %3 The file was not recovered. %1.%2: %3 could not be recovered Completely. EFS driver may be missing. %1.%2: IO Error occurred during stream recovery. %3 was not recovered. %1.%2: EFS recovery service cannot open the backup file %3 by name. The interrupted encryption/decryption operation (on file %4) may be recovered. The backup file will not be deleted. User should delete the backup file if the recovery operation is done successfully. @%1.%2: %3 was opened by File ID successfully the first time but not the second time. No recovery operation was tried on file %4. This is an internal error. $%1.%2: EFS recovery service cannot get the backup file name. The interrupted encryption/decryption operation (on file %3) may be recovered. The temporary backup file %4 is not deleted. User should delete the backup file if the recovery operation is done successfully. t%1.%2: %3 could not be opened. %4 was not recovered. %1.%2: Stream Information could be got from %3. %4 was not recovered. %1.%2: EFS service could not open all the streams on file %3. %4 was not recovered. h%1.%2: EFS Service received logon notification. t%1.%2: User cache entry purged. Reference count: %3. %1.%2: All user cache entries purged. Reference count: %3. tEncrypting File System server ready to accept calls. 4VS_VERSION_INFOHO%HO%?StringFileInfo040904B0LCompanyNameMicrosoft CorporationJFileDescriptionEFS Core Library1FileVersion6.3.9600.20296 (winblue_ltsb_escrow.220207-1752)8 InternalNameEFSCORE.DLL.LegalCopyright Microsoft Corporation. All rights reserved.HOriginalFilenameEFSCORE.DLL.MUIj%ProductNameMicrosoft Windows Operating SystemBProductVersion6.3.9600.20296DVarFileInfo$Translation PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX