069b31cb7f9054647b684da4fc5263fa690e32d75729ec6b5c808b0c532b9628

General

Target

EventCleaner.exe
Size

219KB
MD5

9353ed7c3ba8e2417ce2664ae7afac16
SHA1

05699a2a2792795db1d8f59273172ad80bdc8b06
SHA256

069b31cb7f9054647b684da4fc5263fa690e32d75729ec6b5c808b0c532b9628
SHA512

cb456c14c9ef6f49a92c989668bedb423e4020b761e627c4d67f90e855e9385d58cf0d1e024a0c728126cccdad2836615d23cd3011a8447470482ca939795262
SSDEEP

6144:Qtzsb5Uh28+V1WW69B9VjMdxPedN9ug0z9TB9SmDqzW:QtzE5elwLz9TrVeW

Score

9^/10

evasion ransomware

Malware Config

Signatures

Clears Windows event logs 1 TTPs 64 IoCs

evasion ransomware

Indicator Removal

T1070

Processes:

wevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exe

pid	process
4400	wevtutil.exe
2716	wevtutil.exe
3436	wevtutil.exe
1036
4376	wevtutil.exe
1528	wevtutil.exe
1832	wevtutil.exe
3512	wevtutil.exe
3504	wevtutil.exe
4736	wevtutil.exe
3900	wevtutil.exe
3384
4952	wevtutil.exe
1232	wevtutil.exe
4872	wevtutil.exe
3284	wevtutil.exe
3804	wevtutil.exe
3880	wevtutil.exe
4612
4488	wevtutil.exe
2304	wevtutil.exe
1000	wevtutil.exe
4872	wevtutil.exe
1368	wevtutil.exe
1212	wevtutil.exe
3920	wevtutil.exe
2488	wevtutil.exe
4708	wevtutil.exe
1856	wevtutil.exe
3920	wevtutil.exe
2772	wevtutil.exe
820	wevtutil.exe
3416
3504	wevtutil.exe
1440	wevtutil.exe
4936	wevtutil.exe
1832	wevtutil.exe
4540
1392
4472	wevtutil.exe
4336
4696	wevtutil.exe
4672	wevtutil.exe
3836	wevtutil.exe
3948
4472	wevtutil.exe
32	wevtutil.exe
4104	wevtutil.exe
4080	wevtutil.exe
1952	wevtutil.exe
2380	wevtutil.exe
1960	wevtutil.exe
364	wevtutil.exe
4280	wevtutil.exe
2876	wevtutil.exe
3172
4920	wevtutil.exe
2344	wevtutil.exe
4168	wevtutil.exe
3464	wevtutil.exe
4904	wevtutil.exe
4560	wevtutil.exe
4168	wevtutil.exe
4356	wevtutil.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

wevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exe

description	pid	process
Token: SeSecurityPrivilege	1932	wevtutil.exe
Token: SeBackupPrivilege	1932	wevtutil.exe
Token: SeSecurityPrivilege	3548	wevtutil.exe
Token: SeBackupPrivilege	3548	wevtutil.exe
Token: SeSecurityPrivilege	2772	wevtutil.exe
Token: SeBackupPrivilege	2772	wevtutil.exe
Token: SeSecurityPrivilege	4256	wevtutil.exe
Token: SeBackupPrivilege	4256	wevtutil.exe
Token: SeSecurityPrivilege	1408	wevtutil.exe
Token: SeBackupPrivilege	1408	wevtutil.exe
Token: SeSecurityPrivilege	4168	wevtutil.exe
Token: SeBackupPrivilege	4168	wevtutil.exe
Token: SeSecurityPrivilege	4440	wevtutil.exe
Token: SeBackupPrivilege	4440	wevtutil.exe
Token: SeSecurityPrivilege	3876	wevtutil.exe
Token: SeBackupPrivilege	3876	wevtutil.exe
Token: SeSecurityPrivilege	3604	wevtutil.exe
Token: SeBackupPrivilege	3604	wevtutil.exe
Token: SeSecurityPrivilege	4672	wevtutil.exe
Token: SeBackupPrivilege	4672	wevtutil.exe
Token: SeSecurityPrivilege	4708	wevtutil.exe
Token: SeBackupPrivilege	4708	wevtutil.exe
Token: SeSecurityPrivilege	4056	wevtutil.exe
Token: SeBackupPrivilege	4056	wevtutil.exe
Token: SeSecurityPrivilege	512	wevtutil.exe
Token: SeBackupPrivilege	512	wevtutil.exe
Token: SeSecurityPrivilege	3920	wevtutil.exe
Token: SeBackupPrivilege	3920	wevtutil.exe
Token: SeSecurityPrivilege	2492	wevtutil.exe
Token: SeBackupPrivilege	2492	wevtutil.exe
Token: SeSecurityPrivilege	5064	wevtutil.exe
Token: SeBackupPrivilege	5064	wevtutil.exe
Token: SeSecurityPrivilege	1008	wevtutil.exe
Token: SeBackupPrivilege	1008	wevtutil.exe
Token: SeSecurityPrivilege	3048	wevtutil.exe
Token: SeBackupPrivilege	3048	wevtutil.exe
Token: SeSecurityPrivilege	3036	wevtutil.exe
Token: SeBackupPrivilege	3036	wevtutil.exe
Token: SeSecurityPrivilege	4952	wevtutil.exe
Token: SeBackupPrivilege	4952	wevtutil.exe
Token: SeSecurityPrivilege	2224	wevtutil.exe
Token: SeBackupPrivilege	2224	wevtutil.exe
Token: SeSecurityPrivilege	5112	wevtutil.exe
Token: SeBackupPrivilege	5112	wevtutil.exe
Token: SeSecurityPrivilege	1212	wevtutil.exe
Token: SeBackupPrivilege	1212	wevtutil.exe
Token: SeSecurityPrivilege	3584	wevtutil.exe
Token: SeBackupPrivilege	3584	wevtutil.exe
Token: SeSecurityPrivilege	1444	wevtutil.exe
Token: SeBackupPrivilege	1444	wevtutil.exe
Token: SeSecurityPrivilege	1864	wevtutil.exe
Token: SeBackupPrivilege	1864	wevtutil.exe
Token: SeSecurityPrivilege	1952	wevtutil.exe
Token: SeBackupPrivilege	1952	wevtutil.exe
Token: SeSecurityPrivilege	1984	wevtutil.exe
Token: SeBackupPrivilege	1984	wevtutil.exe
Token: SeSecurityPrivilege	4104	wevtutil.exe
Token: SeBackupPrivilege	4104	wevtutil.exe
Token: SeSecurityPrivilege	4164	wevtutil.exe
Token: SeBackupPrivilege	4164	wevtutil.exe
Token: SeSecurityPrivilege	4564	wevtutil.exe
Token: SeBackupPrivilege	4564	wevtutil.exe
Token: SeSecurityPrivilege	3800	wevtutil.exe
Token: SeBackupPrivilege	3800	wevtutil.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

EventCleaner.execmd.execmd.execmd.exe

description	pid	process	target process
PID 1312 wrote to memory of 1364	1312	EventCleaner.exe	cmd.exe
PID 1312 wrote to memory of 1364	1312	EventCleaner.exe	cmd.exe
PID 1364 wrote to memory of 5060	1364	cmd.exe	cmd.exe
PID 1364 wrote to memory of 5060	1364	cmd.exe	cmd.exe
PID 5060 wrote to memory of 460	5060	cmd.exe	bcdedit.exe
PID 5060 wrote to memory of 460	5060	cmd.exe	bcdedit.exe
PID 1364 wrote to memory of 4576	1364	cmd.exe	cmd.exe
PID 1364 wrote to memory of 4576	1364	cmd.exe	cmd.exe
PID 4576 wrote to memory of 1932	4576	cmd.exe	wevtutil.exe
PID 4576 wrote to memory of 1932	4576	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 3548	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 3548	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 2772	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 2772	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 4256	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 4256	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 1408	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 1408	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 4168	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 4168	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 4440	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 4440	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 3876	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 3876	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 3604	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 3604	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 4672	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 4672	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 4708	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 4708	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 4056	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 4056	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 512	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 512	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 3920	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 3920	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 2492	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 2492	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 5064	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 5064	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 1008	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 1008	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 3048	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 3048	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 3036	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 3036	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 4952	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 4952	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 2224	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 2224	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 5112	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 5112	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 1212	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 1212	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 3584	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 3584	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 1444	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 1444	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 1864	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 1864	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 1952	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 1952	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 1984	1364	cmd.exe	wevtutil.exe
PID 1364 wrote to memory of 1984	1364	cmd.exe	wevtutil.exe

C:\Users\Admin\AppData\Local\Temp\EventCleaner.exe
"C:\Users\Admin\AppData\Local\Temp\EventCleaner.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1312

