Analysis
-
max time kernel
142s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 01:34
Static task
static1
Behavioral task
behavioral1
Sample
a361b7e10179d8435358d4e86c2c9b1e_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a361b7e10179d8435358d4e86c2c9b1e_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
a361b7e10179d8435358d4e86c2c9b1e_JaffaCakes118.exe
-
Size
140KB
-
MD5
a361b7e10179d8435358d4e86c2c9b1e
-
SHA1
0ef2d832563e363fad93939d1d837949f39fc01a
-
SHA256
401b422c2092a7da349a2155338ea206848f3ba1635c2e39fafdaa43bf1f2e9d
-
SHA512
e11b230e56257b84780b281d18809446b93ab1b39a5744f105706af12774fe8bc5eadf36fd102a7607a593f1582bd29af464b006622c610ec1a8c13f7dee8bc7
-
SSDEEP
1536:SgyJWH4azSaXtJ+WVkADPQHQBK8JEOROwHX9/RE:SgWWB+gkArQHO1Oc/S
Malware Config
Signatures
-
Clears Windows event logs 1 TTPs 64 IoCs
Processes:
wevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exepid process 4676 wevtutil.exe 2356 wevtutil.exe 2044 wevtutil.exe 4144 wevtutil.exe 2916 wevtutil.exe 1640 wevtutil.exe 2484 wevtutil.exe 5052 wevtutil.exe 4432 wevtutil.exe 324 wevtutil.exe 4432 wevtutil.exe 3620 wevtutil.exe 3044 wevtutil.exe 2932 wevtutil.exe 1548 wevtutil.exe 1804 wevtutil.exe 4368 wevtutil.exe 3396 wevtutil.exe 4140 wevtutil.exe 1096 wevtutil.exe 3440 4432 wevtutil.exe 4492 wevtutil.exe 1120 wevtutil.exe 3972 wevtutil.exe 1072 wevtutil.exe 2368 wevtutil.exe 2432 wevtutil.exe 3836 wevtutil.exe 3440 wevtutil.exe 1536 wevtutil.exe 4828 wevtutil.exe 5012 wevtutil.exe 4864 wevtutil.exe 452 wevtutil.exe 1992 wevtutil.exe 1820 wevtutil.exe 4528 wevtutil.exe 2916 wevtutil.exe 916 wevtutil.exe 2908 wevtutil.exe 4856 wevtutil.exe 4972 wevtutil.exe 4748 wevtutil.exe 3020 wevtutil.exe 664 wevtutil.exe 4020 wevtutil.exe 2248 wevtutil.exe 4924 wevtutil.exe 3224 776 wevtutil.exe 4328 wevtutil.exe 1048 wevtutil.exe 4908 wevtutil.exe 3644 wevtutil.exe 4120 wevtutil.exe 3848 wevtutil.exe 2876 wevtutil.exe 4896 wevtutil.exe 4576 wevtutil.exe 2440 wevtutil.exe 2412 wevtutil.exe 324 wevtutil.exe 4288 -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
wevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exedescription pid process Token: SeSecurityPrivilege 2964 wevtutil.exe Token: SeBackupPrivilege 2964 wevtutil.exe Token: SeSecurityPrivilege 4688 wevtutil.exe Token: SeBackupPrivilege 4688 wevtutil.exe Token: SeSecurityPrivilege 1096 wevtutil.exe Token: SeBackupPrivilege 1096 wevtutil.exe Token: SeSecurityPrivilege 4288 wevtutil.exe Token: SeBackupPrivilege 4288 wevtutil.exe Token: SeSecurityPrivilege 3976 wevtutil.exe Token: SeBackupPrivilege 3976 wevtutil.exe Token: SeSecurityPrivilege 4348 wevtutil.exe Token: SeBackupPrivilege 4348 wevtutil.exe Token: SeSecurityPrivilege 2356 wevtutil.exe Token: SeBackupPrivilege 2356 wevtutil.exe Token: SeSecurityPrivilege 1176 wevtutil.exe Token: SeBackupPrivilege 1176 wevtutil.exe Token: SeSecurityPrivilege 944 wevtutil.exe Token: SeBackupPrivilege 944 wevtutil.exe Token: SeSecurityPrivilege 1052 wevtutil.exe Token: SeBackupPrivilege 1052 wevtutil.exe Token: SeSecurityPrivilege 2912 wevtutil.exe Token: SeBackupPrivilege 2912 wevtutil.exe Token: SeSecurityPrivilege 4896 wevtutil.exe Token: SeBackupPrivilege 4896 wevtutil.exe Token: SeSecurityPrivilege 3260 wevtutil.exe Token: SeBackupPrivilege 3260 wevtutil.exe Token: SeSecurityPrivilege 1676 wevtutil.exe Token: SeBackupPrivilege 1676 wevtutil.exe Token: SeSecurityPrivilege 1412 wevtutil.exe Token: SeBackupPrivilege 1412 wevtutil.exe Token: SeSecurityPrivilege 4356 wevtutil.exe Token: SeBackupPrivilege 4356 wevtutil.exe Token: SeSecurityPrivilege 4112 wevtutil.exe Token: SeBackupPrivilege 4112 wevtutil.exe Token: SeSecurityPrivilege 4828 wevtutil.exe Token: SeBackupPrivilege 4828 wevtutil.exe Token: SeSecurityPrivilege 452 wevtutil.exe Token: SeBackupPrivilege 452 wevtutil.exe Token: SeSecurityPrivilege 1344 wevtutil.exe Token: SeBackupPrivilege 1344 wevtutil.exe Token: SeSecurityPrivilege 3612 wevtutil.exe Token: SeBackupPrivilege 3612 wevtutil.exe Token: SeSecurityPrivilege 1444 wevtutil.exe Token: SeBackupPrivilege 1444 wevtutil.exe Token: SeSecurityPrivilege 4576 wevtutil.exe Token: SeBackupPrivilege 4576 wevtutil.exe Token: SeSecurityPrivilege 2052 wevtutil.exe Token: SeBackupPrivilege 2052 wevtutil.exe Token: SeSecurityPrivilege 2180 wevtutil.exe Token: SeBackupPrivilege 2180 wevtutil.exe Token: SeSecurityPrivilege 1680 wevtutil.exe Token: SeBackupPrivilege 1680 wevtutil.exe Token: SeSecurityPrivilege 4340 wevtutil.exe Token: SeBackupPrivilege 4340 wevtutil.exe Token: SeSecurityPrivilege 736 wevtutil.exe Token: SeBackupPrivilege 736 wevtutil.exe Token: SeSecurityPrivilege 4820 wevtutil.exe Token: SeBackupPrivilege 4820 wevtutil.exe Token: SeSecurityPrivilege 2288 wevtutil.exe Token: SeBackupPrivilege 2288 wevtutil.exe Token: SeSecurityPrivilege 1988 wevtutil.exe Token: SeBackupPrivilege 1988 wevtutil.exe Token: SeSecurityPrivilege 2644 wevtutil.exe Token: SeBackupPrivilege 2644 wevtutil.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
a361b7e10179d8435358d4e86c2c9b1e_JaffaCakes118.execmd.execmd.execmd.exedescription pid process target process PID 228 wrote to memory of 568 228 a361b7e10179d8435358d4e86c2c9b1e_JaffaCakes118.exe cmd.exe PID 228 wrote to memory of 568 228 a361b7e10179d8435358d4e86c2c9b1e_JaffaCakes118.exe cmd.exe PID 568 wrote to memory of 3284 568 cmd.exe cmd.exe PID 568 wrote to memory of 3284 568 cmd.exe cmd.exe PID 3284 wrote to memory of 224 3284 cmd.exe bcdedit.exe PID 3284 wrote to memory of 224 3284 cmd.exe bcdedit.exe PID 568 wrote to memory of 4856 568 cmd.exe cmd.exe PID 568 wrote to memory of 4856 568 cmd.exe cmd.exe PID 4856 wrote to memory of 2964 4856 cmd.exe wevtutil.exe PID 4856 wrote to memory of 2964 4856 cmd.exe wevtutil.exe PID 568 wrote to memory of 4688 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4688 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1096 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1096 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4288 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4288 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 3976 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 3976 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4348 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4348 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 2356 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 2356 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1176 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1176 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 944 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 944 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1052 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1052 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 2912 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 2912 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4896 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4896 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 3260 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 3260 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1676 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1676 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1412 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1412 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4356 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4356 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4112 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4112 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4828 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4828 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 452 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 452 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1344 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1344 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 3612 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 3612 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1444 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1444 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4576 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4576 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 2052 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 2052 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 2180 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 2180 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1680 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 1680 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4340 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 4340 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 736 568 cmd.exe wevtutil.exe PID 568 wrote to memory of 736 568 cmd.exe wevtutil.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a361b7e10179d8435358d4e86c2c9b1e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a361b7e10179d8435358d4e86c2c9b1e_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\E0CB.tmp\Windows Clean.bat" "C:\Users\Admin\AppData\Local\Temp\a361b7e10179d8435358d4e86c2c9b1e_JaffaCakes118.exe""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c bcdedit3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\bcdedit.exebcdedit4⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wevtutil.exe el3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\wevtutil.exewevtutil.exe el4⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "AMSI/Debug"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "AirSpaceChannel"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Analytic"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Application"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "DirectShowFilterGraph"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "DirectShowPluginControl"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Els_Hyphenation/Analytic"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "EndpointMapper"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "FirstUXPerf-Analytic"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "ForwardedEvents"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "General Logging"3⤵
