d6b864d472efa77cbc6179e14e2172945ea1825860a5718dac6f0b835c9b2f01

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Temp Cleaner.bat
Size

2KB
MD5

ec35c8fdb352d85df9d1c074b36e2196
SHA1

ba3eac35af48eb8492fa98ec19ab69e45aa7e211
SHA256

d6b864d472efa77cbc6179e14e2172945ea1825860a5718dac6f0b835c9b2f01
SHA512

c7a84a581146a68e8061ffd6efcd6b8e84019bb7c2f1da5e105eab887636b5b6763ef2cf9e756a0df3171e6883784d59bffc1b45ea95e4873d9e4f6126252bd1

Score

9^/10

evasion persistence ransomware

Malware Config

Signatures

Clears Windows event logs 1 TTPs 64 IoCs

evasion ransomware

Clear Windows Event Logs

T1070.001

pid	Process
2204	wevtutil.exe
1148	wevtutil.exe
2192	wevtutil.exe
2668	wevtutil.exe
2448	wevtutil.exe
964	wevtutil.exe
2124	wevtutil.exe
2112	wevtutil.exe
2528	wevtutil.exe
2292	wevtutil.exe
2484	wevtutil.exe
1620	wevtutil.exe
1216	wevtutil.exe
2464	wevtutil.exe
1696	wevtutil.exe
2884	wevtutil.exe
1532	wevtutil.exe
2920	wevtutil.exe
3064	wevtutil.exe
2944	wevtutil.exe
2000	wevtutil.exe
1200	wevtutil.exe
820	wevtutil.exe
660	wevtutil.exe
2344	wevtutil.exe
1596	wevtutil.exe
2732	wevtutil.exe
1524	wevtutil.exe
344	wevtutil.exe
2976	wevtutil.exe
2328	wevtutil.exe
2904	wevtutil.exe
2660	wevtutil.exe
2984	wevtutil.exe
1616	wevtutil.exe
2720	wevtutil.exe
2068	wevtutil.exe
852	wevtutil.exe
2008	wevtutil.exe
2888	wevtutil.exe
2072	wevtutil.exe
1744	wevtutil.exe
2720	wevtutil.exe
1736	wevtutil.exe
2336	wevtutil.exe
2540	wevtutil.exe
2812	wevtutil.exe
2712	wevtutil.exe
2824	wevtutil.exe
2900	wevtutil.exe
2792	wevtutil.exe
2540	wevtutil.exe
2584	wevtutil.exe
2672	wevtutil.exe
2376	wevtutil.exe
2052	wevtutil.exe
2256	wevtutil.exe
2528	wevtutil.exe
2684	wevtutil.exe
2424	wevtutil.exe
2548	wevtutil.exe
1216	wevtutil.exe
2312	wevtutil.exe
2180	wevtutil.exe

Deletes itself 1 IoCs

pid	Process
2100	cmd.exe

Power Settings 1 TTPs 1 IoCs

powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

persistence

Power Settings

T1653

pid	Process
2852	wevtutil.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
2896	timeout.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1784	WMIC.exe
Token: SeSecurityPrivilege	1784	WMIC.exe
Token: SeTakeOwnershipPrivilege	1784	WMIC.exe
Token: SeLoadDriverPrivilege	1784	WMIC.exe
Token: SeSystemProfilePrivilege	1784	WMIC.exe
Token: SeSystemtimePrivilege	1784	WMIC.exe
Token: SeProfSingleProcessPrivilege	1784	WMIC.exe
Token: SeIncBasePriorityPrivilege	1784	WMIC.exe
Token: SeCreatePagefilePrivilege	1784	WMIC.exe
Token: SeBackupPrivilege	1784	WMIC.exe
Token: SeRestorePrivilege	1784	WMIC.exe
Token: SeShutdownPrivilege	1784	WMIC.exe
Token: SeDebugPrivilege	1784	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1784	WMIC.exe
Token: SeRemoteShutdownPrivilege	1784	WMIC.exe
Token: SeUndockPrivilege	1784	WMIC.exe
Token: SeManageVolumePrivilege	1784	WMIC.exe
Token: 33	1784	WMIC.exe
Token: 34	1784	WMIC.exe
Token: 35	1784	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1784	WMIC.exe
Token: SeSecurityPrivilege	1784	WMIC.exe
Token: SeTakeOwnershipPrivilege	1784	WMIC.exe
Token: SeLoadDriverPrivilege	1784	WMIC.exe
Token: SeSystemProfilePrivilege	1784	WMIC.exe
Token: SeSystemtimePrivilege	1784	WMIC.exe
Token: SeProfSingleProcessPrivilege	1784	WMIC.exe
Token: SeIncBasePriorityPrivilege	1784	WMIC.exe
Token: SeCreatePagefilePrivilege	1784	WMIC.exe
Token: SeBackupPrivilege	1784	WMIC.exe
Token: SeRestorePrivilege	1784	WMIC.exe
Token: SeShutdownPrivilege	1784	WMIC.exe
Token: SeDebugPrivilege	1784	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1784	WMIC.exe
Token: SeRemoteShutdownPrivilege	1784	WMIC.exe
Token: SeUndockPrivilege	1784	WMIC.exe
Token: SeManageVolumePrivilege	1784	WMIC.exe
Token: 33	1784	WMIC.exe
Token: 34	1784	WMIC.exe
Token: 35	1784	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2836	WMIC.exe
Token: SeSecurityPrivilege	2836	WMIC.exe
Token: SeTakeOwnershipPrivilege	2836	WMIC.exe
Token: SeLoadDriverPrivilege	2836	WMIC.exe
Token: SeSystemProfilePrivilege	2836	WMIC.exe
Token: SeSystemtimePrivilege	2836	WMIC.exe
Token: SeProfSingleProcessPrivilege	2836	WMIC.exe
Token: SeIncBasePriorityPrivilege	2836	WMIC.exe
Token: SeCreatePagefilePrivilege	2836	WMIC.exe
Token: SeBackupPrivilege	2836	WMIC.exe
Token: SeRestorePrivilege	2836	WMIC.exe
Token: SeShutdownPrivilege	2836	WMIC.exe
Token: SeDebugPrivilege	2836	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2836	WMIC.exe
Token: SeRemoteShutdownPrivilege	2836	WMIC.exe
Token: SeUndockPrivilege	2836	WMIC.exe
Token: SeManageVolumePrivilege	2836	WMIC.exe
Token: 33	2836	WMIC.exe
Token: 34	2836	WMIC.exe
Token: 35	2836	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2836	WMIC.exe
Token: SeSecurityPrivilege	2836	WMIC.exe
Token: SeTakeOwnershipPrivilege	2836	WMIC.exe
Token: SeLoadDriverPrivilege	2836	WMIC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 1148	2100	cmd.exe	31
PID 2100 wrote to memory of 1148	2100	cmd.exe	31
PID 2100 wrote to memory of 1148	2100	cmd.exe	31
PID 2100 wrote to memory of 2856	2100	cmd.exe	32
PID 2100 wrote to memory of 2856	2100	cmd.exe	32
PID 2100 wrote to memory of 2856	2100	cmd.exe	32
PID 2100 wrote to memory of 2244	2100	cmd.exe	33
PID 2100 wrote to memory of 2244	2100	cmd.exe	33
PID 2100 wrote to memory of 2244	2100	cmd.exe	33
PID 2100 wrote to memory of 1784	2100	cmd.exe	34
PID 2100 wrote to memory of 1784	2100	cmd.exe	34
PID 2100 wrote to memory of 1784	2100	cmd.exe	34
PID 2100 wrote to memory of 2836	2100	cmd.exe	36
PID 2100 wrote to memory of 2836	2100	cmd.exe	36
PID 2100 wrote to memory of 2836	2100	cmd.exe	36
PID 2100 wrote to memory of 296	2100	cmd.exe	37
PID 2100 wrote to memory of 296	2100	cmd.exe	37
PID 2100 wrote to memory of 296	2100	cmd.exe	37
PID 2100 wrote to memory of 2848	2100	cmd.exe	38
PID 2100 wrote to memory of 2848	2100	cmd.exe	38
PID 2100 wrote to memory of 2848	2100	cmd.exe	38
PID 2848 wrote to memory of 2700	2848	cmd.exe	39
PID 2848 wrote to memory of 2700	2848	cmd.exe	39
PID 2848 wrote to memory of 2700	2848	cmd.exe	39
PID 2100 wrote to memory of 2312	2100	cmd.exe	40
PID 2100 wrote to memory of 2312	2100	cmd.exe	40
PID 2100 wrote to memory of 2312	2100	cmd.exe	40
PID 2312 wrote to memory of 1160	2312	cmd.exe	41
PID 2312 wrote to memory of 1160	2312	cmd.exe	41
PID 2312 wrote to memory of 1160	2312	cmd.exe	41
PID 2100 wrote to memory of 2180	2100	cmd.exe	42
PID 2100 wrote to memory of 2180	2100	cmd.exe	42
PID 2100 wrote to memory of 2180	2100	cmd.exe	42
PID 2100 wrote to memory of 2228	2100	cmd.exe	43
PID 2100 wrote to memory of 2228	2100	cmd.exe	43
PID 2100 wrote to memory of 2228	2100	cmd.exe	43
PID 2100 wrote to memory of 2448	2100	cmd.exe	44
PID 2100 wrote to memory of 2448	2100	cmd.exe	44
PID 2100 wrote to memory of 2448	2100	cmd.exe	44
PID 2100 wrote to memory of 2912	2100	cmd.exe	45
PID 2100 wrote to memory of 2912	2100	cmd.exe	45
PID 2100 wrote to memory of 2912	2100	cmd.exe	45
PID 2100 wrote to memory of 2884	2100	cmd.exe	46
PID 2100 wrote to memory of 2884	2100	cmd.exe	46
PID 2100 wrote to memory of 2884	2100	cmd.exe	46
PID 2100 wrote to memory of 2908	2100	cmd.exe	47
PID 2100 wrote to memory of 2908	2100	cmd.exe	47
PID 2100 wrote to memory of 2908	2100	cmd.exe	47
PID 2100 wrote to memory of 2920	2100	cmd.exe	48
PID 2100 wrote to memory of 2920	2100	cmd.exe	48
PID 2100 wrote to memory of 2920	2100	cmd.exe	48
PID 2100 wrote to memory of 2812	2100	cmd.exe	49
PID 2100 wrote to memory of 2812	2100	cmd.exe	49
PID 2100 wrote to memory of 2812	2100	cmd.exe	49
PID 2100 wrote to memory of 2656	2100	cmd.exe	50
PID 2100 wrote to memory of 2656	2100	cmd.exe	50
PID 2100 wrote to memory of 2656	2100	cmd.exe	50
PID 2100 wrote to memory of 2668	2100	cmd.exe	51
PID 2100 wrote to memory of 2668	2100	cmd.exe	51
PID 2100 wrote to memory of 2668	2100	cmd.exe	51
PID 2100 wrote to memory of 2688	2100	cmd.exe	52
PID 2100 wrote to memory of 2688	2100	cmd.exe	52
PID 2100 wrote to memory of 2688	2100	cmd.exe	52
PID 2100 wrote to memory of 2720	2100	cmd.exe	53

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Temp Cleaner.bat"
1⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\system32\mode.com
  mode con cols=80 lines=25
  2⤵
  PID:1148
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:2856
- C:\Windows\system32\HOSTNAME.EXE
  hostname
  2⤵
  PID:2244
- C:\Windows\System32\Wbem\WMIC.exe
  wmic csproduct get uuid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1784
- C:\Windows\System32\Wbem\WMIC.exe
  wmic cpu get processorid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2836
- C:\Windows\system32\cacls.exe
  "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
  2⤵
  PID:296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c bcdedit
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Windows\system32\bcdedit.exe
    bcdedit
    3⤵
    PID:2700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wevtutil.exe el
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe el
    3⤵
    PID:1160
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Analytic"
  2⤵
  PID:2180
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Application"
  2⤵
  PID:2228
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "DebugChannel"
  2⤵
  - Clears Windows event logs
  PID:2448
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "DirectShowFilterGraph"
  2⤵
  PID:2912
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "DirectShowPluginControl"
  2⤵
  PID:2884
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Els_Hyphenation/Analytic"
  2⤵
  PID:2908
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "EndpointMapper"
  2⤵
  PID:2920
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "ForwardedEvents"
  2⤵
  PID:2812
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "HardwareEvents"
  2⤵
  PID:2656
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Internet Explorer"
  2⤵
  PID:2668
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Key Management Service"
  2⤵
  PID:2688
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "MF_MediaFoundationDeviceProxy"
  2⤵
  - Clears Windows event logs
  PID:2720
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Media Center"
  2⤵
  PID:2788
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "MediaFoundationDeviceProxy"
  2⤵
  PID:2828
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "MediaFoundationPerformance"
  2⤵
  PID:1000
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "MediaFoundationPipeline"
  2⤵
  PID:1772
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "MediaFoundationPlatform"
  2⤵
  PID:2264
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-IE/Diagnostic"
  2⤵
  PID:684
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-IEDVTOOL/Diagnostic"
  2⤵
  PID:1600
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-IEFRAME/Diagnostic"
  2⤵
  PID:1588
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-JSDumpHeap/Diagnostic"
  2⤵
  PID:1936
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-PerfTrack-IEFRAME/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:964
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-PerfTrack-MSHTML/Diagnostic"
  2⤵
  PID:2548
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ADSI/Debug"
  2⤵
  PID:2988
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-API-Tracing/Operational"
  2⤵
  PID:2252
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ATAPort/General"
  2⤵
  - Clears Windows event logs
  PID:2052
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ATAPort/SATA-LPM"
  2⤵
  PID:2140
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ActionQueue/Analytic"
  2⤵
  PID:1116
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-AltTab/Diagnostic"
  2⤵
  PID:2504
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-AppID/Operational"
  2⤵
  PID:1224
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-AppLocker/EXE and DLL"
  2⤵
  - Clears Windows event logs
  PID:2540
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-AppLocker/MSI and Script"
  2⤵
  - Clears Windows event logs
  PID:2976
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Admin"
  2⤵
  PID:2144
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Analytic"
  2⤵
  PID:1716
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Debug"
  2⤵
  PID:2716
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Operational"
  2⤵
  PID:912
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Application-Experience/Problem-Steps-Recorder"
  2⤵
  PID:2952
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant"
  2⤵
  PID:2996
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter"
  2⤵
  - Clears Windows event logs
  PID:2124
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Inventory"
  2⤵
  PID:1536
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Inventory/Debug"
  2⤵
  - Clears Windows event logs
  PID:1696
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Telemetry"
  2⤵
  PID:2416
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Audio/CaptureMonitor"
  2⤵
  PID:2116
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Audio/Operational"
  2⤵
  PID:1664
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Audio/Performance"
  2⤵
  PID:3012
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Audit/Analytic"
  2⤵
  PID:3004
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Authentication User Interface/Operational"
  2⤵
  PID:1976
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-AxInstallService/Log"
  2⤵
  PID:316
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Backup"
  2⤵
  PID:1728
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Biometrics/Operational"
  2⤵
  PID:2008
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Admin"
  2⤵
  PID:1560
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Operational"
  2⤵
  PID:2392
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Bits-Client/Analytic"
  2⤵
  PID:2104
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Bits-Client/Operational"
  2⤵
  PID:2080
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Bluetooth-MTPEnum/Operational"
  2⤵
  PID:948
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-BranchCache/Operational"
  2⤵
  PID:2468
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic"
  2⤵
  PID:2288
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-BranchCacheEventProvider/Diagnostic"
  2⤵
  PID:2128
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Analytic"
  2⤵
  PID:2604
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Operational"
  2⤵
  PID:2096
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-CAPI2/Operational"
  2⤵
  PID:1372
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-CDROM/Operational"
  2⤵
  PID:2844
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-COM/Analytic"
  2⤵
  PID:2432
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-COMRuntime/Tracing"
  2⤵
  PID:1616
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Calculator/Debug"
  2⤵
  PID:876
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Calculator/Diagnostic"
  2⤵
  PID:1844
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-CertPoleEng/Operational"
  2⤵
  PID:968
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"
  2⤵
  PID:264
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ClearTypeTextTuner/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:2484
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-CmiSetup/Analytic"
  2⤵
  PID:2612
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Operational"
  2⤵
  PID:2152
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Verbose"
  2⤵
  PID:1740
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ComDlg32/Analytic"
  2⤵
  PID:1348
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ComDlg32/Debug"
  2⤵
  PID:2260
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Client/Operational"
  2⤵
  PID:1960
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Server/Operational"
  2⤵
  PID:2004
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-CredUI/Diagnostic"
  2⤵
  PID:1512
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Crypto-RNG/Analytic"
  2⤵
  PID:748
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-D3D10Level9/Analytic"
  2⤵
  PID:2620
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-D3D10Level9/PerfTiming"
  2⤵
  - Clears Windows event logs
  PID:2584
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DCLocator/Debug"
  2⤵
  PID:1200
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DNS-Client/Operational"
  2⤵
  - Clears Windows event logs
  PID:1216
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DUI/Diagnostic"
  2⤵
  PID:2292
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DUSER/Diagnostic"
  2⤵
  PID:2368
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DXGI/Analytic"
  2⤵
  PID:1876
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DXGI/Logging"
  2⤵
  PID:1760
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DXP/Analytic"
  2⤵
  PID:688
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Analytic"
  2⤵
  PID:2020
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Debug"
  2⤵
  PID:2028
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Operational"
  2⤵
  PID:2024
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Deplorch/Analytic"
  2⤵
  PID:2544
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DeviceSync/Analytic"
  2⤵
  PID:1496
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DeviceSync/Operational"
  2⤵
  - Clears Windows event logs
  PID:2068
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DeviceUx/Informational"
  2⤵
  PID:2444
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DeviceUx/Performance"
  2⤵
  PID:1164
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Admin"
  2⤵
  PID:992
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Operational"
  2⤵
  PID:1940
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DhcpNap/Admin"
  2⤵
  PID:1804
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DhcpNap/Operational"
  2⤵
  PID:2460
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Admin"
  2⤵
  PID:2380
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Operational"
  2⤵
  PID:2060
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DiagCpl/Debug"
  2⤵
  PID:2596
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Analytic"
  2⤵
  PID:2560
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Debug"
  2⤵
  PID:1276
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Operational"
  2⤵
  PID:1628
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-MSDE/Debug"
  2⤵
  PID:3008
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Analytic"
  2⤵
  PID:2856
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Debug"
  2⤵
  PID:2244
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Operational"
  2⤵
  PID:2692
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Debug"
  2⤵
  PID:2216
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Operational"
  2⤵
  PID:1784
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-Perfhost/Analytic"
  2⤵
  PID:2800
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scheduled/Operational"
  2⤵
  PID:2796
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Admin"
  2⤵
  PID:580
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Analytic"
  2⤵
  PID:2744
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Debug"
  2⤵
  PID:2804
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Operational"
  2⤵
  PID:296
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug"
  2⤵
  PID:2772
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational"
  2⤵
  PID:2348
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-TaskManager/Debug"
  2⤵
  - Clears Windows event logs
  PID:2312
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-WDC/Analytic"
  2⤵
  - Clears Windows event logs
  PID:2180
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnosis-WDI/Debug"
  2⤵
  PID:2228
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Debug"
  2⤵
  PID:2448
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Operational"
  2⤵
  PID:2912
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:2884
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic"
  2⤵
  PID:2908
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:2920
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback"
  2⤵
  - Clears Windows event logs
  PID:2812
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Operational"
  2⤵
  PID:2656
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Direct3D10/Analytic"
  2⤵
  PID:2668
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Direct3D10_1/Analytic"
  2⤵
  PID:2688
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Direct3D11/Analytic"
  2⤵
  - Clears Windows event logs
  PID:2720
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Direct3D11/Logging"
  2⤵
  PID:2788
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Direct3D11/PerfTiming"
  2⤵
  PID:2828
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DirectShow-KernelSupport/Performance"
  2⤵
  PID:1000
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DirectSound/Debug"
  2⤵
  PID:1772
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DirectWrite-FontCache/Tracing"
  2⤵
  PID:2264
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DirectWrite/Tracing"
  2⤵
  PID:684
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Disk/Operational"
  2⤵
  PID:1600
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DiskDiagnostic/Operational"
  2⤵
  PID:1588
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DiskDiagnosticDataCollector/Operational"
  2⤵
  PID:1936
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DiskDiagnosticResolver/Operational"
  2⤵
  PID:2036
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Debug"
  2⤵
  PID:2696
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Operational"
  2⤵
  PID:2752
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DisplaySwitch/Diagnostic"
  2⤵
  PID:2240
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Documents/Performance"
  2⤵
  PID:2492
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DriverFrameworks-UserMode/Operational"
  2⤵
  PID:1780
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DxgKrnl/Diagnostic"
  2⤵
  PID:2532
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DxgKrnl/Performance"
  2⤵
  PID:2960
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DxpTaskRingtone/Analytic"
  2⤵
  PID:2524
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-DxpTaskSyncProvider/Analytic"
  2⤵
  PID:2968
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-EFS/Debug"
  2⤵
  PID:1212
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-EapHost/Analytic"
  2⤵
  PID:2012
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-EapHost/Debug"
  2⤵
  PID:1568
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-EapHost/Operational"
  2⤵
  PID:2644
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-EaseOfAccess/Diagnostic"
  2⤵
  PID:2860
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-EventCollector/Debug"
  2⤵
  PID:2984
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-EventCollector/Operational"
  2⤵
  PID:2852
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-EventLog-WMIProvider/Debug"
  2⤵
  PID:2136
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-EventLog/Analytic"
  2⤵
  PID:1980
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-EventLog/Debug"
  2⤵
  PID:292
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-FMS/Analytic"
  2⤵
  PID:2536