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\E213.tmp\E214.tmp\E215.bat C:\Users\Admin\AppData\Local\Temp\EventCleaner.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:1364

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bcdedit
3⤵
- Suspicious use of WriteProcessMemory
PID:5060

C:\Windows\system32\bcdedit.exe
bcdedit
4⤵
PID:460

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wevtutil.exe el
3⤵
- Suspicious use of WriteProcessMemory
PID:4576

C:\Windows\system32\wevtutil.exe
wevtutil.exe el
4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1932

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "AMSI/Debug"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3548

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "AirSpaceChannel"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2772

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Analytic"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4256

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Application"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1408

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "DirectShowFilterGraph"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4168

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "DirectShowPluginControl"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4440

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Els_Hyphenation/Analytic"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3876

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "EndpointMapper"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3604

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "FirstUXPerf-Analytic"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4672

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "ForwardedEvents"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4708

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "General Logging"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4056

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "HardwareEvents"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:512

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "IHM_DebugChannel"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3920

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Intel-iaLPSS-GPIO/Analytic"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2492

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Intel-iaLPSS-I2C/Analytic"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:5064

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Intel-iaLPSS2-GPIO2/Debug"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1008

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Intel-iaLPSS2-GPIO2/Performance"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3048

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Intel-iaLPSS2-I2C/Debug"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3036

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Intel-iaLPSS2-I2C/Performance"
3⤵
- Clears Windows event logs
- Suspicious use of AdjustPrivilegeToken
PID:4952

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Internet Explorer"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2224

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Key Management Service"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:5112

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MF_MediaFoundationDeviceMFT"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1212

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MF_MediaFoundationDeviceProxy"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3584

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MF_MediaFoundationFrameServer"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1444

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MedaFoundationVideoProc"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1864

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MedaFoundationVideoProcD3D"
3⤵
- Clears Windows event logs
- Suspicious use of AdjustPrivilegeToken
PID:1952

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MediaFoundationAsyncWrapper"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1984

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MediaFoundationContentProtection"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4104

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MediaFoundationDS"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4164

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MediaFoundationDeviceProxy"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4564

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MediaFoundationMP4"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3800

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MediaFoundationMediaEngine"
3⤵
PID:1816

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MediaFoundationPerformance"
3⤵
- Clears Windows event logs
PID:4488

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MediaFoundationPerformanceCore"
3⤵
PID:2344

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MediaFoundationPipeline"
3⤵
PID:3288

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MediaFoundationPlatform"
3⤵
PID:1844

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "MediaFoundationSrcPrefetch"
3⤵
PID:3688

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-AppV-Client-Streamingux/Debug"
3⤵
PID:4944

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-AppV-Client/Admin"
3⤵
PID:3372

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-AppV-Client/Debug"
3⤵
PID:3524

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-AppV-Client/Operational"
3⤵
PID:4280

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-AppV-Client/Virtual Applications"
3⤵
PID:1856

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-AppV-SharedPerformance/Analytic"
3⤵
PID:2072

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Client-Licensing-Platform/Admin"
3⤵
PID:2756

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Client-Licensing-Platform/Debug"
3⤵
PID:1256

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Client-Licensing-Platform/Diagnostic"
3⤵
PID:2688

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-IE/Diagnostic"
3⤵
PID:3104

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-IEFRAME/Diagnostic"
3⤵
PID:4748

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-JSDumpHeap/Diagnostic"
3⤵
- Clears Windows event logs
PID:4920

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-OneCore-Setup/Analytic"
3⤵
PID:2304

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-PerfTrack-IEFRAME/Diagnostic"
3⤵
PID:4688

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-PerfTrack-MSHTML/Diagnostic"
3⤵
PID:4772

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-User Experience Virtualization-Admin/Debug"
3⤵
PID:4284

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-User Experience Virtualization-Agent Driver/Debug"
3⤵
PID:4028

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-User Experience Virtualization-Agent Driver/Operational"
3⤵
PID:364

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-User Experience Virtualization-App Agent/Analytic"
3⤵
PID:3352

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-User Experience Virtualization-App Agent/Debug"
3⤵
- Clears Windows event logs
PID:4472

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-User Experience Virtualization-App Agent/Operational"
3⤵
PID:4592

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-User Experience Virtualization-IPC/Operational"
3⤵
PID:3172

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic"
3⤵
PID:3612

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug"
3⤵
- Clears Windows event logs
PID:4376

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational"
3⤵
PID:796

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AAD/Analytic"
3⤵
PID:4996

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AAD/Operational"
3⤵
PID:5040

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ADSI/Debug"
3⤵
PID:532

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ASN1/Operational"
3⤵
PID:1388

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ATAPort/General"
3⤵
PID:1832

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ATAPort/SATA-LPM"
3⤵
PID:4976

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ActionQueue/Analytic"
3⤵
PID:1600

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-All-User-Install-Agent/Admin"
3⤵
PID:3132

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AllJoyn/Debug"
3⤵
PID:4500

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AllJoyn/Operational"
3⤵
PID:4344

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppHost/Admin"
3⤵
PID:4300

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppHost/ApplicationTracing"
3⤵
PID:4372

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppHost/Diagnostic"
3⤵
PID:2340

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppHost/Internal"
3⤵
PID:5084

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppID/Operational"
3⤵
PID:3852

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppLocker/EXE and DLL"
3⤵
PID:3928

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppLocker/MSI and Script"
3⤵
PID:2472

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppLocker/Packaged app-Deployment"
3⤵
PID:4752

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppLocker/Packaged app-Execution"
3⤵
PID:3528

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Admin"
3⤵
PID:1040

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Analytic"
3⤵
PID:5104

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Debug"
3⤵
PID:432

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Diagnostics"
3⤵
PID:2036

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppModel-State/Debug"
3⤵
PID:4368

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppModel-State/Diagnostic"
3⤵
PID:2588

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppReadiness/Admin"
3⤵
PID:4044

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppReadiness/Debug"
3⤵
PID:820

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppReadiness/Operational"
3⤵
PID:2524

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppSruProv"
3⤵
PID:2188

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppXDeployment/Diagnostic"
3⤵
PID:3048

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppXDeployment/Operational"
3⤵
PID:2928

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Debug"
3⤵
PID:4760

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Diagnostic"
3⤵
PID:2272

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Operational"
3⤵
PID:4764

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Restricted"
3⤵
PID:3224

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ApplicabilityEngine/Analytic"
3⤵
PID:4016

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ApplicabilityEngine/Operational"
3⤵
PID:764

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Admin"
3⤵
PID:1460

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Analytic"
3⤵
PID:2012

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Debug"
3⤵
PID:4904

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Operational"
3⤵
PID:2892

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug"
3⤵
PID:3552

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant"
3⤵
PID:3596

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic"
3⤵
PID:4560

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace"
3⤵
PID:4908

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter"
3⤵
PID:3844

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Inventory"
3⤵
PID:4736

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Telemetry"
3⤵
PID:4444

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Application-Experience/Steps-Recorder"
3⤵
PID:4084

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppxPackaging/Debug"
3⤵
PID:3728

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppxPackaging/Operational"
3⤵
PID:3420

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AppxPackaging/Performance"
3⤵
PID:3556

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AssignedAccess/Admin"
3⤵
PID:64

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AssignedAccess/Operational"
3⤵
PID:1604

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AssignedAccessBroker/Admin"
3⤵
PID:3196

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AssignedAccessBroker/Operational"
3⤵
PID:3904

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AsynchronousCausality/Causality"
3⤵
- Clears Windows event logs
PID:3464

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Audio/CaptureMonitor"
3⤵
PID:3752

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Audio/GlitchDetection"
3⤵
- Clears Windows event logs
PID:1440

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Audio/Informational"
3⤵
PID:4040

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Audio/Operational"
3⤵
PID:3952

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Audio/Performance"
3⤵
PID:4896

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Audio/PlaybackManager"
3⤵
PID:1860

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Audit/Analytic"
3⤵
PID:3512

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Authentication User Interface/Operational"
3⤵
PID:988

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController"
3⤵
PID:3352

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Authentication/ProtectedUser-Client"
3⤵
- Clears Windows event logs
PID:4472

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController"
3⤵
- Clears Windows event logs
PID:3504

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController"
3⤵
PID:4596

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-AxInstallService/Log"
3⤵
PID:796

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BTH-BTHPORT/HCI"
3⤵
PID:2908

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BTH-BTHPORT/L2CAP"
3⤵
PID:4340

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BTH-BTHUSB/Diagnostic"
3⤵
PID:4308

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BTH-BTHUSB/Performance"
3⤵
- Clears Windows event logs
PID:32

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic"
3⤵
PID:1900

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BackgroundTaskInfrastructure/Operational"
3⤵
PID:4372

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational"
3⤵
PID:5084

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Backup"
3⤵
PID:3160

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Base-Filtering-Engine-Connections/Operational"
3⤵
PID:3628

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational"
3⤵
PID:2472

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Battery/Diagnostic"
3⤵
PID:4752

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Biometrics/Analytic"
3⤵
PID:3528

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Biometrics/Operational"
3⤵
PID:1040

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Admin"
3⤵
PID:5104

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Operational"
3⤵
PID:432

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BitLocker-Driver-Performance/Operational"
3⤵
- Clears Windows event logs
PID:4696

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BitLocker/BitLocker Management"
3⤵
PID:60

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BitLocker/BitLocker Operational"
3⤵
- Clears Windows event logs
PID:3920

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BitLocker/Tracing"
3⤵
PID:2492

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Bits-Client/Analytic"
3⤵
PID:5064

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Bits-Client/Operational"
3⤵
PID:2112

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational"
3⤵
PID:2188

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Bluetooth-Bthmini/Operational"
3⤵
PID:1936

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Bluetooth-MTPEnum/Operational"
3⤵
PID:4956

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Bluetooth-Policy/Operational"
3⤵
PID:4460

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BranchCache/Operational"
3⤵
PID:868

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic"
3⤵
PID:2348

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BranchCacheEventProvider/Diagnostic"
3⤵
PID:1672

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BranchCacheMonitoring/Analytic"
3⤵
PID:3828

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Analytic"
3⤵
PID:1236

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Operational"
3⤵
PID:1444

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CAPI2/Catalog Database Debug"
3⤵
PID:2012

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CAPI2/Operational"
3⤵
- Clears Windows event logs
PID:4904

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CDROM/Operational"
3⤵
PID:3880

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-COM/Analytic"
3⤵
PID:4560

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-COM/ApartmentInitialize"
3⤵
PID:4908

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-COM/ApartmentUninitialize"
3⤵
PID:1816

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-COM/Call"
3⤵
PID:536

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-COM/CreateInstance"
3⤵
PID:1960

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-COM/ExtensionCatalog"
3⤵
PID:316

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-COM/FreeUnusedLibrary"
3⤵
PID:4784

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-COM/RundownInstrumentation"
3⤵
PID:3524

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-COMRuntime/Activations"
3⤵
PID:4280

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-COMRuntime/MessageProcessing"
3⤵
PID:1856

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-COMRuntime/Tracing"
3⤵
PID:2244

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CertPoleEng/Operational"
3⤵
PID:2756

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"
3⤵
PID:1256

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational"
3⤵
PID:3572

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational"
3⤵
PID:3564

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Cleanmgr/Diagnostic"
3⤵
- Clears Windows event logs
PID:1232

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ClearTypeTextTuner/Diagnostic"
3⤵
PID:372

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CloudStore/Debug"
3⤵
PID:1624

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CloudStore/Operational"
3⤵
PID:4688

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CmiSetup/Analytic"
3⤵
PID:3428

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Operational"
3⤵
PID:4028

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Verbose"
3⤵
PID:2316

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ComDlg32/Analytic"
3⤵
PID:792

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ComDlg32/Debug"
3⤵
PID:4960

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Compat-Appraiser/Analytic"
3⤵
PID:2452

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Compat-Appraiser/Operational"
3⤵
PID:4636

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Containers-BindFlt/Debug"
3⤵
PID:5096

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Containers-BindFlt/Operational"
3⤵
PID:4420

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Containers-Wcifs/Debug"
3⤵
PID:1832

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Containers-Wcifs/Operational"
3⤵
PID:4500

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Containers-Wcnfs/Debug"
3⤵
PID:4312

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Containers-Wcnfs/Operational"
3⤵
PID:32

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CoreApplication/Diagnostic"
3⤵
PID:4604

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CoreApplication/Operational"
3⤵
PID:4372

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CoreApplication/Tracing"
3⤵
PID:5084

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug"
3⤵
PID:3160

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational"
3⤵
PID:3628

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CoreWindow/Analytic"
3⤵
PID:2472

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CoreWindow/Debug"
3⤵
PID:4752

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Client/Operational"
3⤵
PID:4708

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Server/Operational"
3⤵
PID:760

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Crashdump/Operational"
3⤵
PID:3920

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-CredUI/Diagnostic"
3⤵
PID:1868

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Crypto-BCRYPT/Analytic"
3⤵
PID:2188

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Crypto-CNG/Analytic"
3⤵
PID:5112

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc"
3⤵
PID:4580

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Crypto-DPAPI/Debug"
3⤵
PID:3948

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Crypto-DPAPI/Operational"
3⤵
PID:1980

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Crypto-DSSEnh/Analytic"
3⤵
PID:4336

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Crypto-NCrypt/Operational"
3⤵
PID:2676

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Crypto-RNG/Analytic"
3⤵
PID:824

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Crypto-RSAEnh/Analytic"
3⤵
- Clears Windows event logs
PID:4104

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-D3D10Level9/Analytic"
3⤵
PID:3596

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-D3D10Level9/PerfTiming"
3⤵
PID:4032

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DAL-Provider/Analytic"
3⤵
PID:1212

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DAL-Provider/Operational"
3⤵
PID:4488

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DAMM/Diagnostic"
3⤵
PID:4736

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DCLocator/Debug"
3⤵
PID:4444

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DDisplay/Analytic"
3⤵
PID:1844

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DDisplay/Logging"
3⤵
PID:640

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DLNA-Namespace/Analytic"
3⤵
PID:2080

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DNS-Client/Operational"
3⤵
PID:2072

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DSC/Admin"
3⤵
PID:3152

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DSC/Analytic"
3⤵
PID:1528

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DSC/Debug"
3⤵
PID:3464

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DSC/Operational"
3⤵
PID:3752

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DUI/Diagnostic"
3⤵
PID:1440

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DUSER/Diagnostic"
3⤵
PID:4040

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DXGI/Analytic"
3⤵
PID:3952

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DXGI/Logging"
3⤵
PID:1200

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DXP/Analytic"
3⤵
PID:4284

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Data-Pdf/Debug"
3⤵
PID:3512

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DataIntegrityScan/Admin"
3⤵
PID:1048

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DataIntegrityScan/CrashRecovery"
3⤵
PID:1368

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Analytic"
3⤵
PID:4472

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Debug"
3⤵
PID:8

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Operational"
3⤵
PID:4400

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Deduplication/Diagnostic"
3⤵
PID:5096

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Deduplication/Operational"
3⤵
PID:4340

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Deduplication/Performance"
3⤵
PID:1496

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Deduplication/Scrubbing"
3⤵
PID:2076

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Defrag-Core/Debug"
3⤵
PID:4300

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Deplorch/Analytic"
3⤵
PID:2900

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DesktopActivityModerator/Diagnostic"
3⤵
PID:5032

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic"
3⤵
PID:4168

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceAssociationService/Performance"
3⤵
PID:2748

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceConfidence/Analytic"
3⤵
PID:2880

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceGuard/Operational"
3⤵
PID:4672

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceGuard/Verbose"
3⤵
PID:4056

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin"
3⤵
PID:1680

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug"
3⤵
PID:760

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational"
3⤵
PID:3920

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Admin"
3⤵
PID:820

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Analytic"
3⤵
PID:3604

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Debug"
3⤵
PID:5112

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Operational"
3⤵
PID:3224

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceSync/Analytic"
3⤵
PID:4024

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceSync/Operational"
3⤵
PID:1236

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceUpdateAgent/Operational"
3⤵
PID:3336

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceUx/Informational"
3⤵
PID:2012

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DeviceUx/Performance"
3⤵
PID:1972

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Devices-Background/Operational"
3⤵
PID:4564

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Admin"
3⤵
- Clears Windows event logs
PID:4560

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Operational"
3⤵
PID:1728

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Admin"
3⤵
PID:3844

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Operational"
3⤵
PID:4736

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DiagCpl/Debug"
3⤵
PID:1960

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic"
3⤵
PID:2384

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Analytic"
3⤵
PID:3556

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Debug"
3⤵
PID:1856

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Operational"
3⤵
PID:4516

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-MSDE/Debug"
3⤵
PID:2756

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Analytic"
3⤵
PID:4756

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Debug"
3⤵
PID:4092

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Operational"
3⤵
PID:4192

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Debug"
3⤵
PID:4776

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Operational"
3⤵
PID:372

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-Perfhost/Analytic"
3⤵
PID:2876

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scheduled/Operational"
3⤵
PID:1860

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Admin"
3⤵
- Clears Windows event logs
PID:364

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Analytic"
3⤵
PID:2516

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Debug"
3⤵
PID:3352

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Operational"
3⤵
PID:388

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug"
3⤵
- Clears Windows event logs
PID:3504

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational"
3⤵
PID:4596

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-WDC/Analytic"
3⤵
PID:3616

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnosis-WDI/Debug"
3⤵
PID:4400