- Clears Windows event logs
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "HardwareEvents"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "IHM_DebugChannel"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS-GPIO/Analytic"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS-I2C/Analytic"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS2-GPIO2/Debug"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS2-GPIO2/Performance"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS2-I2C/Debug"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS2-I2C/Performance"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Internet Explorer"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Key Management Service"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MF_MediaFoundationDeviceMFT"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MF_MediaFoundationDeviceProxy"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MF_MediaFoundationFrameServer"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MedaFoundationVideoProc"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MedaFoundationVideoProcD3D"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationAsyncWrapper"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationContentProtection"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationDS"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationDeviceProxy"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationMP4"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationMediaEngine"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationPerformance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationPerformanceCore"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationPipeline"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationPlatform"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationSrcPrefetch"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client-Streamingux/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client/Virtual Applications"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-SharedPerformance/Analytic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Client-Licensing-Platform/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Client-Licensing-Platform/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Client-Licensing-Platform/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-IE/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-IEFRAME/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-JSDumpHeap/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-OneCore-Setup/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-PerfTrack-IEFRAME/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-PerfTrack-MSHTML/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-Admin/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-Agent Driver/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-Agent Driver/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-App Agent/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-App Agent/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-App Agent/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-IPC/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AAD/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AAD/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ADSI/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ASN1/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ATAPort/General"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ATAPort/SATA-LPM"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ActionQueue/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-All-User-Install-Agent/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AllJoyn/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AllJoyn/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppHost/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppHost/ApplicationTracing"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppHost/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppHost/Internal"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppID/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/EXE and DLL"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/MSI and Script"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/Packaged app-Deployment"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/Packaged app-Execution"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Diagnostics"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-State/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-State/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppReadiness/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppReadiness/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppReadiness/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppSruProv"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeployment/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeployment/Operational"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Restricted"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ApplicabilityEngine/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ApplicabilityEngine/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Inventory"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Telemetry"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Steps-Recorder"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppxPackaging/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppxPackaging/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppxPackaging/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AssignedAccess/Admin"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AssignedAccess/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AssignedAccessBroker/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AssignedAccessBroker/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AsynchronousCausality/Causality"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/CaptureMonitor"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/GlitchDetection"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/Informational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/PlaybackManager"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audit/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication User Interface/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication/ProtectedUser-Client"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AxInstallService/Log"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BTH-BTHPORT/HCI"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BTH-BTHPORT/L2CAP"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BTH-BTHUSB/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BTH-BTHUSB/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BackgroundTaskInfrastructure/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Backup"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Base-Filtering-Engine-Connections/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Battery/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Biometrics/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Biometrics/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Admin"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker-Driver-Performance/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker/BitLocker Management"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker/BitLocker Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker/Tracing"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bits-Client/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bits-Client/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bluetooth-Bthmini/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bluetooth-MTPEnum/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bluetooth-Policy/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCache/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheEventProvider/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheMonitoring/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CAPI2/Catalog Database