Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10FN-TOOLZ-m...AN.bat
windows10-2004-x64
10Tournament...ew.exe
windows10-2004-x64
6Tournament...al.dll
windows10-2004-x64
1Tournament...UI.dll
windows10-2004-x64
1Tournament...cl.exe
windows10-2004-x64
1Tournament...uz.exe
windows10-2004-x64
9Tournament...dc.exe
windows10-2004-x64
1Tournament...ft.exe
windows10-2004-x64
1Tournament...64.exe
windows10-2004-x64
1Tournament...32.exe
windows10-2004-x64
1Tournament...64.exe
windows10-2004-x64
4Tournament...fg.exe
windows10-2004-x64
3Tournament...sg.exe
windows10-2004-x64
3Tournament...sr.exe
windows10-2004-x64
10Tournament...wg.exe
windows10-2004-x64
1Tournament...sm.dll
windows10-2004-x64
1Tournament...xy.dll
windows10-2004-x64
7Tournament...ry.dll
windows10-2004-x64
1Tournament...ll.dll
windows10-2004-x64
1Tournament...pi.dll
windows10-2004-x64
1Tournament...32.dll
windows10-2004-x64
1Tournament...da.dll
windows10-2004-x64
1Tournament...ve.dll
windows10-2004-x64
1Tournament...70.dll
windows10-2004-x64
1Tournament...rl.exe
windows10-2004-x64
3Tournament...64.exe
windows10-2004-x64
3Tournament...cs.exe
windows10-2004-x64
8Tournament...64.exe
windows10-2004-x64
10Tournament...tm.exe
windows10-2004-x64
3Tournament...mc.exe
windows10-2004-x64
1FN-TOOLZ-m...er.exe
windows10-2004-x64
9FN-TOOLZ-m...er.bat
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
276s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/06/2024, 20:50
Behavioral task
behavioral1
Sample
FN-TOOLZ-main/FNCLEAN.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Tournament_Fixer/AdditionalRuntimes/DevManView.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Tournament_Fixer/AdditionalRuntimes/MCCSPal.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Tournament_Fixer/AdditionalRuntimes/MaintenanceUI.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Tournament_Fixer/AdditionalRuntimes/ccl.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral6
Sample
Tournament_Fixer/AdditionalRuntimes/cpuz.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Tournament_Fixer/AdditionalRuntimes/ddc.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
Tournament_Fixer/AdditionalRuntimes/hssft.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
Tournament_Fixer/AdditionalRuntimes/hwbd64.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
Tournament_Fixer/AdditionalRuntimes/hwinfo32.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
Tournament_Fixer/AdditionalRuntimes/hwinfo64.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral12
Sample
Tournament_Fixer/AdditionalRuntimes/jfg.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Tournament_Fixer/AdditionalRuntimes/jsg.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral14
Sample
Tournament_Fixer/AdditionalRuntimes/jsr.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
Tournament_Fixer/AdditionalRuntimes/kwg.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral16
Sample
Tournament_Fixer/AdditionalRuntimes/lsm.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Tournament_Fixer/AdditionalRuntimes/lsmproxy.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
Tournament_Fixer/AdditionalRuntimes/lstelemetry.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
Tournament_Fixer/AdditionalRuntimes/luainstall.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
Tournament_Fixer/AdditionalRuntimes/luiapi.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
Tournament_Fixer/AdditionalRuntimes/lz32.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral22
Sample
Tournament_Fixer/AdditionalRuntimes/mcicda.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
Tournament_Fixer/AdditionalRuntimes/mciwave.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral24
Sample
Tournament_Fixer/AdditionalRuntimes/mfc70.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
Tournament_Fixer/AdditionalRuntimes/nvrl.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral26
Sample
Tournament_Fixer/AdditionalRuntimes/nvrl64.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
Tournament_Fixer/AdditionalRuntimes/tcs.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral28
Sample
Tournament_Fixer/AdditionalRuntimes/tcs64.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
Tournament_Fixer/AdditionalRuntimes/tm.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral30
Sample
Tournament_Fixer/AdditionalRuntimes/wmc.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
FN-TOOLZ-main/applecleaner.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral32
Sample
FN-TOOLZ-main/serial_checker.bat
Resource
win10v2004-20240508-en
General
-
Target
Tournament_Fixer/AdditionalRuntimes/cpuz.exe
-
Size
123KB
-
MD5
5cbe7fa18a9c76355f8c3afe39d139f9
-
SHA1
b05ff205f78d1964dc69bd864f2db102a7eaa2e1
-
SHA256
2dad660c8023ade75b0d80b2650120467c354a3e3bfb06d64c48b5c4c496b69e
-
SHA512
72d9292a2b2a1d2938b97a7e538960e131609f7d738e66a78601627592c8836800dae9f889eb20fc4a75fb4aabd29e22b00eed1071a3645d3821b068fe986b8c
-
SSDEEP
3072:+/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFSmd:ltzsb5Uh28+V1WW69B9VjMdxPedN9ug+
Malware Config
Signatures
-
Clears Windows event logs 1 TTPs 64 IoCs
pid Process 1888 wevtutil.exe 4936 wevtutil.exe 4756 wevtutil.exe 3440 wevtutil.exe 4500 wevtutil.exe 3244 Process not Found 1600 wevtutil.exe 4832 wevtutil.exe 2892 wevtutil.exe 1292 wevtutil.exe 1416 wevtutil.exe 1896 wevtutil.exe 1972 wevtutil.exe 4480 wevtutil.exe 5016 wevtutil.exe 3944 wevtutil.exe 4088 wevtutil.exe 4396 wevtutil.exe 2140 wevtutil.exe 4932 wevtutil.exe 2208 wevtutil.exe 3416 wevtutil.exe 1660 Process not Found 4336 wevtutil.exe 1292 wevtutil.exe 2092 wevtutil.exe 4684 Process not Found 3956 wevtutil.exe 4468 wevtutil.exe 1308 wevtutil.exe 5104 wevtutil.exe 1404 wevtutil.exe 2092 wevtutil.exe 336 wevtutil.exe 3620 Process not Found 4216 wevtutil.exe 4280 wevtutil.exe 1376 wevtutil.exe 2280 wevtutil.exe 4640 wevtutil.exe 5008 wevtutil.exe 1080 wevtutil.exe 1904 wevtutil.exe 1368 wevtutil.exe 1608 Process not Found 5008 wevtutil.exe 4528 wevtutil.exe 4280 wevtutil.exe 4932 wevtutil.exe 884 wevtutil.exe 4016 wevtutil.exe 3724 wevtutil.exe 4740 wevtutil.exe 2208 wevtutil.exe 2624 wevtutil.exe 4944 wevtutil.exe 3928 wevtutil.exe 436 wevtutil.exe 4352 wevtutil.exe 3108 wevtutil.exe 1600 wevtutil.exe 3388 wevtutil.exe 4508 Process not Found 4668 wevtutil.exe -
Power Settings 1 TTPs 1 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
pid Process 4520 wevtutil.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeSecurityPrivilege 5052 wevtutil.exe Token: SeBackupPrivilege 5052 wevtutil.exe Token: SeSecurityPrivilege 4964 wevtutil.exe Token: SeBackupPrivilege 4964 wevtutil.exe Token: SeSecurityPrivilege 1700 wevtutil.exe Token: SeBackupPrivilege 1700 wevtutil.exe Token: SeSecurityPrivilege 2212 wevtutil.exe Token: SeBackupPrivilege 2212 wevtutil.exe Token: SeSecurityPrivilege 2152 wevtutil.exe Token: SeBackupPrivilege 2152 wevtutil.exe Token: SeSecurityPrivilege 1180 wevtutil.exe Token: SeBackupPrivilege 1180 wevtutil.exe Token: SeSecurityPrivilege 2696 wevtutil.exe Token: SeBackupPrivilege 2696 wevtutil.exe Token: SeSecurityPrivilege 348 wevtutil.exe Token: SeBackupPrivilege 348 wevtutil.exe Token: SeSecurityPrivilege 4488 wevtutil.exe Token: SeBackupPrivilege 4488 wevtutil.exe Token: SeSecurityPrivilege 1268 wevtutil.exe Token: SeBackupPrivilege 1268 wevtutil.exe Token: SeSecurityPrivilege 4768 wevtutil.exe Token: SeBackupPrivilege 4768 wevtutil.exe Token: SeSecurityPrivilege 1848 wevtutil.exe Token: SeBackupPrivilege 1848 wevtutil.exe Token: SeSecurityPrivilege 2728 wevtutil.exe Token: SeBackupPrivilege 2728 wevtutil.exe Token: SeSecurityPrivilege 5048 wevtutil.exe Token: SeBackupPrivilege 5048 wevtutil.exe Token: SeSecurityPrivilege 4932 wevtutil.exe Token: SeBackupPrivilege 4932 wevtutil.exe Token: SeSecurityPrivilege 888 wevtutil.exe Token: SeBackupPrivilege 888 wevtutil.exe Token: SeSecurityPrivilege 648 wevtutil.exe Token: SeBackupPrivilege 648 wevtutil.exe Token: SeSecurityPrivilege 4532 wevtutil.exe Token: SeBackupPrivilege 4532 wevtutil.exe Token: SeSecurityPrivilege 868 wevtutil.exe Token: SeBackupPrivilege 868 wevtutil.exe Token: SeSecurityPrivilege 1216 wevtutil.exe Token: SeBackupPrivilege 1216 wevtutil.exe Token: SeSecurityPrivilege 4856 wevtutil.exe Token: SeBackupPrivilege 4856 wevtutil.exe Token: SeSecurityPrivilege 1592 wevtutil.exe Token: SeBackupPrivilege 1592 wevtutil.exe Token: SeSecurityPrivilege 2416 wevtutil.exe Token: SeBackupPrivilege 2416 wevtutil.exe Token: SeSecurityPrivilege 1308 wevtutil.exe Token: SeBackupPrivilege 1308 wevtutil.exe Token: SeSecurityPrivilege 4832 wevtutil.exe Token: SeBackupPrivilege 4832 wevtutil.exe Token: SeSecurityPrivilege 4084 wevtutil.exe Token: SeBackupPrivilege 4084 wevtutil.exe Token: SeSecurityPrivilege 3000 wevtutil.exe Token: SeBackupPrivilege 3000 wevtutil.exe Token: SeSecurityPrivilege 1000 wevtutil.exe Token: SeBackupPrivilege 1000 wevtutil.exe Token: SeSecurityPrivilege 2136 wevtutil.exe Token: SeBackupPrivilege 2136 wevtutil.exe Token: SeSecurityPrivilege 3196 wevtutil.exe Token: SeBackupPrivilege 3196 wevtutil.exe Token: SeSecurityPrivilege 464 wevtutil.exe Token: SeBackupPrivilege 464 wevtutil.exe Token: SeSecurityPrivilege 5112 wevtutil.exe Token: SeBackupPrivilege 5112 wevtutil.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4116 wrote to memory of 2960 4116 cpuz.exe 82 PID 4116 wrote to memory of 2960 4116 cpuz.exe 82 PID 2960 wrote to memory of 1392 2960 cmd.exe 83 PID 2960 wrote to memory of 1392 2960 cmd.exe 83 PID 1392 wrote to memory of 1892 1392 cmd.exe 84 PID 1392 wrote to memory of 1892 1392 cmd.exe 84 PID 2960 wrote to memory of 3332 2960 cmd.exe 85 PID 2960 wrote to memory of 3332 2960 cmd.exe 85 PID 3332 wrote to memory of 5052 3332 cmd.exe 86 PID 3332 wrote to memory of 5052 3332 cmd.exe 86 PID 2960 wrote to memory of 4964 2960 cmd.exe 87 PID 2960 wrote to memory of 4964 2960 cmd.exe 87 PID 2960 wrote to memory of 1700 2960 cmd.exe 88 PID 2960 wrote to memory of 1700 2960 cmd.exe 88 PID 2960 wrote to memory of 2212 2960 cmd.exe 89 PID 2960 wrote to memory of 2212 2960 cmd.exe 89 PID 2960 wrote to memory of 2152 2960 cmd.exe 90 PID 2960 wrote to memory of 2152 2960 cmd.exe 90 PID 2960 wrote to memory of 1180 2960 cmd.exe 91 PID 2960 wrote to memory of 1180 2960 cmd.exe 91 PID 2960 wrote to memory of 2696 2960 cmd.exe 92 PID 2960 wrote to memory of 2696 2960 cmd.exe 92 PID 2960 wrote to memory of 348 2960 cmd.exe 93 PID 2960 wrote to memory of 348 2960 cmd.exe 93 PID 2960 wrote to memory of 4488 2960 cmd.exe 94 PID 2960 wrote to memory of 4488 2960 cmd.exe 94 PID 2960 wrote to memory of 1268 2960 cmd.exe 95 PID 2960 wrote to memory of 1268 2960 cmd.exe 95 PID 2960 wrote to memory of 4768 2960 cmd.exe 96 PID 2960 wrote to memory of 4768 2960 cmd.exe 96 PID 2960 wrote to memory of 1848 2960 cmd.exe 97 PID 2960 wrote to memory of 1848 2960 cmd.exe 97 PID 2960 wrote to memory of 2728 2960 cmd.exe 98 PID 2960 wrote to memory of 2728 2960 cmd.exe 98 PID 2960 wrote to memory of 5048 2960 cmd.exe 99 PID 2960 wrote to memory of 5048 2960 cmd.exe 99 PID 2960 wrote to memory of 4932 2960 cmd.exe 100 PID 2960 wrote to memory of 4932 2960 cmd.exe 100 PID 2960 wrote to memory of 888 2960 cmd.exe 101 PID 2960 wrote to memory of 888 2960 cmd.exe 101 PID 2960 wrote to memory of 648 2960 cmd.exe 102 PID 2960 wrote to memory of 648 2960 cmd.exe 102 PID 2960 wrote to memory of 4532 2960 cmd.exe 103 PID 2960 wrote to memory of 4532 2960 cmd.exe 103 PID 2960 wrote to memory of 868 2960 cmd.exe 104 PID 2960 wrote to memory of 868 2960 cmd.exe 104 PID 2960 wrote to memory of 1216 2960 cmd.exe 105 PID 2960 wrote to memory of 1216 2960 cmd.exe 105 PID 2960 wrote to memory of 4856 2960 cmd.exe 106 PID 2960 wrote to memory of 4856 2960 cmd.exe 106 PID 2960 wrote to memory of 1592 2960 cmd.exe 107 PID 2960 wrote to memory of 1592 2960 cmd.exe 107 PID 2960 wrote to memory of 2416 2960 cmd.exe 108 PID 2960 wrote to memory of 2416 2960 cmd.exe 108 PID 2960 wrote to memory of 1308 2960 cmd.exe 109 PID 2960 wrote to memory of 1308 2960 cmd.exe 109 PID 2960 wrote to memory of 4832 2960 cmd.exe 110 PID 2960 wrote to memory of 4832 2960 cmd.exe 110 PID 2960 wrote to memory of 4084 2960 cmd.exe 111 PID 2960 wrote to memory of 4084 2960 cmd.exe 111 PID 2960 wrote to memory of 3000 2960 cmd.exe 112 PID 2960 wrote to memory of 3000 2960 cmd.exe 112 PID 2960 wrote to memory of 1000 2960 cmd.exe 113 PID 2960 wrote to memory of 1000 2960 cmd.exe 113