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Debug"
3⤵
PID:5096

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Operational"
3⤵
PID:3372

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic"
3⤵
PID:4048

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic"
3⤵
PID:2584

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic"
3⤵
PID:4388

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback"
3⤵
PID:4308

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Operational"
3⤵
PID:1824

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Direct3D10/Analytic"
3⤵
PID:2076

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Direct3D10_1/Analytic"
3⤵
PID:4300

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Direct3D11/Analytic"
3⤵
PID:2900

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Direct3D11/Logging"
3⤵
PID:5032

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Direct3D11/PerfTiming"
3⤵
PID:3900

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Direct3D12/Analytic"
3⤵
PID:2748

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Direct3D12/Logging"
3⤵
PID:2880

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Direct3D12/PerfTiming"
3⤵
PID:4752

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Direct3D9/Analytic"
3⤵
PID:4056

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Direct3DShaderCache/Default"
3⤵
PID:760

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DirectComposition/Diagnostic"
3⤵
PID:1868

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DirectManipulation/Diagnostic"
3⤵
PID:3604

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DirectShow-KernelSupport/Performance"
3⤵
PID:5112

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DirectSound/Debug"
3⤵
PID:3224

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Disk/Operational"
3⤵
PID:4024

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DiskDiagnostic/Operational"
3⤵
PID:2676

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DiskDiagnosticDataCollector/Operational"
3⤵
PID:2012

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DiskDiagnosticResolver/Operational"
3⤵
PID:2036

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Dism-Api/Analytic"
3⤵
PID:4564

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Dism-Api/ExternalAnalytic"
3⤵
PID:4560

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Dism-Api/InternalAnalytic"
3⤵
PID:4488

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Dism-Cli/Analytic"
3⤵
PID:3584

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Debug"
3⤵
PID:4852

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Operational"
3⤵
- Clears Windows event logs
PID:4280

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DisplaySwitch/Diagnostic"
3⤵
PID:3436

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Documents/Performance"
3⤵
PID:3196

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Dot3MM/Diagnostic"
3⤵
PID:2244

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DriverFrameworks-UserMode/Operational"
3⤵
PID:3904

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DucUpdateAgent/Operational"
3⤵
PID:1528

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Dwm-API/Diagnostic"
3⤵
PID:4128

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Dwm-Core/Diagnostic"
3⤵
PID:4092

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Dwm-Dwm/Diagnostic"
3⤵
PID:4192

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Dwm-Redir/Diagnostic"
3⤵
PID:4776

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Dwm-Udwm/Diagnostic"
3⤵
PID:372

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DxgKrnl-Admin"
3⤵
PID:2876

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DxgKrnl-Operational"
3⤵
PID:4688

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DxgKrnl/Contention"
3⤵
PID:364

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DxgKrnl/Diagnostic"
3⤵
PID:1604

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DxgKrnl/Performance"
3⤵
PID:1368

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DxgKrnl/Power"
3⤵
PID:4960

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-DxpTaskSyncProvider/Analytic"
3⤵
PID:8

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EDP-Application-Learning/Admin"
3⤵
PID:4636

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EDP-Audit-Regular/Admin"
3⤵
PID:5040

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EDP-Audit-TCB/Admin"
3⤵
PID:1908

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EFS/Debug"
3⤵
PID:2564

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ESE/IODiagnose"
3⤵
PID:2124

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ESE/Operational"
3⤵
PID:4208

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EapHost/Analytic"
3⤵
PID:3768

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EapHost/Debug"
3⤵
PID:4312

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EapHost/Operational"
3⤵
PID:3304

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EapMethods-RasChap/Operational"
3⤵
PID:4604

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EapMethods-RasTls/Operational"
3⤵
PID:3804

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EapMethods-Sim/Operational"
3⤵
PID:5084

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EapMethods-Ttls/Operational"
3⤵
PID:4440

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EaseOfAccess/Diagnostic"
3⤵
- Clears Windows event logs
PID:2380

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Energy-Estimation-Engine/EventLog"
3⤵
PID:4872

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Energy-Estimation-Engine/Trace"
3⤵
PID:4752

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic"
3⤵
PID:2728

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EventCollector/Debug"
3⤵
PID:448

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EventCollector/Operational"
3⤵
PID:2772

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EventLog-WMIProvider/Debug"
3⤵
PID:820

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EventLog/Analytic"
3⤵
PID:4580

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-EventLog/Debug"
3⤵
PID:3948

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FMS/Analytic"
3⤵
PID:1980

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FMS/Debug"
3⤵
PID:1952

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FMS/Operational"
3⤵
PID:2204

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FailoverClustering-Client/Diagnostic"
3⤵
PID:1116

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Fault-Tolerant-Heap/Operational"
3⤵
PID:2012

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FeatureConfiguration/Analytic"
3⤵
PID:2036

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FeatureConfiguration/Operational"
3⤵
PID:1212

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-Catalog/Analytic"
3⤵
PID:3844

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-Catalog/Debug"
3⤵
PID:316

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-ConfigManager/Analytic"
3⤵
PID:2732

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-ConfigManager/Debug"
3⤵
PID:3108

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-Core/Analytic"
3⤵
PID:3964

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-Core/Debug"
3⤵
PID:2072

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-Core/WHC"
3⤵
PID:1856

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-Engine/Analytic"
3⤵
PID:4516

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-Engine/BackupLog"
3⤵
PID:2860

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-Engine/Debug"
3⤵
PID:1528

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-EventListener/Analytic"
3⤵
PID:4128

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-EventListener/Debug"
3⤵
PID:4092

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-Service/Analytic"
3⤵
PID:1440

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-Service/Debug"
3⤵
PID:2488

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-UI-Events/Analytic"
3⤵
- Clears Windows event logs
PID:2304

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileHistory-UI-Events/Debug"
3⤵
PID:1200

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-FileInfoMinifilter/Operational"
3⤵
PID:4284

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Firewall-CPL/Diagnostic"
3⤵
PID:4028

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Folder Redirection/Operational"
3⤵
PID:988

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Forwarding/Debug"
3⤵
PID:732

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Forwarding/Operational"
3⤵
- Clears Windows event logs
PID:1000

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-GPIO-ClassExtension/Analytic"
3⤵
PID:3172

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-GenericRoaming/Admin"
3⤵
PID:1368

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-GroupPolicy/Operational"
3⤵
PID:4596

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HAL/Debug"
3⤵
PID:3616

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HealthCenter/Debug"
3⤵
PID:4400

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HealthCenter/Performance"
3⤵
PID:2108

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HealthCenterCPL/Performance"
3⤵
PID:1908

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HelloForBusiness/Operational"
3⤵
PID:2564

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Help/Operational"
3⤵
PID:2124

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"
3⤵
PID:4208

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel/Operational"
3⤵
PID:3768

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HomeGroup Listener Service/Operational"
3⤵
PID:4312

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"
3⤵
PID:3304

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service/Operational"
3⤵
PID:4604

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HomeGroup-ListenerService"
3⤵
PID:3804

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HotspotAuth/Analytic"
3⤵
PID:3900

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HotspotAuth/Operational"
3⤵
PID:3488

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HttpService/Log"
3⤵
PID:2152

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-HttpService/Trace"
3⤵
PID:3916

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Admin"
3⤵
PID:2028

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic"
3⤵
PID:940

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Debug"
3⤵
PID:3908

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose"
3⤵
PID:2772

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Operational"
3⤵
PID:820

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Hyper-V-Hypervisor-Admin"
3⤵
PID:4580

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Hyper-V-Hypervisor-Analytic"
3⤵
PID:3948

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Hyper-V-Hypervisor-Operational"
3⤵
PID:1980

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Hyper-V-NETVSC/Diagnostic"
3⤵
PID:1952

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Hyper-V-VID-Admin"
3⤵
PID:2204

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Hyper-V-VID-Analytic"
3⤵
PID:1116

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IE-SmartScreen"
3⤵
PID:2012

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IKE/Operational"
3⤵
PID:3004

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IKEDBG/Debug"
3⤵
PID:1212

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-Broker/Analytic"
3⤵
PID:3844

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-CandidateUI/Analytic"
3⤵
PID:316

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-CustomerFeedbackManager/Debug"
3⤵
PID:2732

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic"
3⤵
PID:3108

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-JPAPI/Analytic"
3⤵
PID:3964

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-JPLMP/Analytic"
3⤵
PID:2072

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-JPPRED/Analytic"
3⤵
- Clears Windows event logs
PID:1856

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-JPSetting/Analytic"
3⤵
PID:4516

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-JPTIP/Analytic"
3⤵
PID:2860

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-KRAPI/Analytic"
3⤵
PID:3572

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-KRTIP/Analytic"
3⤵
PID:3752

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-OEDCompiler/Analytic"
3⤵
PID:1232

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-TCCORE/Analytic"
3⤵
PID:4192

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-TCTIP/Analytic"
3⤵
PID:1624

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IME-TIP/Analytic"
3⤵
PID:372

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IPNAT/Diagnostic"
3⤵
PID:2876

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IPSEC-SRV/Diagnostic"
3⤵
PID:3512

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IPxlatCfg/Debug"
3⤵
PID:2516

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IPxlatCfg/Operational"
3⤵
PID:1048

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IdCtrls/Analytic"
3⤵
PID:4952

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IdCtrls/Operational"
3⤵
PID:1236

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic"
3⤵
PID:1680

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Input-HIDCLASS-Analytic"
3⤵
PID:3504

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-InputSwitch/Diagnostic"
3⤵
PID:2452

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-International-RegionalOptionsControlPanel/Operational"
3⤵
PID:4384

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Debug"
3⤵
PID:4420

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Operational"
3⤵
PID:5096

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Trace"
3⤵
PID:1832

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-KdsSvc/Operational"
3⤵
PID:4680

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kerberos/Operational"
3⤵
PID:4340

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Acpi/Diagnostic"
3⤵
PID:4308

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-AppCompat/General"
3⤵
PID:1824

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-AppCompat/Performance"
3⤵
PID:3532

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-ApphelpCache/Analytic"
3⤵
PID:1408

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-ApphelpCache/Debug"
3⤵
PID:2900

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-ApphelpCache/Operational"
3⤵
PID:5032

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Boot/Analytic"
3⤵
PID:4440

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Boot/Operational"
3⤵
PID:2748

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic"
3⤵
PID:4708

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Disk/Analytic"
3⤵
PID:3188

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Admin"
3⤵
PID:3896

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Analytic"
3⤵
PID:5024

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-File/Analytic"
3⤵
PID:760

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-IO/Operational"
3⤵
- Clears Windows event logs
PID:4936

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic"
3⤵
PID:3604

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-IoTrace/Diagnostic"
3⤵
PID:5112

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-LiveDump/Analytic"
3⤵
PID:1460

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-LiveDump/Operational"
3⤵
PID:4024

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Memory/Analytic"
3⤵
PID:3336

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Network/Analytic"
3⤵
PID:3012

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Pdc/Diagnostic"
3⤵
PID:3596

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Pep/Diagnostic"
3⤵
PID:4564

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic"
3⤵
PID:1816

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Configuration"
3⤵
PID:536

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic"
3⤵
PID:4736

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic"
3⤵
PID:4444

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic"
3⤵
PID:4280

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog"
3⤵
PID:3556

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Power/Diagnostic"
3⤵
PID:3196

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Diagnostic"
3⤵
PID:4840

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Operational"
3⤵
PID:2756

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Prefetch/Diagnostic"
3⤵
PID:1256

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Process/Analytic"
3⤵
PID:3464

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Processor-Power/Diagnostic"
3⤵
PID:1528

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Registry/Analytic"
3⤵
PID:4748

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-Registry/Performance"
3⤵
PID:4920

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-ShimEngine/Debug"
3⤵
PID:4776

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-ShimEngine/Diagnostic"
3⤵
PID:4356

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-ShimEngine/Operational"
3⤵
PID:2304

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Analytic"
3⤵
PID:1200

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Operational"
3⤵
PID:3352

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Analytic"
3⤵
PID:3920

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Debug"
3⤵
PID:4760

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Operational"
3⤵
PID:732

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Errors"
3⤵
PID:388

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Operational"
3⤵
PID:4472

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Kernel-XDV/Analytic"
3⤵
PID:4960

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-KeyboardFilter/Admin"
3⤵
PID:4596

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-KeyboardFilter/Operational"
3⤵
PID:796

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-KeyboardFilter/Performance"
3⤵
- Clears Windows event logs
PID:4400

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Known Folders API Service"
3⤵
PID:4048

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-L2NA/Diagnostic"
3⤵
PID:2248

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-LDAP-Client/Debug"
3⤵
PID:4388

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-LSA/Diagnostic"
3⤵
PID:2124

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-LSA/Operational"
3⤵
PID:4344

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-LSA/Performance"
3⤵
PID:2316

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-LUA-ConsentUI/Diagnostic"
3⤵
PID:3184

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Analytic"
3⤵
PID:3304

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Debug"
3⤵
PID:4604

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Operational"
3⤵
PID:3804

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-LimitsManagement/Diagnostic"
3⤵
- Clears Windows event logs
PID:4168

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic"
3⤵
- Clears Windows event logs
PID:4872

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational"
3⤵
PID:4752

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-LiveId/Analytic"
3⤵
PID:3780

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-LiveId/Operational"
3⤵
PID:4056

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic"
3⤵
PID:5056

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MPS-CLNT/Diagnostic"
3⤵
PID:1868

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MPS-DRV/Diagnostic"
3⤵
PID:1936

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MPS-SRV/Diagnostic"
3⤵
PID:3828

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MSFTEDIT/Diagnostic"
3⤵
PID:1900

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MSPaint/Admin"
3⤵
PID:1444

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MSPaint/Debug"
3⤵
PID:636

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MSPaint/Diagnostic"
3⤵
PID:3284

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MUI/Admin"
3⤵
PID:3336

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MUI/Analytic"
3⤵
PID:3012

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MUI/Debug"
3⤵
PID:3596

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MUI/Operational"
3⤵
PID:4564

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Media-Streaming/DMC"
3⤵
PID:1816

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Media-Streaming/DMR"
3⤵
PID:536

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Media-Streaming/MDE"
3⤵
PID:4736

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine"
3⤵
PID:4444

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter"
3⤵
PID:4280

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader"
3⤵
PID:3556

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/Transform"
3⤵
PID:3196

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MediaFoundation-Performance/SARStreamResource"
3⤵
PID:4840

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MediaFoundation-PlayAPI/Analytic"
3⤵
PID:2756

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MemoryDiagnostics-Results/Debug"
3⤵
PID:1256

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Minstore/Analytic"
3⤵
PID:876

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Minstore/Debug"
3⤵
- Clears Windows event logs
PID:1528

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic"
3⤵
PID:3752

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic"
3⤵
PID:4092

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic"
3⤵
PID:4776

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational"
3⤵
- Clears Windows event logs
PID:4356

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic"
3⤵
PID:3352

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-MobilityCenter/Performance"
3⤵
- Clears Windows event logs
PID:3920

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin"
3⤵
PID:4760

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot"
3⤵
PID:732

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug"
3⤵
PID:388

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService"
3⤵
PID:1680

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Mprddm/Operational"
3⤵
PID:1368

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NCSI/Analytic"
3⤵
PID:4596

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NCSI/Operational"
3⤵
PID:796

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NDF-HelperClassDiscovery/Debug"
3⤵
PID:1860

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NDIS-PacketCapture/Diagnostic"
3⤵
PID:4048

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NDIS/Diagnostic"
3⤵
PID:2248

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NDIS/Operational"
3⤵
PID:4388

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NTLM/Operational"
3⤵
PID:2124

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NWiFi/Diagnostic"
3⤵
PID:4308

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Narrator/Diagnostic"
3⤵
PID:2076

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Ncasvc/Operational"
3⤵
PID:1672

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NcdAutoSetup/Diagnostic"
3⤵
PID:4300

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NcdAutoSetup/Operational"
3⤵
PID:2900

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NdisImPlatform/Operational"
3⤵
PID:5032

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Ndu/Diagnostic"
3⤵
- Clears Windows event logs
PID:4672

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NetShell/Performance"
3⤵
PID:2472

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Network-Connection-Broker"
3⤵
PID:2152

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Network-DataUsage/Analytic"
3⤵
PID:3916

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Network-Setup/Diagnostic"
3⤵
PID:4056

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Network-and-Sharing-Center/Diagnostic"
3⤵
PID:940

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NetworkBridge/Diagnostic"
3⤵
PID:760

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NetworkLocationWizard/Operational"
3⤵
- Clears Windows event logs
PID:2772

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NetworkProfile/Diagnostic"
3⤵
PID:4016

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NetworkProfile/Operational"
3⤵
PID:1864

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NetworkProvider/Operational"
3⤵
PID:3948

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NetworkProvisioning/Analytic"
3⤵
PID:1980

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NetworkProvisioning/Operational"
3⤵
PID:4904

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NetworkSecurity/Debug"
3⤵
PID:4104

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NetworkStatus/Analytic"
3⤵
PID:4032

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Networking-Correlation/Diagnostic"
3⤵
- Clears Windows event logs
PID:2344

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Networking-RealTimeCommunication/Tracing"
3⤵
PID:4560

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NlaSvc/Diagnostic"
3⤵
PID:1212

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-NlaSvc/Operational"
3⤵
PID:3620

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Ntfs/Operational"
3⤵
PID:316

