<!--

- Trend Micro OSCE (Office Scan) decoders

- Author: Daniel Cid.

- Updated by Wazuh, Inc.

- Copyright (C) 2015-2020, Wazuh Inc.

- Copyright (C) 2009 Trend Micro Inc.

- This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2.

-->

<!--

- 20090716<;>948<;>TROJ_Generic.DIT<;>25<;>3<;>0<;>C:\Documents and Settings\Administrator\Desktop\HyperSnap 6.02.01_EN\HprSnap6Man.chm<;>

- 20090716<;>950<;>WORM_DOWNAD.A<;>1<;>3<;>0<;>C:\Documents and Settings\DCS_VM-ICRC-WFBS6\Local Settings\Temporary Internet Files\Content.IE5\9JK3DN67\sitb[1].jpg<;>

- 20090716<;>951<;>WORM_DOWNAD.A<;>1<;>3<;>0<;>C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\9JK3DN67\sitb[1].jpg<;>

- Date<;>Time<;>Virus name<;>Scan result<;>Scan type<;>Seen<;>Filename<;>

- We are only extracting the scan result right now.

-->

<decoder name="trend-osce">

<prematch>^20\d\d\d\d\d\d\<;></prematch>

<regex offset="after_prematch">^\d+\<;>\S+\<;>(\d+)\<;</regex>

<order>id</order>

</decoder>