Processes
-
C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\cpuz.exe"C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\cpuz.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4116 -
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\5062.tmp\5063.tmp\5064.bat C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\cpuz.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2960 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c bcdedit3⤵
- Suspicious use of WriteProcessMemory
PID:1392 -
C:\Windows\system32\bcdedit.exebcdedit4⤵PID:1892
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wevtutil.exe el3⤵
- Suspicious use of WriteProcessMemory
PID:3332 -
C:\Windows\system32\wevtutil.exewevtutil.exe el4⤵
- Suspicious use of AdjustPrivilegeToken
PID:5052
-
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "AMSI/Debug"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4964
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "AirSpaceChannel"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1700
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Analytic"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2212
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Application"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2152
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "DirectShowFilterGraph"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1180
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "DirectShowPluginControl"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2696
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Els_Hyphenation/Analytic"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:348
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "EndpointMapper"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4488
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "FirstUXPerf-Analytic"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1268
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "ForwardedEvents"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4768
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "General Logging"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1848
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "HardwareEvents"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2728
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "IHM_DebugChannel"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:5048
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS-GPIO/Analytic"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4932
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS-I2C/Analytic"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:888
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS2-GPIO2/Debug"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:648
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS2-GPIO2/Performance"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4532
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS2-I2C/Debug"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:868
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS2-I2C/Performance"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1216
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Internet Explorer"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4856
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Key Management Service"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1592
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MF_MediaFoundationDeviceMFT"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2416
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MF_MediaFoundationDeviceProxy"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1308
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MF_MediaFoundationFrameServer"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4832
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MedaFoundationVideoProc"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4084
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MedaFoundationVideoProcD3D"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3000
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationAsyncWrapper"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1000
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationContentProtection"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2136
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationDS"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3196
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationDeviceProxy"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:464
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationMP4"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:5112
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationMediaEngine"3⤵PID:4044
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationPerformance"3⤵PID:2776
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationPerformanceCore"3⤵PID:4668
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationPipeline"3⤵PID:4508
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationPlatform"3⤵PID:4956
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationSrcPrefetch"3⤵PID:3644
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client-Streamingux/Debug"3⤵PID:4620
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client/Admin"3⤵PID:1288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client/Debug"3⤵PID:2288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client/Operational"3⤵PID:2396
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client/Virtual Applications"3⤵PID:1828
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-SharedPerformance/Analytic"3⤵PID:5096
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Client-Licensing-Platform/Admin"3⤵PID:4476
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Client-Licensing-Platform/Debug"3⤵PID:4500
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Client-Licensing-Platform/Diagnostic"3⤵PID:4112
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-IE/Diagnostic"3⤵
- Clears Windows event logs
PID:4216
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-IEFRAME/Diagnostic"3⤵PID:4420
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-JSDumpHeap/Diagnostic"3⤵PID:2876
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-OneCore-Setup/Analytic"3⤵PID:3416
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-PerfTrack-IEFRAME/Diagnostic"3⤵PID:3564
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-PerfTrack-MSHTML/Diagnostic"3⤵PID:3648
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-Admin/Debug"3⤵PID:4816
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-Agent Driver/Debug"3⤵PID:1080
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-Agent Driver/Operational"3⤵PID:4468
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-App Agent/Analytic"3⤵PID:1776
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-App Agent/Debug"3⤵PID:948
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-App Agent/Operational"3⤵PID:1388
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-IPC/Operational"3⤵
- Clears Windows event logs
PID:1600
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic"3⤵PID:2140
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug"3⤵PID:1492
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational"3⤵PID:2620
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AAD/Analytic"3⤵PID:1656
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AAD/Operational"3⤵PID:4516
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ADSI/Debug"3⤵
- Clears Windows event logs
PID:5104
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ASN1/Operational"3⤵PID:2712
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ATAPort/General"3⤵PID:1004
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ATAPort/SATA-LPM"3⤵PID:3584
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ActionQueue/Analytic"3⤵PID:4292
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-All-User-Install-Agent/Admin"3⤵PID:2392
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AllJoyn/Debug"3⤵PID:3192
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AllJoyn/Operational"3⤵PID:4024
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppHost/Admin"3⤵PID:1604
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppHost/ApplicationTracing"3⤵PID:1028
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppHost/Diagnostic"3⤵PID:436
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppHost/Internal"3⤵PID:3148
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppID/Operational"3⤵PID:2268
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/EXE and DLL"3⤵PID:2968
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/MSI and Script"3⤵PID:3908
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/Packaged app-Deployment"3⤵PID:4012
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/Packaged app-Execution"3⤵PID:1356
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Admin"3⤵PID:4288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Analytic"3⤵PID:5060
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Debug"3⤵
- Clears Windows event logs
PID:2280
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Diagnostics"3⤵PID:3540
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-State/Debug"3⤵PID:1452
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-State/Diagnostic"3⤵PID:2608
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppReadiness/Admin"3⤵PID:1424
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppReadiness/Debug"3⤵PID:1084
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppReadiness/Operational"3⤵PID:4144
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppSruProv"3⤵PID:812
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeployment/Diagnostic"3⤵PID:4228
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeployment/Operational"3⤵PID:4040
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Debug"3⤵PID:2904
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Diagnostic"3⤵PID:212
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Operational"3⤵PID:2472
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Restricted"3⤵PID:4792
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ApplicabilityEngine/Analytic"3⤵PID:388
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ApplicabilityEngine/Operational"3⤵PID:3376
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Admin"3⤵PID:4992
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Analytic"3⤵PID:556
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Debug"3⤵PID:2372
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Operational"3⤵PID:2152
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug"3⤵PID:1180
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant"3⤵PID:2696
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic"3⤵PID:348
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace"3⤵PID:4488
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter"3⤵PID:2172
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Inventory"3⤵PID:1900
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Telemetry"3⤵PID:1008
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Steps-Recorder"3⤵PID:1848
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppxPackaging/Debug"3⤵PID:2728
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppxPackaging/Operational"3⤵PID:5048
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppxPackaging/Performance"3⤵
- Clears Windows event logs
PID:4932
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AssignedAccess/Admin"3⤵PID:888
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AssignedAccess/Operational"3⤵PID:2324
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AssignedAccessBroker/Admin"3⤵PID:1376
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AssignedAccessBroker/Operational"3⤵PID:512
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AsynchronousCausality/Causality"3⤵PID:952
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/CaptureMonitor"3⤵PID:5084