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Ntfs/Performance"
3⤵
PID:2732

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Ntfs/WHC"
3⤵
PID:3108

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OLE/Clipboard-Performance"
3⤵
PID:2080

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OLEACC/Debug"
3⤵
PID:3152

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OLEACC/Diagnostic"
3⤵
PID:2244

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic"
3⤵
PID:1388

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OOBE-Machine-Core/Diagnostic"
3⤵
PID:4756

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OOBE-Machine-DUI/Diagnostic"
3⤵
PID:3128

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OOBE-Machine-DUI/Operational"
3⤵
PID:876

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic"
3⤵
PID:1528

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OcpUpdateAgent/Operational"
3⤵
PID:3752

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OfflineFiles/Analytic"
3⤵
- Clears Windows event logs
PID:2488

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OfflineFiles/Debug"
3⤵
PID:3512

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OfflineFiles/Operational"
3⤵
PID:2516

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OfflineFiles/SyncLog"
3⤵
PID:824

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OneBackup/Debug"
3⤵
PID:2088

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OneX/Diagnostic"
3⤵
PID:3464

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OneX/Operational"
3⤵
PID:732

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OobeLdr/Analytic"
3⤵
PID:388

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-OtpCredentialProvider/Operational"
3⤵
PID:1680

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PCI/Diagnostic"
3⤵
PID:1368

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PackageStateRoaming/Analytic"
3⤵
PID:4596

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PackageStateRoaming/Debug"
3⤵
PID:796

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PackageStateRoaming/Operational"
3⤵
PID:1860

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ParentalControls/Operational"
3⤵
PID:1832

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Partition/Analytic"
3⤵
PID:4680

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Partition/Diagnostic"
3⤵
PID:2368

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic"
3⤵
PID:4080

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PerceptionRuntime/Operational"
3⤵
PID:4344

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PerceptionSensorDataService/Operational"
3⤵
PID:4372

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PersistentMemory-Nvdimm/Analytic"
3⤵
PID:1480

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic"
3⤵
PID:4740

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PersistentMemory-Nvdimm/Operational"
3⤵
PID:4300

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PersistentMemory-PmemDisk/Analytic"
3⤵
PID:2900

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic"
3⤵
PID:5032

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PersistentMemory-PmemDisk/Operational"
3⤵
PID:4672

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Analytic"
3⤵
PID:2472

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Certification"
3⤵
PID:2152

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Diagnose"
3⤵
PID:3916

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Operational"
3⤵
PID:4056

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PhotoAcq/Analytic"
3⤵
PID:940

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PlayToManager/Analytic"
3⤵
PID:3908

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Policy/Analytic"
3⤵
PID:868

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Policy/Operational"
3⤵
PID:4016

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PortableDeviceStatusProvider/Analytic"
3⤵
PID:1864

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PortableDeviceSyncProvider/Analytic"
3⤵
PID:3948

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Power-Meter-Polling/Diagnostic"
3⤵
PID:1980

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PowerCfg/Diagnostic"
3⤵
PID:3284

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PowerCpl/Diagnostic"
3⤵
PID:3800

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic"
3⤵
PID:2012

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic"
3⤵
PID:1776

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug"
3⤵
PID:3596

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational"
3⤵
PID:4488

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PowerShell/Admin"
3⤵
PID:3584

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PowerShell/Analytic"
3⤵
PID:536

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PowerShell/Debug"
3⤵
- Clears Windows event logs
PID:4736

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PowerShell/Operational"
3⤵
PID:3576

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PrimaryNetworkIcon/Performance"
3⤵
PID:4280

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PrintBRM/Admin"
3⤵
PID:3556

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PrintService-USBMon/Debug"
3⤵
PID:3152

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PrintService/Admin"
3⤵
PID:2244

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PrintService/Debug"
3⤵
PID:1388

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PrintService/Operational"
3⤵
PID:4756

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Privacy-Auditing/Operational"
3⤵
PID:3572

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ProcessStateManager/Diagnostic"
3⤵
PID:2956

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Program-Compatibility-Assistant/Analytic"
3⤵
PID:876

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade"
3⤵
PID:1528

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin"
3⤵
PID:3752

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot"
3⤵
PID:2488

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug"
3⤵
PID:3512

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService"
3⤵
PID:2516

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Proximity-Common/Diagnostic"
3⤵
PID:824

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Proximity-Common/Informational"
3⤵
PID:2088

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Proximity-Common/Performance"
3⤵
PID:3464

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PushNotification-Developer/Debug"
3⤵
PID:732

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PushNotification-InProc/Debug"
3⤵
PID:388

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PushNotification-Platform/Admin"
3⤵
PID:1680

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PushNotification-Platform/Debug"
3⤵
PID:1368

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-PushNotification-Platform/Operational"
3⤵
PID:4596

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-QoS-Pacer/Diagnostic"
3⤵
PID:796

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-QoS-qWAVE/Debug"
3⤵
PID:1908

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RPC-Proxy/Debug"
3⤵
PID:2584

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RPC/Debug"
3⤵
PID:2248

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RPC/EEInfo"
3⤵
PID:4388

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RRAS/Debug"
3⤵
PID:4436

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RRAS/Operational"
3⤵
PID:4660

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RadioManager/Analytic"
3⤵
PID:4344

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic"
3⤵
PID:2316

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RasAgileVpn/Debug"
3⤵
PID:3532

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RasAgileVpn/Operational"
3⤵
PID:3304

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ReFS/Operational"
3⤵
PID:2380

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ReadyBoost/Analytic"
3⤵
PID:2900

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ReadyBoost/Operational"
3⤵
- Clears Windows event logs
PID:4872

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Analytic"
3⤵
PID:4752

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Operational"
3⤵
PID:3896

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Regsvr32/Operational"
3⤵
PID:3780

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"
3⤵
PID:5020

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational"
3⤵
PID:4056

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Admin"
3⤵
PID:940

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Operational"
3⤵
PID:3908

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Tracing"
3⤵
PID:868

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin"
3⤵
PID:1460

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug"
3⤵
PID:1444

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational"
3⤵
PID:636

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin"
3⤵
PID:3488

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug"
3⤵
PID:4904

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug"
3⤵
PID:3336

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational"
3⤵
PID:3012

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Remotefs-Rdbss/Diagnostic"
3⤵
PID:3288

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Remotefs-Rdbss/Operational"
3⤵
PID:2344

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ResetEng-Trace/Diagnostic"
3⤵
PID:1816

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Detector/Operational"
3⤵
- Clears Windows event logs
PID:1960

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational"
3⤵
PID:3620

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ResourcePublication/Tracing"
3⤵
PID:3436

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RestartManager/Operational"
3⤵
PID:1348

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RetailDemo/Admin"
3⤵
PID:3108

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-RetailDemo/Operational"
3⤵
PID:3196

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Runtime-Graphics/Analytic"
3⤵
PID:1856

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing"
3⤵
PID:2756

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Runtime-Networking/Tracing"
3⤵
PID:2860

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Runtime-Web-Http/Tracing"
3⤵
PID:3912

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Runtime-WebAPI/Tracing"
3⤵
PID:4360

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource"
3⤵
PID:744

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine"
3⤵
PID:1232

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource"
3⤵
PID:4040

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode"
3⤵
PID:3136

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Runtime/CreateInstance"
3⤵
PID:4356

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Runtime/Error"
3⤵
PID:4044

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBClient/Analytic"
3⤵
PID:988

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBClient/HelperClassDiagnostic"
3⤵
PID:4952

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBClient/ObjectStateDiagnostic"
3⤵
PID:1236

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBClient/Operational"
3⤵
PID:3172

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBDirect/Admin"
3⤵
PID:4636

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBDirect/Debug"
3⤵
PID:2452

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBDirect/Netmon"
3⤵
- Clears Windows event logs
PID:2716

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBServer/Analytic"
3⤵
PID:4420

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBServer/Audit"
3⤵
PID:3632

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBServer/Connectivity"
3⤵
PID:2564

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBServer/Diagnostic"
3⤵
PID:4632

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBServer/Operational"
3⤵
PID:2188

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBServer/Performance"
3⤵
PID:4340

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBServer/Security"
3⤵
PID:4080

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBWitnessClient/Admin"
3⤵
PID:3836

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SMBWitnessClient/Informational"
3⤵
PID:3540

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SPB-ClassExtension/Analytic"
3⤵
PID:4344

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SPB-HIDI2C/Analytic"
3⤵
PID:4372

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Schannel-Events/Perf"
3⤵
PID:4768

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Sdbus/Analytic"
3⤵
PID:4604

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Sdbus/Debug"
3⤵
PID:3160

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Sdstor/Analytic"
3⤵
PID:4440

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Search-Core/Diagnostic"
3⤵
- Clears Windows event logs
PID:4708