Debug"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CAPI2/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CDROM/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/ApartmentInitialize"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/ApartmentUninitialize"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/Call"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/CreateInstance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/ExtensionCatalog"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/FreeUnusedLibrary"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/RundownInstrumentation"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COMRuntime/Activations"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COMRuntime/MessageProcessing"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COMRuntime/Tracing"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertPoleEng/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Cleanmgr/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ClearTypeTextTuner/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CloudStore/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CloudStore/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CmiSetup/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Operational"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Verbose"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ComDlg32/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ComDlg32/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Compat-Appraiser/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Compat-Appraiser/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-BindFlt/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-BindFlt/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-Wcifs/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-Wcifs/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-Wcnfs/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-Wcnfs/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreApplication/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreApplication/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreApplication/Tracing"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreWindow/Analytic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreWindow/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Client/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Server/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crashdump/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CredUI/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-BCRYPT/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-CNG/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-DPAPI/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-DPAPI/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-DSSEnh/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-NCrypt/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-RNG/Analytic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-RSAEnh/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-D3D10Level9/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-D3D10Level9/PerfTiming"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DAL-Provider/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DAL-Provider/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DAMM/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DCLocator/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DDisplay/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DDisplay/Logging"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DLNA-Namespace/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DNS-Client/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DSC/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DSC/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DSC/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DSC/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DUI/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DUSER/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXGI/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXGI/Logging"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXP/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Data-Pdf/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DataIntegrityScan/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DataIntegrityScan/CrashRecovery"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deduplication/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deduplication/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deduplication/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deduplication/Scrubbing"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Defrag-Core/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deplorch/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DesktopActivityModerator/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceAssociationService/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceConfidence/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceGuard/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceGuard/Verbose"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSync/Analytic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSync/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceUpdateAgent/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceUx/Informational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceUx/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Devices-Background/Operational"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiagCpl/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-MSDE/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Perfhost/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scheduled/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-WDC/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-WDI/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D10/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D10_1/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/Logging"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/PerfTiming"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D12/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D12/Logging"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D12/PerfTiming"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D9/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3DShaderCache/Default"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectComposition/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectManipulation/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectShow-KernelSupport/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectSound/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Disk/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnostic/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnosticDataCollector/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnosticResolver/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dism-Api/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dism-Api/ExternalAnalytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dism-Api/InternalAnalytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dism-Cli/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplaySwitch/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Documents/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dot3MM/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DriverFrameworks-UserMode/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DucUpdateAgent/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-API/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-Core/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-Dwm/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-Redir/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-Udwm/Diagnostic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl-Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl-Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Contention"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Power"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxpTaskSyncProvider/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EDP-Application-Learning/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EDP-Audit-Regular/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EDP-Audit-TCB/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EFS/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ESE/IODiagnose"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ESE/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapMethods-RasChap/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapMethods-RasTls/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapMethods-Sim/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapMethods-Ttls/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EaseOfAccess/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Energy-Estimation-Engine/EventLog"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Energy-Estimation-Engine/Trace"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventCollector/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventCollector/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog-WMIProvider/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog/Analytic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FailoverClustering-Client/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Fault-Tolerant-Heap/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FeatureConfiguration/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FeatureConfiguration/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Catalog/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Catalog/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-ConfigManager/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-ConfigManager/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Core/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Core/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Core/WHC"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Engine/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Engine/BackupLog"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Engine/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-EventListener/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-EventListener/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Service/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Service/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-UI-Events/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-UI-Events/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileInfoMinifilter/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Firewall-CPL/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Folder Redirection/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Forwarding/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Forwarding/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-GPIO-ClassExtension/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-GenericRoaming/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-GroupPolicy/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HAL/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenter/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenter/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenterCPL/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HelloForBusiness/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Help/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Listener Service/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup-ListenerService"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HotspotAuth/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HotspotAuth/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HttpService/Log"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HttpService/Trace"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Hypervisor-Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Hypervisor-Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Hypervisor-Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-NETVSC/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-VID-Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-VID-Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IE-SmartScreen"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IKE/Operational"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IKEDBG/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-Broker/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-CandidateUI/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-CustomerFeedbackManager/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPAPI/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPLMP/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPPRED/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPSetting/Analytic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPTIP/Analytic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-KRAPI/Analytic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-KRTIP/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-OEDCompiler/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-TCCORE/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-TCTIP/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-TIP/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPNAT/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPSEC-SRV/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPxlatCfg/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPxlatCfg/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IdCtrls/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IdCtrls/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Input-HIDCLASS-Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-InputSwitch/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-International-RegionalOptionsControlPanel/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Trace"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-KdsSvc/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kerberos/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Acpi/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-AppCompat/General"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-AppCompat/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ApphelpCache/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ApphelpCache/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ApphelpCache/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Boot/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Boot/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Disk/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-File/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-IO/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-IoTrace/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-LiveDump/Analytic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-LiveDump/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Memory/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Network/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Pdc/Diagnostic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Pep/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Configuration"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Prefetch/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Process/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Processor-Power/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Registry/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Registry/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ShimEngine/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ShimEngine/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ShimEngine/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Errors"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-XDV/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-KeyboardFilter/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-KeyboardFilter/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-KeyboardFilter/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Known Folders API Service"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-L2NA/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LDAP-Client/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LSA/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LSA/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LSA/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LUA-ConsentUI/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LimitsManagement/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LiveId/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LiveId/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-CLNT/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-DRV/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-SRV/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSFTEDIT/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Media-Streaming/DMC"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Media-Streaming/DMR"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Media-Streaming/MDE"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/Transform"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-Performance/SARStreamResource"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-PlayAPI/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MemoryDiagnostics-Results/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Minstore/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Minstore/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MobilityCenter/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mprddm/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NCSI/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NCSI/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDF-HelperClassDiscovery/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS-PacketCapture/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NTLM/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NWiFi/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Narrator/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ncasvc/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NcdAutoSetup/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NcdAutoSetup/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NdisImPlatform/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ndu/Diagnostic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetShell/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Network-Connection-Broker"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Network-DataUsage/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Network-Setup/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Network-and-Sharing-Center/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkBridge/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkLocationWizard/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProfile/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProfile/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProvider/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProvisioning/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProvisioning/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkSecurity/Debug"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkStatus/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Networking-Correlation/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Networking-RealTimeCommunication/Tracing"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NlaSvc/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NlaSvc/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ntfs/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ntfs/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ntfs/WHC"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OLE/Clipboard-Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OLEACC/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OLEACC/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-Machine-Core/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-Machine-DUI/Diagnostic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-Machine-DUI/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OcpUpdateAgent/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/SyncLog"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OneBackup/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OneX/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OneX/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OobeLdr/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OtpCredentialProvider/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PCI/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PackageStateRoaming/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PackageStateRoaming/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PackageStateRoaming/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ParentalControls/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Partition/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Partition/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PerceptionRuntime/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PerceptionSensorDataService/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-Nvdimm/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-Nvdimm/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-PmemDisk/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-PmemDisk/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Analytic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Certification"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Diagnose"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PhotoAcq/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PlayToManager/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Policy/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Policy/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PortableDeviceStatusProvider/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PortableDeviceSyncProvider/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Power-Meter-Polling/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerCfg/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerCpl/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Operational"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrimaryNetworkIcon/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintBRM/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService-USBMon/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Privacy-Auditing/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ProcessStateManager/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Program-Compatibility-Assistant/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Proximity-Common/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Proximity-Common/Informational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Proximity-Common/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-Developer/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-InProc/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-Platform/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-Platform/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-Platform/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-QoS-Pacer/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-QoS-qWAVE/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC-Proxy/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC/EEInfo"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RRAS/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RRAS/Operational"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RadioManager/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RasAgileVpn/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RasAgileVpn/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReFS/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoost/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoost/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Regsvr32/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Tracing"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Remotefs-Rdbss/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Remotefs-Rdbss/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ResetEng-Trace/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Detector/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ResourcePublication/Tracing"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RestartManager/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RetailDemo/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RetailDemo/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Graphics/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Networking/Tracing"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Web-Http/Tracing"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-WebAPI/Tracing"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime/CreateInstance"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime/Error"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBClient/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBClient/HelperClassDiagnostic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBClient/ObjectStateDiagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBClient/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBDirect/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBDirect/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBDirect/Netmon"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Audit"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Connectivity"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Security"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBWitnessClient/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBWitnessClient/Informational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SPB-ClassExtension/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SPB-HIDI2C/Analytic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Schannel-Events/Perf"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sdbus/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sdbus/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sdstor/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Search-Core/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Search-ProtocolHandlers/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SearchUI/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SearchUI/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SecureAssessment/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Adminless/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-IdentityListener/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-IdentityStore/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Mitigations/KernelMode"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Mitigations/UserMode"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Netlogon/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP-UX-GC/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP-UX/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP/Perf"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-UserConsentVerifier/Audit"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Vault/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SecurityMitigationsBroker/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SecurityMitigationsBroker/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SecurityMitigationsBroker/Perf"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SendTo/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sens/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sensors/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sensors/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Serial-ClassExtension-V2/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Serial-ClassExtension/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ServiceReportingApi/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Services-Svchost/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Services/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Servicing/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-Azure/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-Azure/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-OneDrive/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-OneDrive/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-OneDrive/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync/VerboseDebug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Setup/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupCl/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupPlatform/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupQueue/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupUGC/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AppWizCpl/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/ActionCenter"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/AppDefaults"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/LogonTasksChannel"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-LockScreenContent/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-OpenWith/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Shwebsvc"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-ZipFolder/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shsvcs/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SleepStudy/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartCard-Audit/Authentication"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartCard-DeviceEnum/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartScreen/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmbClient/Audit"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmbClient/Connectivity"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmbClient/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmbClient/Security"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Speech-UserExperience/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Spell-Checking/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SpellChecker/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Spellchecking-Host/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SruMon/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SrumTelemetry"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StateRepository/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StateRepository/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StateRepository/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StateRepository/Restricted"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorDiag/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorPort/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Debug"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Diagnose"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Diagnose"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Diagnose"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Diagnose"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Health"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Tiering-IoHeat/Heat"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Tiering/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageManagement/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageManagement/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSettings/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-Driver/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-Driver/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-Driver/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-ManagementAgent/WHC"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-SpaceManager/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Store/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storsvc/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Subsys-Csr/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Subsys-SMSS/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Superfetch/Main"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Superfetch/PfApLog"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Superfetch/StoreLog"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sysmon/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sysprep/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-System-Profile-HardwareId/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SystemSettingsHandlers/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SystemSettingsThreshold/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SystemSettingsThreshold/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SystemSettingsThreshold/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TCPIP/Diagnostic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TCPIP/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msctf/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msctf/Diagnostic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msutb/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msutb/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TTS/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TWinAPI/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TWinUI/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TWinUI/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TZSync/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TZSync/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TZUtil/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Maintenance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskbarCPL/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-MediaRedirection/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-Printers/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-Printers/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-Printers/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-Printers/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Tethering-Manager/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Tethering-Station/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ThemeCPL/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ThemeUI/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Threat-Intelligence/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Time-Service/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Troubleshooting-Recommended/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Troubleshooting-Recommended/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TunnelDriver"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UAC-FileVirtualization/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UAC/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UI-Shell/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAnimation/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Perf"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIRibbon/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-MAUSBHOST-Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-UCX-Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-USBHUB/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-USBHUB3-Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-USBPORT/Diagnostic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-USBXHCI-Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-USBXHCI-Trustlet-Analytic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UniversalTelemetryClient/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Control Panel Usage/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Control Panel/Diagnostic"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Control Panel/Operational"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Device Registration/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Device Registration/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Profile Service/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Profile Service/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User-Loader/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User-Loader/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserAccountControl/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserModePowerService/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/ActionCenter"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/DeviceInstall"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/DeviceMetadata/Debug"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/SchedulerOperations"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UxInit/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UxTheme/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VAN/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VDRVROOT/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VHDMP-Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VHDMP-Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VIRTDISK-Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VPN-Client/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VPN/Operational"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VWiFi/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VerifyHardwareSecurity/Admin"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VerifyHardwareSecurity/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Volume/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VolumeControl/Performance"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VolumeSnapshot-Driver/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VolumeSnapshot-Driver/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WABSyncProvider/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WCN-Config-Registrar/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WCNWiz/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WEPHOSTSVC/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WER-PayloadHealth/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WFP/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WFP/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLAN-AutoConfig/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLAN-Autoconfig/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLAN-Driver/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLAN-MediaManager/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLANConnectionFlow/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMI-Activity/Debug"3⤵
- Clears Windows event logs
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMI-Activity/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMI-Activity/Trace"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPDMCUI/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPNSS-Service/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPNSS-Service/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPNSSUI/Diagnostic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-API/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-ClassInstaller/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-ClassInstaller/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-CompositeClassDriver/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-CompositeClassDriver/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-MTPBT/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-MTPClassDriver/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-MTPClassDriver/Operational"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-MTPIP/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-MTPUS/Analytic"3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WSC-SRV/Diagnostic"3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4124 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\E0CB.tmp\Windows Clean.batFilesize
298B
MD505e967bb04e22c4502f2af6da1dd0f6b
SHA16fd5f3feb362f2121ff9962ce7d5e4d1f792776e
SHA2561a3bb957afbc640a26d84dad34101ad500c6001c73b08f36588a49bd8af00106
SHA512eef82b677c43e143a9b326468db59ca920714f5f509c4f48f9b0f38009441a369d3d975b7e0df5b4bbf5b534e084fc83dbbe5101821d5572d6baefd174d8f3a3