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/GlitchDetection"3⤵PID:2096
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/Informational"3⤵PID:1408
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/Operational"3⤵PID:1308
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/Performance"3⤵
- Clears Windows event logs
PID:4832
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/PlaybackManager"3⤵PID:4396
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audit/Analytic"3⤵PID:4100
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication User Interface/Operational"3⤵PID:3596
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController"3⤵PID:3208
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication/ProtectedUser-Client"3⤵PID:1472
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController"3⤵PID:2540
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController"3⤵PID:4200
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AxInstallService/Log"3⤵PID:452
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BTH-BTHPORT/HCI"3⤵PID:3100
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BTH-BTHPORT/L2CAP"3⤵PID:4404
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BTH-BTHUSB/Diagnostic"3⤵PID:1692
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BTH-BTHUSB/Performance"3⤵PID:2488
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic"3⤵PID:2676
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BackgroundTaskInfrastructure/Operational"3⤵
- Clears Windows event logs
PID:1896
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational"3⤵PID:3372
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Backup"3⤵
- Clears Windows event logs
PID:1888
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Base-Filtering-Engine-Connections/Operational"3⤵
- Clears Windows event logs
PID:1972
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational"3⤵PID:2336
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Battery/Diagnostic"3⤵PID:4784
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Biometrics/Analytic"3⤵PID:1040
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Biometrics/Operational"3⤵PID:1680
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Admin"3⤵
- Clears Windows event logs
PID:4936
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Operational"3⤵PID:4864
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker-Driver-Performance/Operational"3⤵PID:2208
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker/BitLocker Management"3⤵PID:4388
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker/BitLocker Operational"3⤵PID:3824
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker/Tracing"3⤵PID:4408
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bits-Client/Analytic"3⤵PID:4088
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bits-Client/Operational"3⤵PID:3792
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational"3⤵PID:2908
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bluetooth-Bthmini/Operational"3⤵PID:220
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bluetooth-MTPEnum/Operational"3⤵PID:1204
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bluetooth-Policy/Operational"3⤵PID:1688
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCache/Operational"3⤵PID:4412
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic"3⤵PID:468
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheEventProvider/Diagnostic"3⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheMonitoring/Analytic"3⤵PID:2456
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Analytic"3⤵PID:1956
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Operational"3⤵PID:3656
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CAPI2/Catalog Database Debug"3⤵PID:3180
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CAPI2/Operational"3⤵PID:5040
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CDROM/Operational"3⤵PID:1660
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/Analytic"3⤵PID:3860
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/ApartmentInitialize"3⤵PID:1624
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/ApartmentUninitialize"3⤵PID:368
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/Call"3⤵PID:3204
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/CreateInstance"3⤵PID:2360
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/ExtensionCatalog"3⤵PID:4560
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/FreeUnusedLibrary"3⤵PID:3244
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/RundownInstrumentation"3⤵PID:3920
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COMRuntime/Activations"3⤵PID:2716
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COMRuntime/MessageProcessing"3⤵PID:1460
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COMRuntime/Tracing"3⤵PID:3660
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertPoleEng/Operational"3⤵PID:4740
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"3⤵PID:4400
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational"3⤵PID:2724
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational"3⤵
- Clears Windows event logs
PID:2624
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Cleanmgr/Diagnostic"3⤵PID:5060
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ClearTypeTextTuner/Diagnostic"3⤵PID:3392
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CloudStore/Debug"3⤵PID:3076
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CloudStore/Operational"3⤵PID:4860
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CmiSetup/Analytic"3⤵PID:2188
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Operational"3⤵
- Clears Windows event logs
PID:4756
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Verbose"3⤵PID:4596
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ComDlg32/Analytic"3⤵PID:4456
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ComDlg32/Debug"3⤵PID:2532
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Compat-Appraiser/Analytic"3⤵PID:1392
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Compat-Appraiser/Operational"3⤵PID:5052
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-BindFlt/Debug"3⤵PID:4964
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-BindFlt/Operational"3⤵PID:1700
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-Wcifs/Debug"3⤵PID:3344
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-Wcifs/Operational"3⤵PID:4448
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-Wcnfs/Debug"3⤵PID:2812
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-Wcnfs/Operational"3⤵PID:3388
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreApplication/Diagnostic"3⤵PID:4496
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreApplication/Operational"3⤵PID:4940
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreApplication/Tracing"3⤵PID:2080
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug"3⤵PID:4536
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational"3⤵PID:3016
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreWindow/Analytic"3⤵PID:4920
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreWindow/Debug"3⤵PID:4768
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Client/Operational"3⤵PID:3940
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Server/Operational"3⤵PID:2264
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crashdump/Operational"3⤵PID:3820
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CredUI/Diagnostic"3⤵PID:984
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-BCRYPT/Analytic"3⤵PID:4380
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-CNG/Analytic"3⤵PID:3008
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc"3⤵PID:3664
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-DPAPI/Debug"3⤵PID:2364
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-DPAPI/Operational"3⤵PID:1740
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-DSSEnh/Analytic"3⤵PID:4064
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-NCrypt/Operational"3⤵PID:4856
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-RNG/Analytic"3⤵PID:1592
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-RSAEnh/Analytic"3⤵PID:4260
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-D3D10Level9/Analytic"3⤵PID:1412
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-D3D10Level9/PerfTiming"3⤵
- Clears Windows event logs
PID:4944
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DAL-Provider/Analytic"3⤵PID:4084
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DAL-Provider/Operational"3⤵PID:3000
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DAMM/Diagnostic"3⤵PID:1000
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DCLocator/Debug"3⤵PID:2136
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DDisplay/Analytic"3⤵PID:1860
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DDisplay/Logging"3⤵PID:464
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DLNA-Namespace/Analytic"3⤵PID:5112
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DNS-Client/Operational"3⤵PID:4044
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DSC/Admin"3⤵PID:2776
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DSC/Analytic"3⤵
- Clears Windows event logs
PID:4668
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DSC/Debug"3⤵PID:4508
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DSC/Operational"3⤵PID:3088
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DUI/Diagnostic"3⤵PID:2436
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DUSER/Diagnostic"3⤵PID:4620
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXGI/Analytic"3⤵PID:1288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXGI/Logging"3⤵PID:2288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXP/Analytic"3⤵PID:3116
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Data-Pdf/Debug"3⤵PID:1904
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DataIntegrityScan/Admin"3⤵PID:4800
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DataIntegrityScan/CrashRecovery"3⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Analytic"3⤵PID:3224
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Debug"3⤵PID:2912
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Operational"3⤵PID:3084
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deduplication/Diagnostic"3⤵PID:3944
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deduplication/Operational"3⤵PID:1780
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deduplication/Performance"3⤵PID:684
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deduplication/Scrubbing"3⤵PID:968
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Defrag-Core/Debug"3⤵PID:4528
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deplorch/Analytic"3⤵PID:1080
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DesktopActivityModerator/Diagnostic"3⤵PID:4748
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic"3⤵PID:3124
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceAssociationService/Performance"3⤵PID:2144
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceConfidence/Analytic"3⤵PID:1484
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceGuard/Operational"3⤵PID:2032
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceGuard/Verbose"3⤵PID:876
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin"3⤵PID:2856
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug"3⤵PID:4820
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational"3⤵PID:2604
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Admin"3⤵PID:2980
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Analytic"3⤵PID:3212
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Debug"3⤵PID:5024
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Operational"3⤵PID:756
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSync/Analytic"3⤵PID:3860
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSync/Operational"3⤵PID:4292
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceUpdateAgent/Operational"3⤵PID:3316
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceUx/Informational"3⤵PID:3248
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceUx/Performance"3⤵PID:4184
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Devices-Background/Operational"3⤵PID:4524
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Admin"3⤵PID:964
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Operational"3⤵PID:4512
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Admin"3⤵PID:3148
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Operational"3⤵PID:2344
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiagCpl/Debug"3⤵PID:432
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic"3⤵PID:3908
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Analytic"3⤵PID:4520
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Debug"3⤵PID:1356
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Operational"3⤵PID:3964
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-MSDE/Debug"3⤵PID:2300
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Analytic"3⤵PID:3540
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Debug"3⤵PID:1424
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Operational"3⤵PID:1084
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Debug"3⤵PID:3760
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Operational"3⤵PID:2532
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Perfhost/Analytic"3⤵PID:5052
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scheduled/Operational"3⤵PID:3344
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Admin"3⤵
- Clears Windows event logs
PID:4480
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Analytic"3⤵PID:3236
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Debug"3⤵PID:2892
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Operational"3⤵
- Clears Windows event logs
PID:3956
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug"3⤵PID:2080
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational"3⤵PID:4536
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-WDC/Analytic"3⤵PID:3016
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-WDI/Debug"3⤵PID:1900
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Debug"3⤵PID:4920
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Operational"3⤵PID:3940
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic"3⤵PID:2264
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic"3⤵PID:3820
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic"3⤵PID:984
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback"3⤵PID:4380
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Operational"3⤵PID:3008
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D10/Analytic"3⤵PID:3664
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D10_1/Analytic"3⤵PID:512
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/Analytic"3⤵PID:376
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/Logging"3⤵PID:2028
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/PerfTiming"3⤵PID:1752
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D12/Analytic"3⤵PID:3884
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D12/Logging"3⤵
- Clears Windows event logs
PID:3928
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D12/PerfTiming"3⤵PID:1412
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D9/Analytic"3⤵PID:4944
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3DShaderCache/Default"3⤵PID:4084
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectComposition/Diagnostic"3⤵PID:3000
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectManipulation/Diagnostic"3⤵PID:1000
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectShow-KernelSupport/Performance"3⤵PID:2136
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectSound/Debug"3⤵PID:1860
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Disk/Operational"3⤵PID:464
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnostic/Operational"3⤵PID:5112
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnosticDataCollector/Operational"3⤵PID:4044
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnosticResolver/Operational"3⤵PID:2776
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dism-Api/Analytic"3⤵PID:4668
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dism-Api/ExternalAnalytic"3⤵PID:4508
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dism-Api/InternalAnalytic"3⤵PID:3088
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dism-Cli/Analytic"3⤵PID:2436
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Debug"3⤵PID:4620
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Operational"3⤵PID:1288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplaySwitch/Diagnostic"3⤵PID:2288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Documents/Performance"3⤵PID:5096
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dot3MM/Diagnostic"3⤵PID:3116
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DriverFrameworks-UserMode/Operational"3⤵PID:4800
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DucUpdateAgent/Operational"3⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-API/Diagnostic"3⤵PID:5016
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-Core/Diagnostic"3⤵
- Clears Windows event logs
PID:5008
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-Dwm/Diagnostic"3⤵PID:2424
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-Redir/Diagnostic"3⤵PID:3944
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-Udwm/Diagnostic"3⤵PID:1780
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl-Admin"3⤵PID:684
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl-Operational"3⤵PID:968
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Contention"3⤵PID:4528
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Diagnostic"3⤵PID:1080
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Performance"3⤵PID:4748
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Power"3⤵PID:644
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxpTaskSyncProvider/Analytic"3⤵PID:1600
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EDP-Application-Learning/Admin"3⤵
- Clears Windows event logs
PID:2140
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EDP-Audit-Regular/Admin"3⤵PID:468
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EDP-Audit-TCB/Admin"3⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EFS/Debug"3⤵PID:2456
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ESE/IODiagnose"3⤵PID:1956
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ESE/Operational"3⤵PID:5104
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Analytic"3⤵PID:3180
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Debug"3⤵PID:4352
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Operational"3⤵PID:1104
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapMethods-RasChap/Operational"3⤵PID:1660
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapMethods-RasTls/Operational"3⤵PID:1624
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapMethods-Sim/Operational"3⤵PID:368
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapMethods-Ttls/Operational"3⤵PID:3204
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EaseOfAccess/Diagnostic"3⤵PID:1604
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Energy-Estimation-Engine/EventLog"3⤵PID:4560
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Energy-Estimation-Engine/Trace"3⤵PID:3244
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic"3⤵PID:3920
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventCollector/Debug"3⤵PID:2716
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventCollector/Operational"3⤵PID:1460
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog-WMIProvider/Debug"3⤵PID:3660
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog/Analytic"3⤵PID:3908
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog/Debug"3⤵PID:4520
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Analytic"3⤵PID:1356
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Debug"3⤵PID:3964
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Operational"3⤵PID:2300
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FailoverClustering-Client/Diagnostic"3⤵PID:3540
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Fault-Tolerant-Heap/Operational"3⤵
- Clears Windows event logs
PID:4280
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FeatureConfiguration/Analytic"3⤵PID:2872
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FeatureConfiguration/Operational"3⤵PID:2532
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Catalog/Analytic"3⤵PID:5052
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Catalog/Debug"3⤵PID:3344
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-ConfigManager/Analytic"3⤵PID:4480
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-ConfigManager/Debug"3⤵PID:3236
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Core/Analytic"3⤵
- Clears Windows event logs
PID:2892
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Core/Debug"3⤵PID:348
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Core/WHC"3⤵PID:4488
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Engine/Analytic"3⤵PID:2172
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Engine/BackupLog"3⤵PID:1884
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Engine/Debug"3⤵PID:768
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-EventListener/Analytic"3⤵PID:1848
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-EventListener/Debug"3⤵PID:2728
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Service/Analytic"3⤵
- Clears Windows event logs
PID:884
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Service/Debug"3⤵
- Clears Windows event logs
PID:4932
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-UI-Events/Analytic"3⤵PID:888
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-UI-Events/Debug"3⤵PID:336
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileInfoMinifilter/Operational"3⤵PID:4076
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Firewall-CPL/Diagnostic"3⤵PID:4064
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Folder Redirection/Operational"3⤵PID:4856
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Forwarding/Debug"3⤵PID:1592
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Forwarding/Operational"3⤵PID:1408
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-GPIO-ClassExtension/Analytic"3⤵PID:2092
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-GenericRoaming/Admin"3⤵PID:4140
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-GroupPolicy/Operational"3⤵PID:4100
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HAL/Debug"3⤵PID:3596
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenter/Debug"3⤵PID:4996
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenter/Performance"3⤵PID:2240
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenterCPL/Performance"3⤵PID:4376
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HelloForBusiness/Operational"3⤵PID:4736
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Help/Operational"3⤵PID:1068
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"3⤵PID:3636
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel/Operational"3⤵PID:4404
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Listener Service/Operational"3⤵PID:5044
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"3⤵PID:4956
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service/Operational"3⤵PID:3644
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup-ListenerService"3⤵PID:2176
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HotspotAuth/Analytic"3⤵PID:2696
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HotspotAuth/Operational"3⤵PID:4620
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HttpService/Log"3⤵PID:1288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HttpService/Trace"3⤵PID:2288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Admin"3⤵PID:5096
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic"3⤵PID:4640
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Debug"3⤵PID:3116
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose"3⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Operational"3⤵
- Clears Windows event logs
PID:5016
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Hypervisor-Admin"3⤵PID:2208
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Hypervisor-Analytic"3⤵PID:2668
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Hypervisor-Operational"3⤵PID:4428
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-NETVSC/Diagnostic"3⤵PID:1596
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-VID-Admin"3⤵PID:2420
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-VID-Analytic"3⤵PID:1676
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IE-SmartScreen"3⤵PID:2908
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IKE/Operational"3⤵PID:3124
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IKEDBG/Debug"3⤵PID:948
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-Broker/Analytic"3⤵PID:644
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-CandidateUI/Analytic"3⤵PID:1600
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-CustomerFeedbackManager/Debug"3⤵PID:2140
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic"3⤵PID:468
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPAPI/Analytic"3⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPLMP/Analytic"3⤵PID:2456
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPPRED/Analytic"3⤵PID:1956
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPSetting/Analytic"3⤵PID:5104
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPTIP/Analytic"3⤵PID:3180
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-KRAPI/Analytic"3⤵PID:3584
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-KRTIP/Analytic"3⤵PID:4352
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-OEDCompiler/Analytic"3⤵PID:1660
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-TCCORE/Analytic"3⤵PID:1624
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-TCTIP/Analytic"3⤵PID:2360
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-TIP/Analytic"3⤵PID:368
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPNAT/Diagnostic"3⤵PID:1604
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPSEC-SRV/Diagnostic"3⤵PID:4560
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPxlatCfg/Debug"3⤵PID:3244
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPxlatCfg/Operational"3⤵PID:3920
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IdCtrls/Analytic"3⤵PID:2716
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IdCtrls/Operational"3⤵PID:1460
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic"3⤵PID:3660
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Input-HIDCLASS-Analytic"3⤵PID:3908
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-InputSwitch/Diagnostic"3⤵PID:4520
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-International-RegionalOptionsControlPanel/Operational"3⤵PID:1356
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Debug"3⤵PID:3964
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Operational"3⤵PID:3392
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Trace"3⤵PID:3028
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-KdsSvc/Operational"3⤵PID:3096
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kerberos/Operational"3⤵PID:212
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Acpi/Diagnostic"3⤵PID:4792
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-AppCompat/General"3⤵PID:4992
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-AppCompat/Performance"3⤵PID:3632
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ApphelpCache/Analytic"3⤵PID:2148
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ApphelpCache/Debug"3⤵PID:2152
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ApphelpCache/Operational"3⤵PID:2688
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Boot/Analytic"3⤵PID:2892
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Boot/Operational"3⤵PID:348
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic"3⤵PID:4488
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Disk/Analytic"3⤵PID:2172
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Admin"3⤵PID:5092
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Analytic"3⤵PID:3156
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-File/Analytic"3⤵PID:944
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-IO/Operational"3⤵PID:640
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic"3⤵PID:1140
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-IoTrace/Diagnostic"3⤵PID:3592
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-LiveDump/Analytic"3⤵
- Clears Windows event logs
PID:1376
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-LiveDump/Operational"3⤵PID:888
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Memory/Analytic"3⤵PID:4076
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Network/Analytic"3⤵PID:4064
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Pdc/Diagnostic"3⤵PID:4856
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Pep/Diagnostic"3⤵PID:4284
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic"3⤵
- Clears Windows event logs
PID:3440
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Configuration"3⤵PID:832
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic"3⤵PID:856
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic"3⤵PID:1592
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic"3⤵
- Clears Windows event logs
PID:1308
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog"3⤵PID:4308
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Diagnostic"3⤵PID:400
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Diagnostic"3⤵PID:4880
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Operational"3⤵PID:3208
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Prefetch/Diagnostic"3⤵PID:3196
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Process/Analytic"3⤵PID:536
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Processor-Power/Diagnostic"3⤵
- Clears Windows event logs
PID:4336
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Registry/Analytic"3⤵PID:4456
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Registry/Performance"3⤵PID:5112
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ShimEngine/Debug"3⤵PID:4044
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ShimEngine/Diagnostic"3⤵PID:2776
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ShimEngine/Operational"3⤵PID:4668
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Analytic"3⤵PID:4508
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Operational"3⤵PID:3088
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Analytic"3⤵PID:4008
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Debug"3⤵PID:2176
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Operational"3⤵PID:2696
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Errors"3⤵PID:4620
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Operational"3⤵PID:1288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-XDV/Analytic"3⤵PID:2288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-KeyboardFilter/Admin"3⤵PID:5096
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-KeyboardFilter/Operational"3⤵PID:4640
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-KeyboardFilter/Performance"3⤵PID:3224
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Known Folders API Service"3⤵PID:3116
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-L2NA/Diagnostic"3⤵PID:5016
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LDAP-Client/Debug"3⤵
- Clears Windows event logs
PID:3944
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LSA/Diagnostic"3⤵
- Clears Windows event logs
PID:2208
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LSA/Operational"3⤵PID:4428
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LSA/Performance"3⤵PID:1596
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LUA-ConsentUI/Diagnostic"3⤵
- Clears Windows event logs
PID:4528
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Analytic"3⤵PID:1080
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Debug"3⤵PID:2388
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Operational"3⤵PID:1388
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LimitsManagement/Diagnostic"3⤵PID:1484
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic"3⤵PID:4412
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational"3⤵PID:876
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LiveId/Analytic"3⤵PID:2856
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LiveId/Operational"3⤵PID:4820
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic"3⤵PID:2604
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-CLNT/Diagnostic"3⤵PID:2980
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-DRV/Diagnostic"3⤵PID:1004
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-SRV/Diagnostic"3⤵PID:3976
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSFTEDIT/Diagnostic"3⤵PID:1104
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Admin"3⤵PID:1252
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Debug"3⤵PID:4632
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Diagnostic"3⤵PID:1660
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Admin"3⤵PID:4024
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Analytic"3⤵PID:3248
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Debug"3⤵PID:4600
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Operational"3⤵PID:368
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Media-Streaming/DMC"3⤵
- Clears Windows event logs
PID:436
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Media-Streaming/DMR"3⤵PID:2312
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Media-Streaming/MDE"3⤵PID:3292
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine"3⤵PID:4392
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter"3⤵
- Clears Windows event logs
PID:1292
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader"3⤵PID:4740
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/Transform"3⤵PID:4400
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-Performance/SARStreamResource"3⤵PID:2724
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-PlayAPI/Analytic"3⤵PID:4312
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MemoryDiagnostics-Results/Debug"3⤵PID:5060
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Minstore/Analytic"3⤵PID:3692
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Minstore/Debug"3⤵PID:3076
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic"3⤵PID:3760
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic"3⤵PID:388
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic"3⤵PID:3096
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational"3⤵PID:2532
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic"3⤵PID:2372
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MobilityCenter/Performance"3⤵PID:3632
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin"3⤵PID:4480
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot"3⤵PID:3236
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug"3⤵PID:3956
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService"3⤵PID:2484
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mprddm/Operational"3⤵PID:348
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NCSI/Analytic"3⤵PID:4488
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NCSI/Operational"3⤵PID:2172
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDF-HelperClassDiscovery/Debug"3⤵PID:5092
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS-PacketCapture/Diagnostic"3⤵PID:3156
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS/Diagnostic"3⤵PID:944
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS/Operational"3⤵PID:2728
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NTLM/Operational"3⤵PID:4932
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NWiFi/Diagnostic"3⤵PID:4380
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Narrator/Diagnostic"3⤵PID:3588
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ncasvc/Operational"3⤵PID:1376
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NcdAutoSetup/Diagnostic"3⤵PID:888
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NcdAutoSetup/Operational"3⤵PID:4076
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NdisImPlatform/Operational"3⤵PID:3932
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ndu/Diagnostic"3⤵PID:2556
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetShell/Performance"3⤵PID:3972
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Network-Connection-Broker"3⤵PID:4576
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Network-DataUsage/Analytic"3⤵PID:3924
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Network-Setup/Diagnostic"3⤵PID:2416
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Network-and-Sharing-Center/Diagnostic"3⤵PID:3884
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkBridge/Diagnostic"3⤵PID:4832
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkLocationWizard/Operational"3⤵PID:4308
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProfile/Diagnostic"3⤵PID:4396
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProfile/Operational"3⤵PID:3620
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProvider/Operational"3⤵PID:3000
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProvisioning/Analytic"3⤵PID:4996
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProvisioning/Operational"3⤵PID:1000
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkSecurity/Debug"3⤵PID:1860
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkStatus/Analytic"3⤵PID:464
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Networking-Correlation/Diagnostic"3⤵PID:452
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Networking-RealTimeCommunication/Tracing"3⤵PID:2956
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NlaSvc/Diagnostic"3⤵PID:4016
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NlaSvc/Operational"3⤵PID:1504
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ntfs/Operational"3⤵PID:3504
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ntfs/Performance"3⤵PID:4624
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ntfs/WHC"3⤵PID:2404
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OLE/Clipboard-Performance"3⤵PID:3088
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OLEACC/Debug"3⤵PID:4008
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OLEACC/Diagnostic"3⤵PID:2176
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic"3⤵PID:2696
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-Machine-Core/Diagnostic"3⤵PID:1828
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-Machine-DUI/Diagnostic"3⤵PID:1904
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-Machine-DUI/Operational"3⤵PID:4684
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic"3⤵PID:2288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OcpUpdateAgent/Operational"3⤵PID:5096
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Analytic"3⤵
- Clears Windows event logs
PID:4640
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Debug"3⤵PID:3224
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Operational"3⤵PID:3116
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/SyncLog"3⤵PID:2668
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OneBackup/Debug"3⤵PID:5016
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OneX/Diagnostic"3⤵PID:2208
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OneX/Operational"3⤵PID:4428
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OobeLdr/Analytic"3⤵PID:968
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OtpCredentialProvider/Operational"3⤵
- Clears Windows event logs
PID:4468
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PCI/Diagnostic"3⤵PID:1776
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PackageStateRoaming/Analytic"3⤵PID:220
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PackageStateRoaming/Debug"3⤵PID:2144
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PackageStateRoaming/Operational"3⤵PID:1688
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ParentalControls/Operational"3⤵PID:5012
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Partition/Analytic"3⤵PID:2620
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Partition/Diagnostic"3⤵PID:1656
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic"3⤵PID:4820
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PerceptionRuntime/Operational"3⤵PID:3656
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PerceptionSensorDataService/Operational"3⤵PID:2712
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-Nvdimm/Analytic"3⤵PID:5040
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic"3⤵PID:3868
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-Nvdimm/Operational"3⤵PID:756
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-PmemDisk/Analytic"3⤵PID:3860
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic"3⤵PID:4292
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-PmemDisk/Operational"3⤵PID:1864
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Analytic"3⤵PID:1624
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Certification"3⤵PID:3808
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Diagnose"3⤵PID:4184
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Operational"3⤵PID:4524
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PhotoAcq/Analytic"3⤵PID:4512
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PlayToManager/Analytic"3⤵PID:3148
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Policy/Analytic"3⤵PID:3920
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Policy/Operational"3⤵PID:2716
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PortableDeviceStatusProvider/Analytic"3⤵PID:1460
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PortableDeviceSyncProvider/Analytic"3⤵PID:3660
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Power-Meter-Polling/Diagnostic"3⤵PID:3908
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerCfg/Diagnostic"3⤵
- Power Settings
PID:4520
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerCpl/Diagnostic"3⤵PID:1356
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic"3⤵PID:3964
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic"3⤵PID:812
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug"3⤵PID:3028
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational"3⤵
- Clears Windows event logs
PID:1404
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Admin"3⤵
- Clears Windows event logs
PID:5008
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Analytic"3⤵PID:2812
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Debug"3⤵PID:3388
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Operational"3⤵PID:1180
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrimaryNetworkIcon/Performance"3⤵PID:1012
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintBRM/Admin"3⤵PID:4940
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService-USBMon/Debug"3⤵PID:2080
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Admin"3⤵PID:4536
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Debug"3⤵PID:4768
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Operational"3⤵PID:4056
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Privacy-Auditing/Operational"3⤵PID:4920
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ProcessStateManager/Diagnostic"3⤵PID:3940
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Program-Compatibility-Assistant/Analytic"3⤵PID:2264
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade"3⤵PID:4440
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin"3⤵PID:2536
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot"3⤵PID:2728
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug"3⤵PID:4932
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService"3⤵PID:4380
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Proximity-Common/Diagnostic"3⤵PID:3588
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Proximity-Common/Informational"3⤵PID:1376
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Proximity-Common/Performance"3⤵PID:888
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-Developer/Debug"3⤵PID:3724
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-InProc/Debug"3⤵PID:3268
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-Platform/Admin"3⤵PID:2556
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-Platform/Debug"3⤵PID:3972
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-Platform/Operational"3⤵PID:4576
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-QoS-Pacer/Diagnostic"3⤵PID:3924
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-QoS-qWAVE/Debug"3⤵PID:2416
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC-Proxy/Debug"3⤵PID:3884
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC/Debug"3⤵PID:4832
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC/EEInfo"3⤵PID:4308
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RRAS/Debug"3⤵PID:4396
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RRAS/Operational"3⤵PID:3620
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RadioManager/Analytic"3⤵PID:3000
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic"3⤵PID:3196
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RasAgileVpn/Debug"3⤵PID:536
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RasAgileVpn/Operational"3⤵PID:4336
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReFS/Operational"3⤵PID:4456
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoost/Analytic"3⤵PID:5112
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoost/Operational"3⤵PID:4404
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Analytic"3⤵
- Clears Windows event logs
PID:4016
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Operational"3⤵PID:1504
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Regsvr32/Operational"3⤵PID:4508
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"3⤵PID:3492
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational"3⤵PID:2676
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Admin"3⤵PID:1896
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Operational"3⤵PID:2480
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Tracing"3⤵PID:1888
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin"3⤵PID:4324
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug"3⤵PID:3756
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational"3⤵PID:2336
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin"3⤵PID:5032
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug"3⤵
- Clears Windows event logs
PID:4500
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug"3⤵PID:1680
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational"3⤵PID:4216
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Remotefs-Rdbss/Diagnostic"3⤵PID:4420
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Remotefs-Rdbss/Operational"3⤵PID:2424
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ResetEng-Trace/Diagnostic"3⤵PID:3416
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Detector/Operational"3⤵PID:3824
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational"3⤵PID:4408
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ResourcePublication/Tracing"3⤵PID:2420
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RestartManager/Operational"3⤵PID:1676
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RetailDemo/Admin"3⤵PID:4528
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RetailDemo/Operational"3⤵
- Clears Windows event logs
PID:1080
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Graphics/Analytic"3⤵PID:2388
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing"3⤵PID:1388
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Networking/Tracing"3⤵PID:1484
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Web-Http/Tracing"3⤵PID:4412
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-WebAPI/Tracing"3⤵PID:468
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource"3⤵PID:4516
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine"3⤵PID:2856
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource"3⤵PID:2604
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode"3⤵PID:1956
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime/CreateInstance"3⤵PID:1004
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime/Error"3⤵PID:3976
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBClient/Analytic"3⤵
- Clears Windows event logs
PID:4352
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBClient/HelperClassDiagnostic"3⤵PID:1368
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBClient/ObjectStateDiagnostic"3⤵PID:3316
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBClient/Operational"3⤵PID:4292
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBDirect/Admin"3⤵PID:4432
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBDirect/Debug"3⤵PID:3248
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBDirect/Netmon"3⤵PID:3684
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Analytic"3⤵PID:368
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Audit"3⤵PID:2312
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Connectivity"3⤵PID:2880
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Diagnostic"3⤵PID:432
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Operational"3⤵PID:3520
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Performance"3⤵PID:3968
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Security"3⤵PID:2624
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBWitnessClient/Admin"3⤵PID:1452
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBWitnessClient/Informational"3⤵PID:3856
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SPB-ClassExtension/Analytic"3⤵PID:5060
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SPB-HIDI2C/Analytic"3⤵PID:3692
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Schannel-Events/Perf"3⤵PID:3392
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sdbus/Analytic"3⤵PID:2472
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sdbus/Debug"3⤵PID:2872
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sdstor/Analytic"3⤵PID:3096
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Search-Core/Diagnostic"3⤵PID:2532
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Search-ProtocolHandlers/Diagnostic"3⤵PID:3848
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SearchUI/Diagnostic"3⤵PID:4992
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SearchUI/Operational"3⤵PID:2148
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SecureAssessment/Operational"3⤵PID:3236
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Adminless/Operational"3⤵PID:3956
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic"3⤵PID:2892
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Operational"3⤵PID:348
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational"3⤵PID:4488
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational"3⤵PID:2172
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance"3⤵PID:5048
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-IdentityListener/Operational"3⤵PID:3156
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-IdentityStore/Performance"3⤵PID:944
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational"3⤵PID:3820
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Mitigations/KernelMode"3⤵PID:1140
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Mitigations/UserMode"3⤵PID:2324
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Netlogon/Operational"3⤵PID:4532
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP-UX-GC/Analytic"3⤵PID:1740
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational"3⤵PID:1216
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter"3⤵PID:3252
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP-UX/Analytic"3⤵PID:3932
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP/Perf"3⤵PID:2352
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-UserConsentVerifier/Audit"3⤵PID:860
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Vault/Performance"3⤵PID:3440
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SecurityMitigationsBroker/Admin"3⤵PID:4260
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SecurityMitigationsBroker/Operational"3⤵PID:856
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SecurityMitigationsBroker/Perf"3⤵PID:3928
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SendTo/Diagnostic"3⤵
- Clears Windows event logs
PID:2092
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sens/Debug"3⤵PID:3648
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sensors/Debug"3⤵PID:4832
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sensors/Performance"3⤵PID:4308
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Serial-ClassExtension-V2/Analytic"3⤵PID:4396
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Serial-ClassExtension/Analytic"3⤵PID:3620
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ServiceReportingApi/Debug"3⤵PID:3000
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Services-Svchost/Diagnostic"3⤵PID:4736
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Services/Diagnostic"3⤵PID:1068
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Servicing/Debug"3⤵PID:3636
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-Azure/Debug"3⤵
- Clears Windows event logs
PID:3108
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-Azure/Operational"3⤵PID:2776
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-OneDrive/Analytic"3⤵PID:4668
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-OneDrive/Debug"3⤵PID:548
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-OneDrive/Operational"3⤵PID:4876
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync/Analytic"3⤵PID:3644
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync/Debug"3⤵PID:2436
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync/Operational"3⤵PID:1364
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync/VerboseDebug"3⤵PID:5028
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Setup/Analytic"3⤵PID:4328
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupCl/Analytic"3⤵PID:4620
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupPlatform/Analytic"3⤵PID:2860
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupQueue/Analytic"3⤵PID:4540
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupUGC/Analytic"3⤵PID:4800
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic"3⤵PID:1224
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AppWizCpl/Diagnostic"3⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic"3⤵PID:4864
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic"3⤵PID:3084
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic"3⤵PID:4388
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic"3⤵PID:1780
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic"3⤵PID:3184
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic"3⤵
- Clears Windows event logs
PID:4088
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic"3⤵PID:1596
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter"3⤵PID:4748
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/ActionCenter"3⤵PID:2908
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/AppDefaults"3⤵PID:948
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/Diagnostic"3⤵PID:644
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/LogonTasksChannel"3⤵
- Clears Windows event logs
PID:1600
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/Operational"3⤵PID:3420
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic"3⤵PID:876
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-LockScreenContent/Diagnostic"3⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-OpenWith/Diagnostic"3⤵PID:380
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Shwebsvc"3⤵PID:1692
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-ZipFolder/Diagnostic"3⤵PID:2856
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic"3⤵PID:2604
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational"3⤵PID:1956
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shsvcs/Diagnostic"3⤵PID:1004
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SleepStudy/Diagnostic"3⤵PID:3976
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartCard-Audit/Authentication"3⤵PID:4352
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartCard-DeviceEnum/Operational"3⤵PID:1368
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin"3⤵PID:3316
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational"3⤵PID:4292
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartScreen/Debug"3⤵PID:4432
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmbClient/Audit"3⤵PID:964
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmbClient/Connectivity"3⤵PID:2968
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmbClient/Diagnostic"3⤵PID:2344
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmbClient/Security"3⤵PID:3148
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Speech-UserExperience/Diagnostic"3⤵PID:2020
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Spell-Checking/Analytic"3⤵
- Clears Windows event logs
PID:1292
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SpellChecker/Analytic"3⤵PID:4288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Spellchecking-Host/Analytic"3⤵PID:4840
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SruMon/Diagnostic"3⤵PID:2608
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SrumTelemetry"3⤵PID:2300
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StateRepository/Debug"3⤵PID:3540
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StateRepository/Diagnostic"3⤵
- Clears Windows event logs
PID:4280
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StateRepository/Operational"3⤵PID:812
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StateRepository/Restricted"3⤵PID:4448
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorDiag/Operational"3⤵PID:5052
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorPort/Operational"3⤵PID:3344
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Admin"3⤵PID:2372
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Analytic"3⤵
- Clears Windows event logs
PID:1416
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Debug"3⤵PID:1180
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Diagnose"3⤵PID:1520
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Operational"3⤵PID:5100
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Admin"3⤵PID:1664
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Analytic"3⤵PID:1008
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Debug"3⤵PID:4768
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Diagnose"3⤵PID:1184
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Operational"3⤵PID:2984
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Admin"3⤵PID:1280
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Analytic"3⤵PID:2736
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Debug"3⤵PID:4440
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Diagnose"3⤵PID:984
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Operational"3⤵PID:648
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Admin"3⤵PID:3008
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Analytic"3⤵PID:868
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Debug"3⤵PID:952
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Diagnose"3⤵PID:4076
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Health"3⤵PID:4616
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Operational"3⤵
- Clears Windows event logs
PID:3724
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Tiering-IoHeat/Heat"3⤵PID:4948
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Tiering/Admin"3⤵PID:3512
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageManagement/Debug"3⤵PID:860
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageManagement/Operational"3⤵PID:3440
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSettings/Diagnostic"3⤵PID:4260
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-Driver/Diagnostic"3⤵PID:856
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-Driver/Operational"3⤵PID:3928
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-Driver/Performance"3⤵
- Clears Windows event logs
PID:2092
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-ManagementAgent/WHC"3⤵PID:3648
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic"3⤵PID:4832
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-SpaceManager/Operational"3⤵PID:4308
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Store/Operational"3⤵
- Clears Windows event logs
PID:4396
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storsvc/Diagnostic"3⤵PID:4996
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Subsys-Csr/Operational"3⤵PID:536
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Subsys-SMSS/Operational"3⤵PID:628
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Superfetch/Main"3⤵PID:4044
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Superfetch/PfApLog"3⤵PID:4456
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Superfetch/StoreLog"3⤵PID:4404
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sysmon/Operational"3⤵PID:4016
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sysprep/Analytic"3⤵PID:1504
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-System-Profile-HardwareId/Diagnostic"3⤵PID:4508
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SystemSettingsHandlers/Debug"3⤵PID:3492
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SystemSettingsThreshold/Debug"3⤵PID:2676
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SystemSettingsThreshold/Diagnostic"3⤵PID:1896
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SystemSettingsThreshold/Operational"3⤵PID:2480
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TCPIP/Diagnostic"3⤵PID:1888
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TCPIP/Operational"3⤵PID:2696
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msctf/Debug"3⤵PID:1288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msctf/Diagnostic"3⤵
- Clears Windows event logs
PID:1904
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msutb/Debug"3⤵PID:4684
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msutb/Diagnostic"3⤵PID:2288
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TTS/Diagnostic"3⤵PID:4936
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TWinAPI/Diagnostic"3⤵PID:4640
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TWinUI/Diagnostic"3⤵PID:2876
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TWinUI/Operational"3⤵PID:3116
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TZSync/Analytic"3⤵
- Clears Windows event logs
PID:3416
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TZSync/Operational"3⤵PID:5016
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TZUtil/Operational"3⤵
- Clears Windows event logs
PID:2208
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Debug"3⤵PID:4428
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Diagnostic"3⤵PID:968
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Maintenance"3⤵PID:3124
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Operational"3⤵PID:1776
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskbarCPL/Diagnostic"3⤵PID:220
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin"3⤵PID:2144
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic"3⤵PID:2140
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug"3⤵PID:5012
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational"3⤵PID:1532
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin"3⤵PID:2456
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic"3⤵PID:3212
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Debug"3⤵PID:3656
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"3⤵PID:5024
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-MediaRedirection/Analytic"3⤵PID:5040
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Admin"3⤵PID:4296
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Analytic"3⤵PID:756
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Debug"3⤵PID:1252
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Operational"3⤵PID:4416
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-Printers/Admin"3⤵PID:1864
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-Printers/Analytic"3⤵PID:4024
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-Printers/Debug"3⤵PID:4888
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-Printers/Operational"3⤵PID:3684
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Analytic"3⤵PID:368
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Debug"3⤵PID:4512
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Operational"3⤵PID:3292
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture"3⤵PID:3920
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback"3⤵PID:2716
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin"3⤵
- Clears Windows event logs
PID:4740
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic"3⤵PID:3660
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug"3⤵PID:2724
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"3⤵PID:4312
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin"3⤵PID:5060
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic"3⤵PID:212
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug"3⤵PID:3692
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational"3⤵PID:2472
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Tethering-Manager/Analytic"3⤵PID:2872
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Tethering-Station/Analytic"3⤵PID:3096
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ThemeCPL/Diagnostic"3⤵PID:2532
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ThemeUI/Diagnostic"3⤵
- Clears Windows event logs
PID:3388
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Threat-Intelligence/Analytic"3⤵PID:4992
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational"3⤵PID:1012
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Time-Service/Operational"3⤵PID:4940
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Troubleshooting-Recommended/Admin"3⤵PID:2688
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Troubleshooting-Recommended/Operational"3⤵PID:4536
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TunnelDriver"3⤵PID:348
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UAC-FileVirtualization/Operational"3⤵PID:4056
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UAC/Operational"3⤵PID:768
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UI-Shell/Diagnostic"3⤵PID:1848
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAnimation/Diagnostic"3⤵PID:5092
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Debug"3⤵PID:944
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Diagnostic"3⤵PID:640
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Perf"3⤵PID:2728
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIRibbon/Diagnostic"3⤵PID:3592
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-MAUSBHOST-Analytic"3⤵
- Clears Windows event logs
PID:336
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-UCX-Analytic"3⤵PID:952
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-USBHUB/Diagnostic"3⤵PID:1376
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-USBHUB3-Analytic"3⤵PID:888
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-USBPORT/Diagnostic"3⤵PID:3724
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-USBXHCI-Analytic"3⤵PID:4856
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-USBXHCI-Trustlet-Analytic"3⤵PID:4284
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UniversalTelemetryClient/Operational"3⤵PID:2160
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"3⤵PID:832
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Control Panel Usage/Diagnostic"3⤵PID:1564
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Control Panel/Diagnostic"3⤵PID:2416
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Control Panel/Operational"3⤵PID:3884
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Device Registration/Admin"3⤵PID:4944
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Device Registration/Debug"3⤵PID:4084
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Profile Service/Diagnostic"3⤵PID:4880
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Profile Service/Operational"3⤵PID:2596
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User-Loader/Analytic"3⤵PID:2136
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User-Loader/Operational"3⤵PID:4376
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserAccountControl/Diagnostic"3⤵PID:4200
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserModePowerService/Diagnostic"3⤵PID:1860
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/ActionCenter"3⤵PID:464
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/DeviceInstall"3⤵PID:5112
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/DeviceMetadata/Debug"3⤵PID:2956
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/Performance"3⤵PID:2488
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/SchedulerOperations"3⤵PID:1268
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UxInit/Diagnostic"3⤵PID:3496
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UxTheme/Diagnostic"3⤵PID:1212
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VAN/Diagnostic"3⤵PID:2676
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VDRVROOT/Operational"3⤵PID:3088
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VHDMP-Analytic"3⤵PID:2396
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VHDMP-Operational"3⤵PID:2176
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VIRTDISK-Analytic"3⤵PID:4620
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VPN-Client/Operational"3⤵PID:2860
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VPN/Operational"3⤵PID:4540
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VWiFi/Diagnostic"3⤵PID:4800
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VerifyHardwareSecurity/Admin"3⤵PID:1224
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VerifyHardwareSecurity/Operational"3⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Volume/Diagnostic"3⤵PID:4420
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VolumeControl/Performance"3⤵PID:4864
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VolumeSnapshot-Driver/Analytic"3⤵PID:4388
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VolumeSnapshot-Driver/Operational"3⤵PID:2668
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WABSyncProvider/Analytic"3⤵PID:3184
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WCN-Config-Registrar/Diagnostic"3⤵PID:4088
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WCNWiz/Analytic"3⤵PID:3792
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WEPHOSTSVC/Operational"3⤵PID:2988
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WER-PayloadHealth/Operational"3⤵PID:4468
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WFP/Analytic"3⤵PID:1204
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WFP/Operational"3⤵PID:1388
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLAN-AutoConfig/Operational"3⤵PID:644
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLAN-Autoconfig/Diagnostic"3⤵PID:1688
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLAN-Driver/Analytic"3⤵PID:876
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLAN-MediaManager/Diagnostic"3⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLANConnectionFlow/Diagnostic"3⤵PID:1656
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMI-Activity/Debug"3⤵PID:3196
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMI-Activity/Operational"3⤵PID:2980
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMI-Activity/Trace"3⤵PID:2604
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPDMCUI/Diagnostic"3⤵PID:1956
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic"3⤵PID:1104
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPNSS-Service/Diagnostic"3⤵PID:1004
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPNSS-Service/Operational"3⤵PID:4352
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPNSSUI/Diagnostic"3⤵
- Clears Windows event logs
PID:1368
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-API/Analytic"3⤵PID:3316
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-ClassInstaller/Analytic"3⤵PID:4292
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-ClassInstaller/Operational"3⤵PID:1112
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-CompositeClassDriver/Analytic"3⤵PID:4184
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-CompositeClassDriver/Operational"3⤵PID:3244
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-MTPBT/Analytic"3⤵PID:2344
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-MTPClassDriver/Analytic"3⤵PID:3148
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-MTPClassDriver/Operational"3⤵PID:2020
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-MTPIP/Analytic"3⤵PID:4400
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-MTPUS/Analytic"3⤵PID:3856
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WSC-SRV/Diagnostic"3⤵PID:4892
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WUSA/Debug"3⤵PID:2964
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
679B
MD5064bb52705e97caeee4dcbb5c72c1413
SHA113107d14185397ad662c08dda51a0ebe7583fbe8
SHA256a8ef3b7eaef87d32ea17f27c2f9ad0eb46d394fc6f381972657dbae63d0bbb26
SHA512af599892866fd6bfbe067ee1b2f15e9d201401adedf9db624d0f31d7181754a03cb4ea0fa1fb666598cdb601f212ee79a1c4b437d7e9a25dba901c8c481dc095