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Search-ProtocolHandlers/Diagnostic"
3⤵
PID:4752

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SearchUI/Diagnostic"
3⤵
PID:2152

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SearchUI/Operational"
3⤵
PID:3916

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SecureAssessment/Operational"
3⤵
PID:3048

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-Adminless/Operational"
3⤵
PID:4936

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic"
3⤵
PID:3604

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Operational"
3⤵
PID:2772

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational"
3⤵
PID:3224

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational"
3⤵
PID:4024

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance"
3⤵
PID:4492

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-IdentityListener/Operational"
3⤵
PID:2204

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-IdentityStore/Performance"
3⤵
PID:432

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational"
3⤵
PID:4104

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-Mitigations/KernelMode"
3⤵
PID:4032

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-Mitigations/UserMode"
3⤵
PID:228

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-Netlogon/Operational"
3⤵
PID:3012

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-SPP-UX-GC/Analytic"
3⤵
PID:3168

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational"
3⤵
PID:3688

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter"
3⤵
PID:4560

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-SPP-UX/Analytic"
3⤵
PID:640

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-SPP/Perf"
3⤵
PID:3828

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-UserConsentVerifier/Audit"
3⤵
PID:4736

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Security-Vault/Performance"
3⤵
PID:3576

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SecurityMitigationsBroker/Admin"
3⤵
PID:3880

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SecurityMitigationsBroker/Operational"
3⤵
PID:3108

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SecurityMitigationsBroker/Perf"
3⤵
PID:3196

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SendTo/Diagnostic"
3⤵
PID:1856

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Sens/Debug"
3⤵
PID:2756

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Sensors/Debug"
3⤵
PID:2860

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Sensors/Performance"
3⤵
PID:3912

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Serial-ClassExtension-V2/Analytic"
3⤵
PID:4360

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Serial-ClassExtension/Analytic"
3⤵
PID:4920

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ServiceReportingApi/Debug"
3⤵
PID:4776

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Services-Svchost/Diagnostic"
3⤵
PID:1200

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Services/Diagnostic"
3⤵
PID:2488

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Servicing/Debug"
3⤵
PID:3920

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SettingSync-Azure/Debug"
3⤵
PID:4760

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SettingSync-Azure/Operational"
3⤵
PID:3876

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SettingSync-OneDrive/Analytic"
3⤵
PID:824

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SettingSync-OneDrive/Debug"
3⤵
PID:3612

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SettingSync-OneDrive/Operational"
3⤵
PID:4864

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SettingSync/Analytic"
3⤵
PID:732

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SettingSync/Debug"
3⤵
PID:4960

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SettingSync/Operational"
3⤵
PID:1780

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SettingSync/VerboseDebug"
3⤵
- Clears Windows event logs
PID:1368

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Setup/Analytic"
3⤵
PID:4688

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SetupCl/Analytic"
3⤵
PID:1096

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SetupPlatform/Analytic"
3⤵
- Clears Windows event logs
PID:1832

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SetupQueue/Analytic"
3⤵
PID:3380

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SetupUGC/Analytic"
3⤵
PID:2368

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic"
3⤵
PID:1036

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-AppWizCpl/Diagnostic"
3⤵
PID:4080

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic"
3⤵
- Clears Windows event logs
PID:3836

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic"
3⤵
PID:3540

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic"
3⤵
PID:4344

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic"
3⤵
PID:4740

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic"
3⤵
PID:2908

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic"
3⤵
PID:5032

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic"
3⤵
PID:4672

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter"
3⤵
PID:2728

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-Core/ActionCenter"
3⤵
PID:3344

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-Core/AppDefaults"
3⤵
PID:3896

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-Core/Diagnostic"
3⤵
PID:3780

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-Core/LogonTasksChannel"
3⤵
PID:3384

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-Core/Operational"
3⤵
PID:760

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic"
3⤵
PID:820

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-LockScreenContent/Diagnostic"
3⤵
PID:1900

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-OpenWith/Diagnostic"
3⤵
PID:4336

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-Shwebsvc"
3⤵
- Clears Windows event logs
PID:3900

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shell-ZipFolder/Diagnostic"
3⤵
PID:1444

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic"
3⤵
PID:636

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational"
3⤵
PID:3488

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Shsvcs/Diagnostic"
3⤵
PID:3188

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SleepStudy/Diagnostic"
3⤵
PID:4104

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SmartCard-Audit/Authentication"
3⤵
PID:4032

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SmartCard-DeviceEnum/Operational"
3⤵
PID:228

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin"
3⤵
PID:3012

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational"
3⤵
PID:3168

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SmartScreen/Debug"
3⤵
PID:3688

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SmbClient/Audit"
3⤵
PID:4560

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SmbClient/Connectivity"
3⤵
PID:3620

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SmbClient/Diagnostic"
3⤵
- Clears Windows event logs
PID:3436

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SmbClient/Security"
3⤵
PID:2732

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Speech-UserExperience/Diagnostic"
3⤵
PID:5112

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Spell-Checking/Analytic"
3⤵
PID:2080

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SpellChecker/Analytic"
3⤵
PID:3152

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Spellchecking-Host/Analytic"
3⤵
PID:2244

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SruMon/Diagnostic"
3⤵
PID:1856

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SrumTelemetry"
3⤵
PID:2756

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StateRepository/Debug"
3⤵
PID:2860

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StateRepository/Diagnostic"
3⤵
PID:3912

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StateRepository/Operational"
3⤵
PID:4360

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StateRepository/Restricted"
3⤵
PID:4920

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StorDiag/Operational"
3⤵
PID:4776

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StorPort/Operational"
3⤵
PID:1200

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Admin"
3⤵
PID:2488

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Analytic"
3⤵
PID:3920

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Debug"
3⤵
PID:4760

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Diagnose"
3⤵
PID:2088

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Operational"
3⤵
PID:2256

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Admin"
3⤵
PID:5040

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Analytic"
3⤵
PID:4384

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Debug"
3⤵
PID:3616

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Diagnose"
3⤵
PID:744

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Operational"
3⤵
PID:1780

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-Disk/Admin"
3⤵
PID:1368

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-Disk/Analytic"
3⤵
PID:4688

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-Disk/Debug"
3⤵
PID:1096

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-Disk/Diagnose"
3⤵
- Clears Windows event logs
PID:1832

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-Disk/Operational"
3⤵
PID:3380

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-Storport/Admin"
3⤵
PID:2368

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-Storport/Analytic"
3⤵
PID:1036

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-Storport/Debug"
3⤵
PID:4080

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-Storport/Diagnose"
3⤵
PID:3836

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-Storport/Health"
3⤵
PID:3540

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-Storport/Operational"
3⤵
PID:1480

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-Tiering-IoHeat/Heat"
3⤵
PID:4740

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storage-Tiering/Admin"
3⤵
PID:4300

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StorageManagement/Debug"
3⤵
PID:2380

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StorageManagement/Operational"
3⤵
PID:2748

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StorageSettings/Diagnostic"
3⤵
PID:2472

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StorageSpaces-Driver/Diagnostic"
3⤵
PID:2572

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StorageSpaces-Driver/Operational"
3⤵
PID:2028

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StorageSpaces-Driver/Performance"
3⤵
PID:5064

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StorageSpaces-ManagementAgent/WHC"
3⤵
PID:5020

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic"
3⤵
PID:1868

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-StorageSpaces-SpaceManager/Operational"
3⤵
PID:940

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Store/Operational"
3⤵
PID:4580

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Storsvc/Diagnostic"
3⤵
PID:5116

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Subsys-Csr/Operational"
3⤵
PID:4016

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Subsys-SMSS/Operational"
3⤵
PID:1864

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Superfetch/Main"
3⤵
PID:636

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Superfetch/PfApLog"
3⤵
PID:1980

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Superfetch/StoreLog"
3⤵
- Clears Windows event logs
PID:3284

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Sysmon/Operational"
3⤵
PID:3800

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Sysprep/Analytic"
3⤵
PID:444

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-System-Profile-HardwareId/Diagnostic"
3⤵
PID:1776

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SystemSettingsHandlers/Debug"
3⤵
PID:3844

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SystemSettingsThreshold/Debug"
3⤵
PID:2384

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SystemSettingsThreshold/Diagnostic"
3⤵
PID:1816

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-SystemSettingsThreshold/Operational"
3⤵
PID:1960

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TCPIP/Diagnostic"
3⤵
PID:3828

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TCPIP/Operational"
3⤵
PID:4736

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TSF-msctf/Debug"
3⤵
PID:3576

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TSF-msctf/Diagnostic"
3⤵
PID:3880

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TSF-msutb/Debug"
3⤵
PID:3108

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TSF-msutb/Diagnostic"
3⤵
PID:3904