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-FMS/Debug"
  2⤵
  PID:1084
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-FMS/Operational"
  2⤵
  PID:3000
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-FailoverClustering-Client/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:3064
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Fault-Tolerant-Heap/Operational"
  2⤵
  PID:2992
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Feedback-Service-TriggerProvider"
  2⤵
  PID:676
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-FileInfoMinifilter/Operational"
  2⤵
  PID:884
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Firewall-CPL/Diagnostic"
  2⤵
  PID:1860
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Folder Redirection/Operational"
  2⤵
  PID:1308
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Forwarding/Debug"
  2⤵
  PID:1100
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Forwarding/Operational"
  2⤵
  - Clears Windows event logs
  PID:2072
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-GettingStarted/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:1620
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-GroupPolicy/Operational"
  2⤵
  PID:2500
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-HAL/Debug"
  2⤵
  PID:2196
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-HealthCenter/Debug"
  2⤵
  PID:2476
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-HealthCenter/Performance"
  2⤵
  PID:2200
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-HealthCenterCPL/Performance"
  2⤵
  PID:2256
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Help/Operational"
  2⤵
  PID:2420
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"
  2⤵
  PID:1864
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel/Operational"
  2⤵
  PID:2304
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-HomeGroup Listener Service/Operational"
  2⤵
  PID:2408
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"
  2⤵
  PID:2296
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service/Operational"
  2⤵
  PID:900
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-HomeGroup-ListenerService"
  2⤵
  PID:824
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-HotStart/Diagnostic"
  2⤵
  PID:2636
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-HttpService/Trace"
  2⤵
  PID:1192
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-IKE/Operational"
  2⤵
  PID:1524
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-IKEDBG/Debug"
  2⤵
  PID:340
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-IPBusEnum/Tracing"
  2⤵
  - Clears Windows event logs
  PID:2112
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-IPSEC-SRV/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:2528
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-International-RegionalOptionsControlPanel/Operational"
  2⤵
  - Clears Windows event logs
  PID:1532
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-International/Operational"
  2⤵
  PID:928
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Debug"
  2⤵
  PID:2248
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Operational"
  2⤵
  PID:1392
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Trace"
  2⤵
  PID:1528
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-Acpi/Diagnostic"
  2⤵
  PID:1700
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-Boot/Analytic"
  2⤵
  PID:2344
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic"
  2⤵
  PID:2156
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-Disk/Analytic"
  2⤵
  PID:1592
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Admin"
  2⤵
  PID:832
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Analytic"
  2⤵
  PID:344
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-File/Analytic"
  2⤵
  PID:1916
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-Memory/Analytic"
  2⤵
  PID:1748
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-Network/Analytic"
  2⤵
  - Clears Windows event logs
  PID:1736
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Diagnostic"
  2⤵
  PID:596
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-Power/Diagnostic"
  2⤵
  PID:1704
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Diagnostic"
  2⤵
  PID:2016
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Operational"
  2⤵
  PID:2032
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-Prefetch/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:852
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-Process/Analytic"
  2⤵
  PID:2736
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-Processor-Power/Diagnostic"
  2⤵
  PID:2388
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-Registry/Analytic"
  2⤵
  PID:2592
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Analytic"
  2⤵
  PID:2576
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Operational"
  2⤵
  PID:1776
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Analytic"
  2⤵
  PID:820
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Debug"
  2⤵
  PID:1948
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Operational"
  2⤵
  PID:1676
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Errors"
  2⤵
  - Clears Windows event logs
  PID:2944
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Operational"
  2⤵
  PID:1808
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Known Folders API Service"
  2⤵
  PID:2600
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-L2NA/Diagnostic"
  2⤵
  PID:2580
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-LDAP-Client/Debug"
  2⤵
  PID:1572
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-LUA-ConsentUI/Diagnostic"
  2⤵
  PID:1576
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Analytic"
  2⤵
  PID:1652
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Debug"
  2⤵
  - Clears Windows event logs
  PID:1148
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Operational"
  2⤵
  PID:2748
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MCT/Operational"
  2⤵
  PID:560
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MPS-CLNT/Diagnostic"
  2⤵
  PID:2764
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MPS-DRV/Diagnostic"
  2⤵
  PID:2440
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MPS-SRV/Diagnostic"
  2⤵
  PID:2916
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MSPaint/Admin"
  2⤵
  PID:2876
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MSPaint/Debug"
  2⤵
  PID:2980
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MSPaint/Diagnostic"
  2⤵
  PID:2332
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MUI/Admin"
  2⤵
  PID:2868
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MUI/Analytic"
  2⤵
  PID:1792
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MUI/Debug"
  2⤵
  PID:2700
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MUI/Operational"
  2⤵
  PID:2364
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter"
  2⤵
  PID:2320
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader"
  2⤵
  - Clears Windows event logs
  PID:2192
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/Transform"
  2⤵
  PID:2472
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MediaFoundation-PlayAPI/Analytic"
  2⤵
  - Clears Windows event logs
  PID:2328
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MemoryDiagnostics-Results/Debug"
  2⤵
  PID:2872
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-MobilityCenter/Performance"
  2⤵
  - Clears Windows event logs
  PID:2904
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NCSI/Analytic"
  2⤵
  PID:2924
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NCSI/Operational"
  2⤵
  PID:2936
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NDF-HelperClassDiscovery/Debug"
  2⤵
  PID:2816
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NDIS-PacketCapture/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:2660
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NDIS/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:2672
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NDIS/Operational"
  2⤵
  PID:2704
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NTLM/Operational"
  2⤵
  - Clears Windows event logs
  PID:2732
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NWiFi/Diagnostic"
  2⤵
  PID:2780
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Narrator/Diagnostic"
  2⤵
  PID:2132
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NetShell/Performance"
  2⤵
  PID:1564
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Network-and-Sharing-Center/Diagnostic"
  2⤵
  PID:2172
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NetworkAccessProtection/Operational"
  2⤵
  PID:1136
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NetworkAccessProtection/WHC"
  2⤵
  - Clears Windows event logs
  PID:1744
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NetworkLocationWizard/Operational"
  2⤵
  PID:1352
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NetworkProfile/Diagnostic"
  2⤵
  PID:2556
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NetworkProfile/Operational"
  2⤵
  PID:1384
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Networking-Correlation/Diagnostic"
  2⤵
  PID:2552
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NlaSvc/Diagnostic"
  2⤵
  PID:1800
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-NlaSvc/Operational"
  2⤵
  PID:2220
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-OLEACC/Debug"
  2⤵
  PID:2452
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-OLEACC/Diagnostic"
  2⤵
  PID:2496
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-OOBE-Machine/Diagnostic"
  2⤵
  PID:2516
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-OfflineFiles/Analytic"
  2⤵
  PID:2520
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-OfflineFiles/Debug"
  2⤵
  PID:2956
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-OfflineFiles/Operational"
  2⤵
  PID:2964
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-OfflineFiles/SyncLog"
  2⤵
  PID:2972
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-OneX/Diagnostic"
  2⤵
  PID:2352
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-OobeLdr/Analytic"
  2⤵
  PID:1932
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-PCI/Diagnostic"
  2⤵
  PID:1316
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ParentalControls/Operational"
  2⤵
  PID:1556
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic"
  2⤵
  PID:1568
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-PeopleNearMe/Operational"
  2⤵
  PID:2644
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-PortableDeviceStatusProvider/Analytic"
  2⤵
  PID:2860
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-PortableDeviceSyncProvider/Analytic"
  2⤵
  - Clears Windows event logs
  PID:2984
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-PowerCfg/Diagnostic"
  2⤵
  - Power Settings
  PID:2852
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-PowerCpl/Diagnostic"
  2⤵
  PID:2136
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic"
  2⤵
  PID:1980
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-PowerShell/Analytic"
  2⤵
  PID:292
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-PowerShell/Operational"
  2⤵
  PID:2536
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-PrimaryNetworkIcon/Performance"
  2⤵
  PID:1084
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-PrintService/Admin"
  2⤵
  PID:3000
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-PrintService/Debug"
  2⤵
  PID:3064
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-PrintService/Operational"
  2⤵
  PID:2992
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Program-Compatibility-Assistant/Debug"
  2⤵
  PID:676
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-QoS-Pacer/Diagnostic"
  2⤵
  PID:884
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-QoS-qWAVE/Debug"
  2⤵
  PID:1860
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-RPC-Proxy/Debug"
  2⤵
  PID:1308
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-RPC/Debug"
  2⤵
  PID:1100
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-RPC/EEInfo"
  2⤵
  PID:2072
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ReadyBoost/Analytic"
  2⤵
  PID:1620
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ReadyBoost/Operational"
  2⤵
  PID:2500
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Analytic"
  2⤵
  PID:2196
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Operational"
  2⤵
  PID:2476
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Recovery/Operational"
  2⤵
  PID:2200
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ReliabilityAnalysisComponent/Operational"
  2⤵
  - Clears Windows event logs
  PID:2256
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"
  2⤵
  PID:2420
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Admin"
  2⤵
  PID:1864
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Operational"
  2⤵
  PID:2304
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Tracing"
  2⤵
  PID:2408
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin"
  2⤵
  PID:2296
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational"
  2⤵
  PID:900
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Remotefs-UTProvider/Diagnostic"
  2⤵
  PID:824
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Detector/Operational"
  2⤵
  PID:2636
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational"
  2⤵
  PID:1192
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Resource-Leak-Diagnostic/Operational"
  2⤵
  - Clears Windows event logs
  PID:1524
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ResourcePublication/Tracing"
  2⤵
  PID:340
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-RestartManager/Operational"
  2⤵
  PID:2112
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Search-Core/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:2528
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Search-ProtocolHandlers/Diagnostic"
  2⤵
  PID:1532
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic"
  2⤵
  PID:928
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Operational"
  2⤵
  PID:2248
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Security-IdentityListener/Operational"
  2⤵
  PID:1392
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Security-SPP/Perf"
  2⤵
  PID:1528
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Sens/Debug"
  2⤵
  PID:1700
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ServiceReportingApi/Debug"
  2⤵
  - Clears Windows event logs
  PID:2344
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Services-Svchost/Diagnostic"
  2⤵
  PID:2156
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Services/Diagnostic"
  2⤵
  PID:1592
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Setup/Analytic"
  2⤵
  PID:832
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-SetupCl/Analytic"
  2⤵
  - Clears Windows event logs
  PID:344
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-SetupQueue/Analytic"
  2⤵
  PID:804
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-SetupUGC/Analytic"
  2⤵
  PID:1968
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic"
  2⤵
  PID:1008
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:2424
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic"
  2⤵
  PID:2572
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic"
  2⤵
  PID:860
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:2376
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic"
  2⤵
  PID:2108
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic"
  2⤵
  PID:1496
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Shell-Core/Diagnostic"
  2⤵
  PID:1788
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic"
  2⤵
  PID:988
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Shell-Shwebsvc"
  2⤵
  PID:2396
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Shell-ZipFolder/Diagnostic"
  2⤵
  PID:1832
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Shsvcs/Diagnostic"
  2⤵
  PID:3036
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Sidebar/Diagnostic"
  2⤵
  PID:2632
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Speech-UserExperience/Diagnostic"
  2⤵
  PID:2588
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Spell-Checking/Analytic"
  2⤵
  PID:2384
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-SpellChecker/Analytic"
  2⤵
  PID:1268
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-StickyNotes/Admin"
  2⤵
  PID:2056
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-StickyNotes/Debug"
  2⤵
  PID:2188
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-StickyNotes/Diagnostic"
  2⤵
  PID:1584
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-StorDiag/Operational"
  2⤵
  PID:1996
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-StorPort/Operational"
  2⤵
  PID:3016
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Subsys-Csr/Operational"
  2⤵
  PID:2456
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Subsys-SMSS/Operational"
  2⤵
  PID:2316
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Superfetch/Main"
  2⤵
  - Clears Windows event logs
  PID:2792
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Superfetch/StoreLog"
  2⤵
  PID:2336
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Sysprep/Analytic"
  2⤵
  PID:2888
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-SystemHealthAgent/Diagnostic"
  2⤵
  PID:2784
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TCPIP/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:2684
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TSF-msctf/Debug"
  2⤵
  PID:2836
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TSF-msctf/Diagnostic"
  2⤵
  PID:2680
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TSF-msutb/Debug"
  2⤵
  - Clears Windows event logs
  PID:2712
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TSF-msutb/Diagnostic"
  2⤵
  PID:2832
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TZUtil/Operational"
  2⤵
  PID:2848
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TaskScheduler/Debug"
  2⤵
  PID:1160
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TaskScheduler/Diagnostic"
  2⤵
  PID:2232
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TaskScheduler/Operational"
  2⤵
  PID:2464
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TaskbarCPL/Diagnostic"
  2⤵
  PID:2864
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin"
  2⤵
  PID:2808
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic"
  2⤵
  PID:2900
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug"
  2⤵
  PID:2932
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational"
  2⤵
  PID:2880
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin"
  2⤵
  PID:3044
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic"
  2⤵
  PID:2652
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Debug"
  2⤵
  PID:2676
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"
  2⤵
  - Clears Windows event logs
  PID:2668
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-MediaRedirection/Analytic"
  2⤵
  PID:2728
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Admin"
  2⤵
  - Clears Windows event logs
  PID:2824
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Analytic"
  2⤵
  PID:660
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Debug"
  2⤵
  PID:2280
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Operational"
  2⤵
  PID:2896
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Analytic"
  2⤵
  PID:2480
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Debug"
  2⤵
  PID:2284
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Operational"
  2⤵
  PID:1324
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture"
  2⤵
  - Clears Windows event logs
  PID:1596
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback"
  2⤵
  PID:944
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin"
  2⤵
  PID:496
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic"
  2⤵
  PID:964
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug"
  2⤵
  - Clears Windows event logs
  PID:2548
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
  2⤵
  PID:2988
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin"
  2⤵
  PID:2252
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic"
  2⤵
  PID:2052
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug"
  2⤵
  PID:2140
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational"
  2⤵
  PID:1116
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ThemeCPL/Diagnostic"
  2⤵
  PID:2504
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ThemeUI/Diagnostic"
  2⤵
  PID:1224
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-TunnelDriver"
  2⤵
  - Clears Windows event logs
  PID:2540
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-UAC-FileVirtualization/Operational"
  2⤵
  PID:2976
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-UAC/Operational"
  2⤵
  PID:2144
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-UIAnimation/Diagnostic"
  2⤵
  PID:1716
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Debug"
  2⤵
  PID:2840
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Diagnostic"
  2⤵
  PID:2756
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Perf"
  2⤵
  PID:1328
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-UIRibbon/Diagnostic"
  2⤵
  PID:1824
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-USB-USBHUB/Diagnostic"
  2⤵
  PID:1516
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-USB-USBPORT/Diagnostic"
  2⤵
  PID:1536
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"
  2⤵
  PID:2088
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-User Profile Service/Diagnostic"
  2⤵
  PID:2168
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-User Profile Service/Operational"
  2⤵
  PID:2160
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-User-Loader/Analytic"
  2⤵
  PID:2324
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-UserModePowerService/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:2000
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-UserPnp/DeviceMetadata/Debug"
  2⤵
  PID:2340
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-UserPnp/DeviceNotifications"
  2⤵
  PID:2092
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-UserPnp/Performance"
  2⤵
  PID:1624
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-UserPnp/SchedulerOperations"
  2⤵
  PID:2084
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-UxTheme/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:2008
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-VAN/Diagnostic"
  2⤵
  PID:1560
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-VDRVROOT/Operational"
  2⤵
  PID:2392
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-VHDMP/Operational"
  2⤵
  PID:2104
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-VWiFi/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:2204
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-VolumeControl/Performance"
  2⤵
  PID:948
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-VolumeSnapshot-Driver/Operational"
  2⤵
  PID:2468
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WABSyncProvider/Analytic"
  2⤵
  PID:2288
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WCN-Config-Registrar/Diagnostic"
  2⤵
  PID:2164
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WER-Diag/Operational"
  2⤵
  PID:2604
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WFP/Analytic"
  2⤵
  PID:1360
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WFP/Operational"
  2⤵
  PID:1372
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WLAN-AutoConfig/Operational"
  2⤵
  PID:2412
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WLAN-Autoconfig/Diagnostic"
  2⤵
  PID:2432
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WLANConnectionFlow/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:1616
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WMI-Activity/Trace"
  2⤵
  PID:876
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WMPDMCCore/Diagnostic"
  2⤵
  PID:408
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WMPDMCUI/Diagnostic"
  2⤵
  PID:968
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic"
  2⤵
  PID:264
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WMPNSS-Service/Diagnostic"
  2⤵
  PID:2484
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WMPNSSUI/Diagnostic"
  2⤵
  PID:2616
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WPD-ClassInstaller/Analytic"
  2⤵
  PID:2152
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WPD-ClassInstaller/Operational"
  2⤵
  PID:1740
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WPD-CompositeClassDriver/Analytic"
  2⤵
  PID:1348
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WPD-CompositeClassDriver/Operational"
  2⤵
  PID:2268
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WPD-MTPClassDriver/Operational"
  2⤵
  PID:1960
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WSC-SRV/Diagnostic"
  2⤵
  PID:2004
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WUSA/Debug"
  2⤵
  PID:1512
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WWAN-MM-Events/Diagnostic"
  2⤵
  PID:748
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic"
  2⤵
  PID:2620
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WWAN-SVC-Events/Diagnostic"
  2⤵
  PID:2584
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WWAN-UI-Events/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:1200
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WebIO-NDF/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:1216
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WebIO/Diagnostic"
  2⤵
  PID:924
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WebServices/Tracing"
  2⤵
  PID:2272
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Win32k/Concurrency"
  2⤵
  - Clears Windows event logs
  PID:2292
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Win32k/Power"
  2⤵
  PID:1748
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Win32k/Render"
  2⤵
  PID:1736
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Win32k/Tracing"
  2⤵
  PID:596
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Win32k/UIPI"
  2⤵
  PID:1704
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WinHTTP-NDF/Diagnostic"
  2⤵
  PID:2016
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WinHttp/Diagnostic"
  2⤵
  PID:2032
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WinINet/Analytic"
  2⤵
  PID:852
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WinRM/Analytic"
  2⤵
  PID:2736
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WinRM/Debug"
  2⤵
  PID:2388
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WinRM/Operational"
  2⤵
  PID:2592
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Windeploy/Analytic"
  2⤵
  PID:2576
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Windows Defender/Operational"
  2⤵
  PID:1776
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Windows Defender/WHC"
  2⤵
  - Clears Windows event logs
  PID:820
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"
  2⤵
  PID:1948
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"
  2⤵
  PID:1676
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
  2⤵
  PID:2944
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"
  2⤵
  PID:1808
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WindowsBackup/ActionCenter"
  2⤵
  PID:2600
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WindowsColorSystem/Debug"
  2⤵
  PID:2560
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WindowsColorSystem/Operational"
  2⤵
  PID:2188
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WindowsSystemAssessmentTool/Operational"
  2⤵
  PID:1584
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WindowsSystemAssessmentTool/Tracing"
  2⤵
  PID:1996
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-WindowsUpdateClient/Operational"
  2⤵
  PID:3016
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Wininit/Diagnostic"
  2⤵
  PID:2456
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Winlogon/Diagnostic"
  2⤵
  PID:2316
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Winlogon/Operational"
  2⤵
  PID:2792
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Winsock-AFD/Operational"
  2⤵
  - Clears Windows event logs
  PID:2336
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Winsock-WS2HELP/Operational"
  2⤵
  - Clears Windows event logs
  PID:2888
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Winsrv/Analytic"
  2⤵
  PID:2784
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Wired-AutoConfig/Diagnostic"
  2⤵
  PID:2684
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Wired-AutoConfig/Operational"
  2⤵
  PID:2836
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Wordpad/Admin"
  2⤵
  PID:2680
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Wordpad/Debug"
  2⤵
  PID:2712
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-Wordpad/Diagnostic"
  2⤵
  PID:2832
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-mobsync/Diagnostic"
  2⤵
  PID:2848
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-ntshrui"
  2⤵
  PID:1160
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-osk/Diagnostic"
  2⤵
  PID:2232
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Microsoft-Windows-stobject/Diagnostic"
  2⤵
  - Clears Windows event logs
  PID:2464
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "OAlerts"
  2⤵
  PID:2864
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Security"
  2⤵
  PID:2808
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Setup"
  2⤵
  - Clears Windows event logs
  PID:2900
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "System"
  2⤵
  PID:2932
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "TabletPC_InputPanel_Channel"
  2⤵
  PID:2880
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "WINDOWS_MP4SDECD_CHANNEL"
  2⤵
  PID:3044
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "WINDOWS_MSMPEG2VDEC_CHANNEL"
  2⤵
  PID:2652
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "WINDOWS_WMPHOTO_CHANNEL"
  2⤵
  PID:2676
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "WMPSetup"
  2⤵
  PID:2668
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "WMPSyncEngine"
  2⤵
  PID:2728
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "Windows PowerShell"
  2⤵
  PID:2824
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager/Admin"
  2⤵
  - Clears Windows event logs
  PID:660
- C:\Windows\system32\wevtutil.exe
  wevtutil.exe cl "muxencode"
  2⤵
  PID:2280
- C:\Windows\system32\timeout.exe
  timeout 2
  2⤵
  - Delays execution with timeout.exe
  PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Power Settings

T1653

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

Clear Windows Event Logs

T1070.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...