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TTS/Diagnostic"
3⤵
PID:1256

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TWinAPI/Diagnostic"
3⤵
PID:4908

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TWinUI/Diagnostic"
3⤵
PID:4756

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TWinUI/Operational"
3⤵
PID:2272

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TZSync/Analytic"
3⤵
PID:4748

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TZSync/Operational"
3⤵
PID:1232

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TZUtil/Operational"
3⤵
PID:4040

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TaskScheduler/Debug"
3⤵
PID:3136

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TaskScheduler/Diagnostic"
3⤵
PID:4356

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TaskScheduler/Maintenance"
3⤵
PID:3512

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TaskScheduler/Operational"
3⤵
PID:988

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TaskbarCPL/Diagnostic"
3⤵
PID:792

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin"
3⤵
PID:8

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic"
3⤵
PID:1236

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug"
3⤵
PID:3172

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational"
3⤵
PID:4472

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin"
3⤵
PID:2452

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic"
3⤵
PID:2108

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Debug"
3⤵
PID:4092

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"
3⤵
PID:4596

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-MediaRedirection/Analytic"
3⤵
PID:2584

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Admin"
3⤵
PID:4680

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Analytic"
3⤵
PID:1648

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Debug"
3⤵
PID:4340

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Operational"
3⤵
PID:2124

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-Printers/Admin"
3⤵
PID:3508

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-Printers/Analytic"
3⤵
PID:2076

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-Printers/Debug"
3⤵
PID:1672

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-Printers/Operational"
3⤵
PID:2316

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Analytic"
3⤵
PID:3928

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Debug"
3⤵
PID:3804

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Operational"
3⤵
- Clears Windows event logs
PID:4168

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture"
3⤵
PID:2900

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback"
3⤵
PID:4048

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin"
3⤵
PID:2728

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic"
3⤵
PID:2152

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug"
3⤵
PID:3916

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
3⤵
PID:3780

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin"
3⤵
PID:4936

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic"
3⤵
PID:760

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug"
3⤵
PID:3908

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational"
3⤵
PID:868

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Tethering-Manager/Analytic"
3⤵
PID:1460

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Tethering-Station/Analytic"
3⤵
PID:2676

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ThemeCPL/Diagnostic"
3⤵
PID:1952

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-ThemeUI/Diagnostic"
3⤵
PID:1968

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Threat-Intelligence/Analytic"
3⤵
PID:2932

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational"
3⤵
PID:3336

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Time-Service/Operational"
3⤵
PID:2012

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Troubleshooting-Recommended/Admin"
3⤵
PID:1116

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Troubleshooting-Recommended/Operational"
3⤵
PID:228

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-TunnelDriver"
3⤵
PID:3144

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UAC-FileVirtualization/Operational"
3⤵
PID:4488

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UAC/Operational"
3⤵
PID:4476

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UI-Shell/Diagnostic"
3⤵
PID:1816

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UIAnimation/Diagnostic"
3⤵
PID:1960

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Debug"
3⤵
PID:3828

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Diagnostic"
3⤵
PID:4736

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Perf"
3⤵
PID:4976

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UIRibbon/Diagnostic"
3⤵
PID:1348

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-USB-MAUSBHOST-Analytic"
3⤵
PID:4280

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-USB-UCX-Analytic"
3⤵
PID:3556

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-USB-USBHUB/Diagnostic"
3⤵
PID:4516

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-USB-USBHUB3-Analytic"
3⤵
PID:3288

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-USB-USBPORT/Diagnostic"
3⤵
PID:1728

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-USB-USBXHCI-Analytic"
3⤵
PID:4756

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-USB-USBXHCI-Trustlet-Analytic"
3⤵
PID:2272

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UniversalTelemetryClient/Operational"
3⤵
PID:1528

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"
3⤵
PID:452

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-User Control Panel Usage/Diagnostic"
3⤵
PID:640

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-User Control Panel/Diagnostic"
3⤵
PID:3136

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-User Control Panel/Operational"
3⤵
PID:4356

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-User Device Registration/Admin"
3⤵
- Clears Windows event logs
PID:3512

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-User Device Registration/Debug"
3⤵
PID:988

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-User Profile Service/Diagnostic"
3⤵
PID:792

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-User Profile Service/Operational"
3⤵
PID:4952

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-User-Loader/Analytic"
3⤵
PID:2688

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-User-Loader/Operational"
3⤵
PID:5040

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UserAccountControl/Diagnostic"
3⤵
PID:4636

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UserModePowerService/Diagnostic"
3⤵
PID:1680

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UserPnp/ActionCenter"
3⤵
PID:5096

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UserPnp/DeviceInstall"
3⤵
PID:4092

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UserPnp/DeviceMetadata/Debug"
3⤵
PID:4632

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UserPnp/Performance"
3⤵
PID:796

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UserPnp/SchedulerOperations"
3⤵
PID:4388

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UxInit/Diagnostic"
3⤵
PID:3768

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-UxTheme/Diagnostic"
3⤵
PID:3876

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-VAN/Diagnostic"
3⤵
PID:1036

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-VDRVROOT/Operational"
3⤵
- Clears Windows event logs
PID:4080

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-VHDMP-Analytic"
3⤵
PID:3836

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-VHDMP-Operational"
3⤵
PID:3540

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-VIRTDISK-Analytic"
3⤵
PID:3616

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-VPN-Client/Operational"
3⤵
PID:3928

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-VPN/Operational"
3⤵
- Clears Windows event logs
PID:3804

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-VWiFi/Diagnostic"
3⤵
PID:4168

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-VerifyHardwareSecurity/Admin"
3⤵
PID:2900

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-VerifyHardwareSecurity/Operational"
3⤵
PID:4672

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-Volume/Diagnostic"
3⤵
PID:2472

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-VolumeControl/Performance"
3⤵
PID:2572

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-VolumeSnapshot-Driver/Analytic"
3⤵
PID:2028

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-VolumeSnapshot-Driver/Operational"
3⤵
PID:5056

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WABSyncProvider/Analytic"
3⤵
PID:3384

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WCN-Config-Registrar/Diagnostic"
3⤵
PID:1868

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WCNWiz/Analytic"
3⤵
- Clears Windows event logs
PID:820

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WEPHOSTSVC/Operational"
3⤵
PID:3224

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WER-PayloadHealth/Operational"
3⤵
PID:4024

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WFP/Analytic"
3⤵
PID:4016

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WFP/Operational"
3⤵
PID:1952

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WLAN-AutoConfig/Operational"
3⤵
PID:4708

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WLAN-Autoconfig/Diagnostic"
3⤵
PID:2932

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WLAN-Driver/Analytic"
3⤵
PID:3800

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WLAN-MediaManager/Diagnostic"
3⤵
PID:3048

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WLANConnectionFlow/Diagnostic"
3⤵
PID:3012

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WMI-Activity/Debug"
3⤵
PID:3844

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WMI-Activity/Operational"
3⤵
PID:4456

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WMI-Activity/Trace"
3⤵
PID:4720

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WMPDMCUI/Diagnostic"
3⤵
- Clears Windows event logs
PID:1212

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic"
3⤵
PID:536

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WMPNSS-Service/Diagnostic"
3⤵
PID:4444

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WMPNSS-Service/Operational"
3⤵
PID:4576

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WMPNSSUI/Diagnostic"
3⤵
PID:2732

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WPD-API/Analytic"
3⤵
PID:5112

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WPD-ClassInstaller/Analytic"
3⤵
- Clears Windows event logs
PID:3880

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WPD-ClassInstaller/Operational"
3⤵
PID:3196

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WPD-CompositeClassDriver/Analytic"
3⤵
PID:2244

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WPD-CompositeClassDriver/Operational"
3⤵
PID:1856

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WPD-MTPBT/Analytic"
3⤵
PID:4140

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WPD-MTPClassDriver/Analytic"
3⤵
PID:1728

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WPD-MTPClassDriver/Operational"
3⤵
PID:4756

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WPD-MTPIP/Analytic"
3⤵
PID:3428

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WPD-MTPUS/Analytic"
3⤵
- Clears Windows event logs
PID:2876

C:\Windows\system32\wevtutil.exe
wevtutil.exe cl "Microsoft-Windows-WSC-SRV/Diagnostic"
3⤵
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3484 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:4192

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

1

T1070

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\E213.tmp\E214.tmp\E215.bat
Filesize
679B

MD5
064bb52705e97caeee4dcbb5c72c1413

SHA1
13107d14185397ad662c08dda51a0ebe7583fbe8

SHA256
a8ef3b7eaef87d32ea17f27c2f9ad0eb46d394fc6f381972657dbae63d0bbb26

SHA512
af599892866fd6bfbe067ee1b2f15e9d201401adedf9db624d0f31d7181754a03cb4ea0fa1fb666598cdb601f212ee79a1c4b437d7e9a25dba901c8c481dc095

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads