Malware Analysis Report

2024-12-07 17:35

Sample ID 241112-pv4f7asgrg
Target XorEncrypt.exe
SHA256 f1f72dc070609ea57ed4e3e07fab2de6770f9bcae6b85ec395184f9fe2cb2cb7
Tags
credential_access discovery evasion persistence ransomware spyware stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f1f72dc070609ea57ed4e3e07fab2de6770f9bcae6b85ec395184f9fe2cb2cb7

Threat Level: Likely malicious

The file XorEncrypt.exe was found to be: Likely malicious.

Malicious Activity Summary

credential_access discovery evasion persistence ransomware spyware stealer

Clears Windows event logs

Credentials from Password Stores: Windows Credential Manager

Reads user/profile data of web browsers

Deletes itself

Power Settings

Drops file in Program Files directory

Browser Information Discovery

Unsigned PE

System Time Discovery

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Runs net.exe

Kills process with taskkill

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Delays execution with timeout.exe

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 12:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 12:39

Reported

2024-11-12 12:41

Platform

win7-20240903-en

Max time kernel

88s

Max time network

88s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe"

Signatures

Clears Windows event logs

evasion ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Power Settings

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre7\lib\management\jmxremote.access.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Defender\de-DE\MpAsDesc.dll.mui.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\highDpiImageSwap.js.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_es.dll.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_tr.dll.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseout.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.key-CGVLWKISXARN.0xcf5060c6febdc C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A

Browser Information Discovery

discovery

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A N/A N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcf5060c6febdc\DefaultIcon C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcf5060c6febdc C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcf5060c6febdc\DefaultIcon\ = "C:\\Windows\\System32\\SHELL32.dll,47" C:\Windows\system32\reg.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2728 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2664 wrote to memory of 2656 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2664 wrote to memory of 2656 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2664 wrote to memory of 2656 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2728 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2780 wrote to memory of 2964 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2780 wrote to memory of 2964 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2780 wrote to memory of 2964 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2964 wrote to memory of 2744 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2964 wrote to memory of 2744 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2964 wrote to memory of 2744 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2728 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2844 wrote to memory of 2564 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2844 wrote to memory of 2564 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2844 wrote to memory of 2564 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2564 wrote to memory of 2556 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2564 wrote to memory of 2556 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2564 wrote to memory of 2556 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2728 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 2796 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2920 wrote to memory of 2796 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2920 wrote to memory of 2796 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2796 wrote to memory of 1592 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2796 wrote to memory of 1592 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2796 wrote to memory of 1592 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2728 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2696 wrote to memory of 2576 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2696 wrote to memory of 2576 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2696 wrote to memory of 2576 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2576 wrote to memory of 2584 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2576 wrote to memory of 2584 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2576 wrote to memory of 2584 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2728 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2772 wrote to memory of 2524 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2772 wrote to memory of 2524 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2772 wrote to memory of 2524 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2524 wrote to memory of 2544 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2524 wrote to memory of 2544 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2524 wrote to memory of 2544 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2728 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2728 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2572 wrote to memory of 2580 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2572 wrote to memory of 2580 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2572 wrote to memory of 2580 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2580 wrote to memory of 2604 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2580 wrote to memory of 2604 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2580 wrote to memory of 2604 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2728 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe

"C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe"

C:\Windows\system32\cmd.exe

cmd /C "reg add HKEY_CLASSES_ROOT\.0xcf5060c6febdc\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,47 /f"

C:\Windows\system32\reg.exe

reg add HKEY_CLASSES_ROOT\.0xcf5060c6febdc\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,47 /f

C:\Windows\system32\cmd.exe

cmd /C "iisreset /stop"

C:\Windows\system32\cmd.exe

cmd /C "NET STOP IISADMIN"

C:\Windows\system32\net.exe

NET STOP IISADMIN

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 STOP IISADMIN

C:\Windows\system32\cmd.exe

cmd /C "net stop WAS"

C:\Windows\system32\net.exe

net stop WAS

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop WAS

C:\Windows\system32\cmd.exe

cmd /C "NET stop MSSQLSERVER"

C:\Windows\system32\net.exe

NET stop MSSQLSERVER

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop MSSQLSERVER

C:\Windows\system32\cmd.exe

cmd /C "NET stop \"SQL Server (MSSQLSERVER)\""

C:\Windows\system32\net.exe

NET stop \"SQL Server (MSSQLSERVER)\"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop \"SQL Server (MSSQLSERVER)\"

C:\Windows\system32\cmd.exe

cmd /C "net stop MSSQL$SQLEXPRESS"

C:\Windows\system32\net.exe

net stop MSSQL$SQLEXPRESS

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS

C:\Windows\system32\cmd.exe

cmd /C "net stop SQLSERVERAGENT"

C:\Windows\system32\net.exe

net stop SQLSERVERAGENT

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop SQLSERVERAGENT

C:\Windows\system32\cmd.exe

cmd /C "net stop mysql"

C:\Windows\system32\net.exe

net stop mysql

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop mysql

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlservr.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlservr.exe /T

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlceip.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlceip.exe /T

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlwriter.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlwriter.exe /T

C:\Windows\system32\cmd.exe

cmd /C "Del /S /F /Q %Windir%\Temp"

C:\Windows\system32\cmd.exe

cmd /C C:\Users\Public\Log.cmd

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" el

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Application

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DebugChannel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl EndpointMapper

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl HardwareEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Media Center"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEDVTOOL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-API-Tracing/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AltTab/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Problem-Steps-Recorder

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-TaskManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite-FontCache/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskRingtone/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Feedback-Service-TriggerProvider

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GettingStarted/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotStart/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPBusEnum/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MCT/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/WHC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeopleNearMe/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Recovery/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReliabilityAnalysisComponent/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-UTProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Leak-Diagnostic/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sidebar/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemHealthAgent/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceNotifications

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeControl/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeSnapshot-Driver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WABSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WCN-Config-Registrar/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WER-Diag/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-AutoConfig/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-Autoconfig/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLANConnectionFlow/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMI-Activity/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCCore/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-Service/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSSUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-MTPClassDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WSC-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WUSA/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-MM-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-SVC-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-UI-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO-NDF/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebServices/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Concurrency

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Power

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Render

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/UIPI

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHTTP-NDF/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHttp/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinINet/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Windeploy/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/WHC"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsBackup/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsUpdateClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wininit/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-AFD/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-WS2HELP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsrv/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-mobsync/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ntshrui

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-osk/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-stobject/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl OAlerts

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Security

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Setup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl System

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl TabletPC_InputPanel_Channel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WINDOWS_MP4SDECD_CHANNEL

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WINDOWS_MSMPEG2VDEC_CHANNEL

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WINDOWS_WMPHOTO_CHANNEL

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WMPSetup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WMPSyncEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Windows PowerShell"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl muxencode

C:\Windows\system32\cmd.exe

cmd /C "Del /S /F /Q %Windir%\Temp"

C:\Windows\system32\cmd.exe

cmd /C "powershell \"wevtutil el | Foreach-Object {wevtutil cl \"$_\"}\""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell \"wevtutil el | Foreach-Object {wevtutil cl \"$_\"}\"

C:\Windows\system32\cmd.exe

cmd /C C:\Users\Public\Log.cmd

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" el

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Application

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DebugChannel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl EndpointMapper

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl HardwareEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Media Center"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEDVTOOL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-API-Tracing/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AltTab/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Problem-Steps-Recorder

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-TaskManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite-FontCache/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskRingtone/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Feedback-Service-TriggerProvider

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GettingStarted/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotStart/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPBusEnum/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MCT/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/WHC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeopleNearMe/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Recovery/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReliabilityAnalysisComponent/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-UTProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Leak-Diagnostic/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sidebar/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemHealthAgent/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceNotifications

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeControl/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeSnapshot-Driver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WABSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WCN-Config-Registrar/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WER-Diag/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-AutoConfig/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-Autoconfig/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLANConnectionFlow/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMI-Activity/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCCore/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-Service/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSSUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-MTPClassDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WSC-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WUSA/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-MM-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-SVC-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-UI-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO-NDF/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebServices/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Concurrency

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Power

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Render

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/UIPI

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHTTP-NDF/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHttp/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinINet/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Windeploy/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/WHC"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsBackup/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsUpdateClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wininit/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-AFD/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-WS2HELP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsrv/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-mobsync/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ntshrui

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-osk/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-stobject/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl OAlerts

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Security

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Setup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl System

Network

N/A

Files

C:\Users\Public\Log.cmd

MD5 6a2f870841e0126632f5b9bf0d000d6a
SHA1 51689e26641f0eb054cd90553a21a472a2e79148
SHA256 4bcbb565ad2fd05a4fc458cd68254853cbcbf5749beffccb2b1e22b8a53ecb2f
SHA512 de089c5d2dd691c64e38bdc82a2a5266e65cf8f9fc40e2d60ecded7a775922ae5100cc406f09346fbaf402fc1fe3074ca29ecd64119f7c490381aee72780bdb0

memory/2628-5-0x000000001B550000-0x000000001B832000-memory.dmp

memory/2628-6-0x0000000002810000-0x0000000002818000-memory.dmp

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 67cf5011fda726528a7e67fd20fcd601
SHA1 600d48d216797cf533a28f7f8e72e83d539193f8
SHA256 e7e3eaffdc919c34ee7efa40b5476ab7c97ce30b5257b08c48d5caf06d093709
SHA512 6a03e89220e542d939a0d389706f1374edc31fe65c636a6e5d75dc498b4956af1b5d39cf16982d0c69cefd1161148fd8cd37826927cf90f07e010c0991966583

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 7e92658c84875e8a9cd38af52a1052ca
SHA1 4441d96700bd9122cebcd174dcf3dcaf1ddba360
SHA256 d402eca4d1fff0e7ab6945570572d2c22c59b50b1cb9832ae2737fce929ea084
SHA512 ade04dcf6ea84f17e3d02bd4383512b38bbafff96e1a65f929664e4a90f9f0c6c696464a3677ce8fa36e67b089e779451099aa3dcedae666adacc1af6293accb

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 76be0b072abcb1886a57848293fdaeab
SHA1 9e2dadf62c9849316a217ca3e53101ff7e959a56
SHA256 af63f627c6f3e1eeeecafff4d1d8d833812ea365ac764bc073b1493b66f13f59
SHA512 04de8222c04119af0bd07043205059d86edda346311d0aa96ec52cbf646c4ba8e7ba7fb51d3c84e1612c64289314a80e7b38fd57fe6d35a7f8ae962b4ef547df

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 be6f6a06f187663cc43734c74c7b39c3
SHA1 b84d3bc555edb1510488e96f9588f2e56d681164
SHA256 a31f129dd3794a5fc1a1dd1a069f3d31e6fb460a6a523abcaddfa25db98af5fd
SHA512 d3c47c3c73b9d9aa482a090a0a0359500cef608f49f4b8870e8822d2b607b543c53dce777791563e6ea88f41ef37ada899222130354a76bf3994c32cab73ccfb

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 50fb676cf16016356e039e44bcc2b468
SHA1 d845c6c9ef4e6c08586dc534e6ad56f924673651
SHA256 0b2d0bf0104f1d6c56a169c9c56169f217db2102a9370f640f8bddfbd43ae991
SHA512 b8feb72d3ae24f11ef39390c4a5830ad5eb5b018c61ae230cf8a0ee4aaab004b32bd0e9c2524e56a457cfc9dae1807d1e03a043c8c6a3e234749396be05372fe

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 c6cd9e8b33d80dc66d6c9fe776cbe784
SHA1 81b9beface689e56298ad558d85a8d44afc864d2
SHA256 5a613145b0d0576ac552bc403259676c56e79bfc13da556b41eb7b71b282f22d
SHA512 dcc966c3949eb7e8bc8f4ea1b47d70bfffa0bfee9ac7d3656270e7d870e21e6052f78eabd4ba181be213b6526f6f742e35fa1dc0e1cf95129e3a3ce869d272a8

C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 0df827ff5a595a41ff0a61a2310f446d
SHA1 e8fa17ad6438c4373169d3e1183326534c5b583f
SHA256 74476a44bd1a071bb76a1415199bc55f8f7b0a4f26b97b6e6e229dcd5c36a87b
SHA512 100a192254bd023b2d7e10be7c74980b700468535d680270249910c82c7d3c694778fd6064c5dc39c137191bcfd8ca53a2fd387db0febc85943edcfcf95b76c0

C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 fd1feb3a3fb981948c438d033ccde024
SHA1 17b08c84f39a7543182abf70ca03d18736cb4114
SHA256 27f50e2e4a94fe544a3db5034a4f19a9d8e18f4d99f7ca45725b922f4177c86e
SHA512 0bf39932b70c0b3227d39c6b1ddd30af92d3dbcd35525396ee14811a1577e70e0ddf113db569b46c98f12cb69b78cddf8eeeb0f2f2afe8827060f31b427f1f12

C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 0a25e4bda9f7c0b69103c1360bc31044
SHA1 95dd566ad62190025f671d1cc6f4ec90b1194fd8
SHA256 b7dc4d00385bed20e4ba2482f62087b3133316f8b739905280fc85b7dbc6c243
SHA512 a80c350c500d6394376841789d160270f0dd13e349d8157be1f6f7478358896b8a96d59f2a969586e405730f5416e253eae11ac50f4f427959bc9f842d20664b

C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 1c5b224b8a041e0f7462c05c7c8d79de
SHA1 cd0ff8f8e2928194d014fe4d7187027daaf7b867
SHA256 344fe713121ccaa4fa3429ac20ebb1e4574ed0b45f66009ac1eaf3cc0b491893
SHA512 bdeff2c0d1c89754da97db783d20e20280eeb1c0c8f17238fde47df338caa59f65b1b0085d71d8abaeed00a526bfea810608a14440058313955bfa6498c87799

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 d8059a0a2040bf9766483bd8f1a8c73a
SHA1 8cb7c8e0e7b167dade75495090a20e9420500c7a
SHA256 f47300dc9b6dd3031ca9c9a1015f80631e16aed9618586c961dd61df05a97cc9
SHA512 c7571909d9bd2d49ce8234e7775189d88cb0d7dfd816f803bc1a9087ce604b95a00982a75126f7d177d2cba9b6a56de187c0d2a409e9a99a172aa03f87e96efe

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 e3b971d55dfae9a3f706dea05fb56ef5
SHA1 777abe1359e31d317f21c8d48c50a5ea904b23c6
SHA256 ebdc9f3ab95f002684dfb5625c4ee4d60f73d5e1faeb378df435715b384e5704
SHA512 d48e0e7f46b1ad90f2373d56a3e2d2ca9f3d8cacc5f9b81c526995cab61ed70a120ef1708b28b59da4000f5497c70644b6c744f6cc502239c8ea27e325d2d574

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 f72493633517677037468b7b7c9015b1
SHA1 e54e066769b78c5dfa29f1680a53fcec2297a13e
SHA256 4c4de29157c7f5df28369c7fd22efbfa84ac82c07be22410305e9170f3e81625
SHA512 1259e4c7422e8efdc11a18d176b5b1e6b9f722673a02e34484a16152baafe1712701bf3d8abde6076fde412e8c73d810fe03338616f0cc320b652489700f0f33

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 bf82ae3642fc11cea044708b43d30201
SHA1 10b236fddcbfb125f214ee048b7c502a8e454b72
SHA256 e2ec7ed7d838b2ed4d3c2b51594350fded0bb45c1c04f1fa2168a1cc2aba832f
SHA512 9281156e8771ec0294d756028d048c4454a75c7b52dbf0cbbe92994d219bdc19efcfaf05021fba6168833356b0a274ed6e8a17017b1048b25cbf5859d56fd874

C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 c4d74d6064a76f6afea73c87cc3a2a14
SHA1 da8d08b2fdfbd5a356365e144dc84a002e8eea3d
SHA256 defda24e486cf9d5af11edb35f442e625f274ba4c73c021e8af83b64cd8613e5
SHA512 b16254fc40d4b596a31658f7b38324b737484ee1759f6d4ce45696ee2872400849430fbaf74c3dbda4a30cade357e23a40ca7e01cc3a9f60fedc085f5f9f8822

C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 e3453e3b883698448cf6668919145ca7
SHA1 798bd03be8fcc367cabf3073c001f0a4501be011
SHA256 0d78f784b6e61a3ce7ab91e7da7aad2c26ddf2f431205707b029b05d1402202e
SHA512 aec656bec03a7a8b682f53da8dc8b6e9026f5e4e60bf293f74f714a7c5248666b9f2555d25ae41058bd741868b16416e01b5a324b0cf91b015ff3f76c7e7eda8

C:\Program Files\Java\jre7\lib\zi\Etc\GMT.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 43890346b366820c0a98439e9c8b2ba2
SHA1 8be77b4d4618e0c11f3bc1d9036241d5ddedebe6
SHA256 79086ab2384098bd048c323a4fe84a1fc8ce3e9f1dd05108d2e261f2a29a08fa
SHA512 78901787d3a2bd715857a34347ffbe19f0f4d93d97198fdf4124765a1c1cb1b805b8742dce8a0828dbaee8bae35dd20147a4a4589f43768f7e74f60ab9a28b9d

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 90a453ec289c6f215f1557d13810a266
SHA1 6bc111f406b912b59b5ee492adc1963e75e84a04
SHA256 c268e5fd50bf515fff4861930ae4d7c6be1d96a2afaf741bfab2ac9ba983f74e
SHA512 906a691c35e1020b3b1baef7900f5ffaec793822b7db4c05ca078b3c4af9c1ad0a180ecdc32a3733e56446cab7f8f848343b15072186b51cee529fe06b85f377

C:\Program Files\Java\jre7\lib\zi\HST.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 aab9f87ff2409e60830d2f61ed823b5b
SHA1 358da27240092396618f92efc748a2ded3b5abb4
SHA256 77f03553b299552c282e8590393695f8bedab23bd83a3bc05c2eab40de5ca3fa
SHA512 72bfec4be1846178119aa72d1464f854142ce5f652c42b472af1f02d42e3735dccefbbaa96ea985beeeab0d82defbd71aacd6653caa861350fc3be93486cfd59

C:\Program Files\Java\jre7\lib\zi\MST.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 f9a5a6b5ff4c4be3c16bf7efe9c8b63f
SHA1 cc2f6acf28938d8467284933147b6aac81fb13f2
SHA256 24ed53788b4ca3c869aa8d468000f0d034b981da5d9cf0575a01f378288f7291
SHA512 f13dcd6c7f59d3e75275aa136cd9b54db259192ecd3709bd10c858419431792114668b175e6b09f45112de88259517283f66e9cd45ecbef0fbcb7c824a7b1c1a

C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 f476d7b3436a549fc8dac074551f4081
SHA1 54ece3d2c4e66bab2fc325a7f76fe0dc2e15f598
SHA256 0ad64cf8d6ba0d81f2cf0f91530c07aa5dcff92b90614aa15ebebaf526c38fc6
SHA512 a34c35a600a984345694a8917873b85302ab4a85068ca1dcee89c73f3b0f7ce738fdfb9ce353b0ef8dba9c0e7044d1b8fec6e234e9b9304c258d4598734be113

C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 e654362483babe2b6fe17b397ebcc308
SHA1 65489f876219826a39b801db1592a665d0e5980d
SHA256 096bcf22ae488bc1c175d9a2c3302ef50890fbd408eb4bdf09557e6a9e432922
SHA512 22c101667734e42242e5804873e71895a531cf4c1cb6c18f0fb5c54a8a72665dd8779690bd210ecfc1365a35920f94b21589b0acefd98b05f52bdb30d9c7613f

C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 d966818bd824f3d1e7f811e77f74c5c7
SHA1 6f7ab09b21148ddaf777f0b3f692c023eca7285a
SHA256 6d932dedd828edfce66f26fca19949f735d770d5a1c2a2b1012c5911ad2bf930
SHA512 dd76ba4fcef8bd450031334bbc38b63dc22a9719b25b8cdf7aeff21bb9546c5be31b7ecebeae982365b9f108180726faa40c3a860932504f585984d11c54e2b7

C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 5a3fdb4f1f892298c8edd3d4cf8a5631
SHA1 3b5c865e140167743edba9f115b723a4aead8538
SHA256 23f2218c10cfa214bd6fbf56f27edfdca2639bad811b5baad63610b1040057f3
SHA512 20564360ef8824cfc7adc12153bee0aca6f1369cf109765276ec5109c2d5b44c1b166a1bd8bb3e1c47ac9b1d57a6d4635f7f3c46e109c6731d696ba2d646c153

C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 fcf903d4f17d70a0a997cf016480cc96
SHA1 0b214a1c10d189d4b251d20bef6d7bc7dc467023
SHA256 d85820499af745bc3814bbf8e992b536316432395a5b7e6c33c053c746f7c620
SHA512 eb46341403112d592f0f070211af9f77457e0d4b6a4e4120a265e9763fc7801336c8d51b7bba5fd4d7e1b8f21c93b3d1b6df1d676bc9224935baa3dd660c851b

C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 c54603328bd7ce9ce7ead6519319a35b
SHA1 f2cb8c6e8c9df7b453ed5c3c9cde90e0e3b40ab8
SHA256 92e1812edd3be5725a2c73b414612e98b975cbdaf944076810536230c16916ae
SHA512 2fd79960e61149ce7cb83ca13485f9830efc46f8dce4b8ffb0458820ec5d74bce25fb59b23fbd2fec8ff6b9394ae34eb1827af6467aee4b567a794851f7fdb73

C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 206b8a434470c5702a5557843dc667a4
SHA1 dc55ce1af2b482ad5eed050f31b32a22b1bdaa7e
SHA256 aaee738eecf1655028719beab49e7a72d2898b7e73251118188f48b17823a71c
SHA512 844a97c667376c6df6b47f95ec97a107687c0a396784180caa70d5b84580600d17b9c179b6ee6edd9deb99a53cb00b9f4f25372580d93730f70841ea7d6f9cbc

C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 5fd6efc53fc8bdf727df7b8a4a2f7067
SHA1 431382f3a16a53c6c35addfbe7086479bdb1dee8
SHA256 94547161fb5532caa1ae1dd630f25310caf1f6e2e5d461c80b1d1c76f1c58c68
SHA512 fad73c3f01d8b7b179d5e6877c36d2932c76238e8e8f27b620a183fc6fba55d46985961f60ab4b812fd96e9d0de3ed125028bd3fc8a5820a11b794e509532f88

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 24b271df049e51c900d31f5d395bc854
SHA1 0fe5dd1c25588da7ff9e07bd5c3b0bd189c398ae
SHA256 f4bdf329031a4ba0c5b80e825b3497030c62109c133e34ea434e459318b71491
SHA512 33f783a749d1560644fad3bfb510bc25c67717bba981212838413ce69fe5a31f517f6b736e506e04bc67c264050036961794fd081ceb9d8fbf49b65f86f90e16

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 517f6b34d670c9b0f69e50b54c567160
SHA1 1272f50c91a73d020fe69cbc03b5c5c9c9755261
SHA256 e971d9d1476ec4cbd435281ca2bcbb33942c031497da2dbae42a4e97180dc8f9
SHA512 6abdf9d1dee4907d71be95bbe8c07cab926a39a74ee22c3f797ca06e16f55a18b6ff727677604ef66482c43b31096bb5e7ce06ee1dbcb1739b77b70a99696fe7

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 cd15798eeaff35660aaba88b53ad208e
SHA1 dfb8f807f28984ebcece6ee1fb3da196bf29f4bc
SHA256 d5f550dcee83f209e948ca8441b2d57c1447fff0eeb8f8f07466564638babdb5
SHA512 8fffaaa92a241c44400fd59bcaa13ee7e8dfac2ec4875537df36d6fcd7567450708675b8084e878841f8bdbebc0402c4e203568bc9d0b336d8ef1212b12b301d

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 c96961341daaf7aed3cabd81ca8d1d2d
SHA1 42bf211ba53d04f3faeab074b2e7aa06f7b8aab1
SHA256 ea851454ed5aa6fad7d566ac754dcabcada9d1cfe41f70d8bd4db398f55c47b9
SHA512 6077dd1fbffafda62f0833df16b070efd3c2d62c25f25a7db1bf0e1e9d98d61bc46f5ed0cc2c680aab82ee128ea68d465568c384cc7feb9ed9ea950aafe24dca

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 856253f88b4c6066cc08824c6113b71b
SHA1 1587e5120f4a4e218b7b8b5fc0a8993bb4dc0eda
SHA256 9d417cc2290a5957b19b6ad147c5ca2bfc1a3264422f3e12beee88f86bafe6b2
SHA512 8b11386c1b28edaed39ff2ff0248d4d32bef2d4f695a0b323d6ed064c235408efecb3a1e6102bb72c282f920afd21f688571e183a65a8761684e181641cc7885

C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 255c39bb9ae3282879fb58aceb7874f3
SHA1 196b777b3e7b6a850cbffa1424b070103f3991a7
SHA256 671fd0313d482f59bf19d7a3e267c88ec78da5a4350bf9a7b272a3912b87f60a
SHA512 2c53916438180a0fa37d6289fac0aa8996221d182b674b8aec4cd26db2347a3c4de367c1b9a62caa543f2d0dc5a274e723f916f6217fe89ea747cab4cb6ffaff

C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 597bd1b379a788876f4ca2fb679c817e
SHA1 a5ca9189b612b0524bd5c47672568d3c7ceafc00
SHA256 52f7b6a22b3e4d39540d35ed51ecebac0c58986ce505a3151093c12eb7a534c3
SHA512 f1a8fecaad0f0256dcd54e57228717566ce2cef41844067862e71b1cbcdc60e8be0744b59046be6ed5a535d1a84623e2b118e5c8b1dd446b8028f1ffbd1e93dc

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 41dabf927be1bd9efdd24e1c43ceb3da
SHA1 71f09cf9674da2d0035ad778332570f634ecc985
SHA256 27f7369cf9f9e095a194d60d20625c2ac0eb9d3a67ca7bf48077443d440f9765
SHA512 e0f3786bec0444c2fe0f44cb91fcadc77e9e30c15ad6f1f28befe7f1c8e8ea9c59102394bde2c7bf2fc1110f22799755b6bd392dba3693301015940343bb2f72

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 b5882af8a41643d4dd72d0b955673105
SHA1 65925fca2c54585c7426f42a8abb27a0038c1845
SHA256 f3d18f4d56202a537d3b9fc4a2afb020e3057cf754e46be2a82c3a28f0d88d53
SHA512 554a1cc3f075f4c9dd29c6a0a15bf36a73cc08aa5eaf16b5f3aa732e1bb412eaabc90e8f243251b294a5f174c1b5643169101720a438f890f15654175a4df8d6

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 15b32ec7bc56fb2f5fb641fbb2dff343
SHA1 f51c6b1fed3f7a5a95f796f5d8cb899646d29302
SHA256 b6e20bdc021052f07b6d7ced7ae46751819e45b9735405e923ee1385f27ea941
SHA512 5a813f232489da48da201a73c265bbe2f6d9227ac988e4b87d96ec3d8deba6a2b4669726de243f29db5b7e99d7bb4e85592d49f641f1fb7ce8d04509cf512dfe

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 95d3eacdd9257a1190eb69b71cf5a536
SHA1 833e4625692a59631de0a04d98b5f36f36989c7e
SHA256 a9a96feda215a69f6d5ca9def305710855086a70704d604cd291faca85f88615
SHA512 4f931b670ff3efaa0e1985b4b3e1e14e54cea83d35e8d5f956a034b14cb2594a952e4e2b6124cbdcf170c1a01181c7a9baf5188c8f616a98bb68b1704c0559f4

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 f2da97fba54f80f26e6a69d1c68fbbd4
SHA1 cb3e27abcbc12e48ed38245e8b7f957db5ce6728
SHA256 a69409248aca362953b729afdfa4a82bb1e8ce524afc526cb80b3cdd65bbeb02
SHA512 22a9878b75141e819bb73d78bc493c0ca0607ba8478cc9c45d8cb135aa9e9749f9abcfb0aa45f8f9fc23fdd08a384df6e9ebc41eea5be9d027a9595d5997a30b

C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 d6393881010c0e0ef3f42aaed7bf3bc4
SHA1 fdaa59b9f47039b667da15d892a2dbd227a17c27
SHA256 0a461c4a3022afd93ffef7f79bc36c7479f5e34cf496b8182e9bd7078bd39f0b
SHA512 4c3079ac13ca452c2b4449e5edb97c73f4c5ef0a544e1440fa794bb94c8ccf01414dbcd1a7089ad27e31172b5a6b9d3a0b34462b6a662fb331c8181ab0a4e99e

C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 8671d248ec26872f0e6c2d8f6643d15a
SHA1 37d59b84900e4b4d83556e4b44da7c426147c866
SHA256 104580f9031647033af0c47143706426a54a018fbcf0047a1903867dd497b6d2
SHA512 7222cd63ba5389b0aa61f028544320bf185d4af88d896a0c61801711b46c83cecea88c9d217fc64097717dfb755089dc99a9c0de7b50f99a100142ac0da24dbd

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 1abadc36e49fbfed5629522331b5c641
SHA1 ce054358a9af21526529de67d561b132940c4ed0
SHA256 38a2eeb4c18ec9ef6eea35a5c0a75ddd6ce1b96b339f9145eb87fad804e9bced
SHA512 149b3254c8062ee4cd01fa7efaf20d548bb6de278d0f76ed8182af9e058e09a9bcf33f49e26cf303648c9fc1c3c4beb6eefe58ee6a24d4d769766a1a6c474a4a

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 6ce00995e6cc026968712722b28faa41
SHA1 712d1629792b54ed91b3797c71dc81df710d0251
SHA256 729d3e261bdc8ffbec8ac12d0253fee98b5d8044afd3656860dba193a3595c6e
SHA512 57cf43c865533c3877b4e042bf6e01df7688c2a3eb0a638ba5a2dd72b5caca4b2f126d6340bab35f9f37900b8b545f9e13ef2332dded20b73170da65e7ad1d55

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 cd01eca733548ae1de70272532bf1c73
SHA1 9acf3b664718b52541bfff2af93cf9a221323c04
SHA256 ab028e368315353930fd04e544ee95cce81265efa295205684a614e438f4086d
SHA512 e0f93a624523d9f9db8f5b569a09e8dce9677107b7ad5568bd985c45463e02ebd9830e9b0090105c27caa79734bdb738e4273906308d3e9daf053896c7a76d71

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 391fb4b0687ba59c6c4cd5fe4a565c9f
SHA1 d75eafc142a76ec61d211cbc8c918852a93bc6c5
SHA256 7fc90dc5974d33fa1d951984c8d3f5165badc6cebb4ea1388c32e0f0ae20236e
SHA512 d61d8e064a49e0479655681d67e8c6a171f746437a4aba418536f124d283b14c1bbd26381b63effefa397c78c2ee6be19df513540f0738da5597e1364909c620

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 012f40a5ebed1d4ead003d75a698d8b1
SHA1 20678b12a56d558af773b847965d984a458ec16c
SHA256 1dec10c8f62fd9dd93c38bec745c96e869650c53b4a37d47409c3c297520dd16
SHA512 31020ab8ad3bdbac697c0552a6e788b3f72910c22b72644c45d0832014f404c1169dc1813e422225a7318af2a3f22dca5d04a03c10cf3de0b714a8ccea00dc27

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 85da91e52fd5f721c6bd818eaa023be4
SHA1 3ed92f61c63bcf75d778051aab7cf13f54f56277
SHA256 4c8dc1eca0f38321b0f6adfe6c722f14de0ba8729192da255345cc7c5ce11277
SHA512 f452788478baceaa0eb29a935b794c9153952555f6ac9c594fb2734a8f0432911262b024b36716595cc805b67cb43c7ff5292bb8b1c1f723a01df8b117054a39

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 40d8f83e1390e015c748b7970287df36
SHA1 e2088cf8217ad2187dbac7b154a3a1edf65c78e9
SHA256 d9041cea71f2b17bcf25d4d621372617dcf0cabc28e2f0ed58516d9353b4a90e
SHA512 de2c0e00d777c60054fd8e5258a9496d1540692a2a95065665d7bb54ba0b1bc3519107e99e0322674e714d52fed5304a000dfe68a0106f88738a943f51537a9b

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 10c7cc1349a64b4a2810349ca4ea31dc
SHA1 f3c38b0a4bd37bda49826ae4c4b7485a29f35131
SHA256 4fdbcf84ff45ada225142952520f61b8b5a82779daf43804e38ff73a09398e1e
SHA512 71f9ba39c40b276314b946ca3ec55b511fc5c2bd5ed310aa90c3d853cb1dc200fc85f0101eb2791d3d29dcd4e665ac09d6b239cd71fb51df6a0b402475fb0bb3

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 715ab105a2a44d0a5579b2ac0a431411
SHA1 ee42da2f6d96035460c926a97bbaad56f90e0fb4
SHA256 aa6a24804329ddb130fd45c1e2fa4446258a9ca5f103055dfdb0d35f207c0f3f
SHA512 5c28baa0fe01cef4aaad7037946111e4d4cb5629ec3e4d84738bb9a6b4898683b5267d2331c483afeb4b9796e8d62c6172e153908ab7b63d571ce72f478e075b

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 cfaf58989fb6ea3a9a5503067ca8c4e2
SHA1 902c09afdf7747eb24de4aaf993a5712df42478c
SHA256 683688767d47a06ab9ca62f15fc8f884b43e3a774474dcc2ef865c65805584c7
SHA512 d2341cf053cf7f5e31dfe6c17df76be56fab165cab1cc5738aca5243a5e08015a3d25c359767990168c69c223ae52451bbacb983d1a7de541b693c814b2e69a2

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 4372033d69fe503c099a6401e556fccf
SHA1 cce01818451f6b8282d6a3893c12af84ed2348ed
SHA256 bb53043b614dc6bccd1ca7d34ed0a0955dfc806fb64eda388dae9d27e65f6333
SHA512 bf58c01438bc974ec024147e6f7af2411f1a3e01ee108423c2969dbe6222d8f535b60e2853aec66a36e7c8f8b6cbcd58cbbeb92ba20097388b4be072a19fde77

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 d9a288dd9263ca5e9a9578b452f417a8
SHA1 1aed7a2b06e6238ff27da7a1ea6bf68be3209feb
SHA256 2d8447b57d27c435cf773d33cb3dee333cf0b9590a2a83b211a0db234cd1b2a5
SHA512 f4e817086c0003dd4071e7da6322da088308dba94c77ad4ac8a9880a578f4c184bbcef93518121e9f6ac143e34d3b9cdba78dcdb7ee585f130da3f143f9291ea

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 71412436efe6a15d73ecbca05b0628ba
SHA1 90ece61f8ede3016dbff5240237a7bccf0f05208
SHA256 5c66d366d45bee6a36a954f5497a7444e58fa035ef7426ad8e117acf3d08a667
SHA512 d1e084230e88bf39c830f8b3f2dec3336b737be796b6d2ec8c7e980645be0dc01b9438efa3ddd89a37df4385502bcc210fd6966475d87aa158dfa142a924a0ac

C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 fcb0d972a2da20b5bc7690e6950fdfe8
SHA1 bba0b24ca573ec11d9cf5b313cc9d2f59e51ecff
SHA256 f4fd9375faf9e4971aaf19efdedd89bc1686019f223b36dff03f33ff16923a14
SHA512 a6575b08e6b1143f5ac02c5d6a4dfc741c5b40fdbb8b336b05a1ec297cf835c523ba7a65112aa01486594dd60b5308eb0a0970c10d26d28f16f353524e65727d

C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 34e4fbbb875c60240dcbc17878e0298f
SHA1 b03713e46a96af47587e52680dba753bf588c683
SHA256 f91161f223ea343ba47ee4dd5d94918b8dfad471807ff01f9e5be8870836eadf
SHA512 d9e8f3c0e68dc65a6640f846e22cd616d395a931c74d6e0932ead86f266b5e6e775442cfd50c0561ba8bf4bed4c07fe06d3031dcb71e2d24d5ef14d87e79bd1e

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 d70a97a211bfa336274228257dfb6b37
SHA1 9b802fadf3e2b31b22afd27d2d854b17cc310570
SHA256 5ea3769a4f8f8dacaffb8c2605dbb508d6f51f4954eadfe8e917038d38f97e3c
SHA512 2202b100bd0268c36517bb05d7e56a16b2536ee6a6cac0b5fc25f655010ff14c7f00787b5c74a551078b86a438c1bb82d9218e29d9bda0d8ba4806db6ac1792d

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 53b2d59a96cbde8b05e5ca7250ebd4c1
SHA1 6b43b8513c5e2f2008c92e308922ebd814502f12
SHA256 4c5f950569a3740fc75184566ecb139f0a46974843d87cfff318a8f643092958
SHA512 55670b6a554856d33899ba2a52839be4f38eb818e588788da97753bd78b8964c1cd1795f09efb2083200502a299692cfb1dbbd7f4acc794619d7f0687fb7eaca

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 4d2703d7b5d179f74a9f7607809b5706
SHA1 d3b118f6dfb442470ab7096ef8f8c2eec8d14668
SHA256 10675f41caee6513341cb49d56a75f8bc45f7eccb0bb0e2fc09acaa0c6762549
SHA512 f59f85b71991dcbfe43acf2bbbdb1613be390b32584c234b66501ff81027085127bbd416526725b36a6a65873406ef79a6c7684f80db067be4275a63934c03d3

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 0d233702f3c728b216c4bc727dc2fe13
SHA1 edaac14efa64dbcbef49aceb9b0d4c1306b9f35f
SHA256 b08bdbc97b05f02a5095182f855c115030bbb1671a9981658e08be444fe78f24
SHA512 036619bca6237055b4e22e00e3b47f753d2dae15facaa91848c6208903fd07d8d347f59fc2e751aae1807bdcca0b167f124d0f9f93674d0b90f46bf49cc382d0

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 e58a0b942ad1b465b551e1c9b1034cfb
SHA1 445897a7d6fd9c53c34d8d171550d2361292ac03
SHA256 094453b6bab4d5c11fb502a1bf13639d0dbf8e6de5b5452aacd14c9ed7a3f24c
SHA512 db8d6c9956b6148ece4cc9b6d15b66b181cb93b2b70520bf7368535ac5681a38967718362da4ccb9cfbcb7024f560c2862f00a29241efcaee27165619123786b

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.key-CGVLWKISXARN.0xcf5060c6febdc

MD5 d278378b6a5b5942e27684adf90c382d
SHA1 9b2f1bdf8f5e891fabccb4c3a2594e237f758e47
SHA256 dc932c2bbddc19dcf801a9498fe491832cfe7bf1e2c1ed6cf7401879557a159f
SHA512 63d2775b7000c9ad6f4057715b5472f33de534d6d843221cbc190fff94f9ebfadca79c84ac246a55956bb6c0d2d7f1ab3dc4d033b120d1e48079f73283ae2bb8

memory/2628-6416-0x0000000001CD0000-0x0000000001CD8000-memory.dmp

memory/1988-6417-0x000000001B610000-0x000000001B8F2000-memory.dmp

C:\Users\Public\Del.cmd

MD5 ec6f5056a81f8cd0039405e8539aff7d
SHA1 b141d0bc1c2a4aea92fb7cda27f084a357060ecf
SHA256 46d324eb3c936dfd8b446dbb637e4eb9d49f9c187d236905a4877947c09d76cd
SHA512 8ffa6bc23234180e574e17ff7a0beadbc37c7a4a52e00fb68eec6b63f21250488d109b5009d4ee267b75d093ff51a5ee29249aef7eaf67072dba866e2e2bc3f7

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 12:39

Reported

2024-11-12 12:42

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe"

Signatures

Clears Windows event logs

evasion ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Reads user/profile data of web browsers

spyware stealer

Power Settings

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PREVIEW.GIF.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso20win32client.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\svgCheckboxUnselected.svg.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\css\main.css.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Media Player\wmlaunch.exe.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk-1.8\javafx-src.zip.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\PREVIEW.GIF.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RDCNotificationClient.appx.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_ko_135x40.svg.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Mozilla Firefox\xul.dll.sig.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\af.pak.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Photo Viewer\uk-UA\ImagingDevices.exe.mui.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\fillandsign.svg.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-il\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ru-ru\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBUI6.CHM.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\msipc.dll.mui.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Grouping.Windows.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\MpEvMsg.dll.mui.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\ja-jp\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\selector.js.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-gb\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Media Player\uk-UA\wmlaunch.exe.mui.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF.key-GDLTVRKEKXFD.0xc1cde648bdc03 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A

Browser Information Discovery

discovery

System Time Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "HKEY_LOCAL_MACHINE/SOFTWARE\\Microsoft\\Speech_OneCore\\AudioOutput\\TokenEnums\\MMAudioOut\\" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\de-DE-N\\lsr1031.lxa" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Haruka" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.0xc1cde648bdc03 C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "en-US" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{0CFAE939-931E-4305-8D05-8C76C254EB34}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Julie" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "MS-1031-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "11.0" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Has seleccionado %1 como voz predeterminada." C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "5233694" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\lsr1033.lxa" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\es-ES\\sidubm.table" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Paul" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech SW Voice Activation - French (France)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "16000" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{06405088-BC01-4E08-B392-5303E75090C8}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "CC" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\es-ES-N\\L3082" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Hortense - French (France)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\ja-JP\\M1041Ichiro" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Male" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\c1033.fe" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\r1033sr.lxa" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "11.0.2016.0129" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\ = "0" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech Recognition Engine - it-IT Embedded DNN v11.1" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\ja-JP\\VoiceActivation_ja-JP.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR de-DE Locale Handler" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Zira" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR fr-FR Lookup Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{15E16AEC-F2F0-4E52-B0DF-029D11E58E4B}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech SW Voice Activation - Spanish (Spain)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Voices\\Tokens\\MSTTS_V110_EnUS_ZiraM" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech Recognition Engine - en-US Embedded DNN v11.1" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\it-IT-N\\AI041040" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\ja-JP\\VoiceActivation_HW_ja-JP.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\CortanaVoices\\Tokens\\MSTTS_V110_enUS_EvaM" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR de-DE Lts Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "L3082" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Laura - Spanish (Spain)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\ja-JP-N\\tn1041.bin" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{14E74C62-DC97-43B0-8F2F-581496A65D60}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{179F3D56-1B0B-42B2-A962-59B7EF59FE1B}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\MSTTSLocenUS.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "MS-1036-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Julie - French (France)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Elsa - Italian (Italy)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR ja-JP Locale Handler" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search\ = "0" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Katja" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "spell=NativeSupported; cardinal=GlobalSupported; ordinal=NativeSupported; date=GlobalSupported; time=GlobalSupported; telephone=NativeSupported; currency=NativeSupported; net=NativeSupported; url=NativeSupported; address=NativeSupported; alphanumeric=NativeSupported; Name=NativeSupported; media=NativeSupported; message=NativeSupported; companyName=NativeSupported; computer=NativeSupported; math=NativeSupported; duration=NativeSupported" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Helena" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR en-US Lookup Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "spell=NativeSupported; cardinal=GlobalSupported; ordinal=NativeSupported; date=GlobalSupported; time=GlobalSupported; telephone=NativeSupported; address=NativeSupported; message=NativeSupported; url=NativeSupported; currency=NativeSupported; alphanumeric=NativeSupported" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech SW Voice Activation - Italian (Italy)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\ja-JP-N\\c1041.fe" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\ja-JP\\M1041Ayumi" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Spanish Phone Converter" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3572 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3784 wrote to memory of 4768 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3784 wrote to memory of 4768 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3572 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3220 wrote to memory of 2236 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3220 wrote to memory of 2236 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2236 wrote to memory of 1292 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2236 wrote to memory of 1292 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2340 wrote to memory of 1784 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2340 wrote to memory of 1784 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1784 wrote to memory of 2100 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1784 wrote to memory of 2100 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3572 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 1168 wrote to memory of 4240 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1168 wrote to memory of 4240 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4240 wrote to memory of 3920 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4240 wrote to memory of 3920 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3572 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2192 wrote to memory of 1940 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2192 wrote to memory of 1940 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1940 wrote to memory of 1004 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1940 wrote to memory of 1004 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3572 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 1684 wrote to memory of 3384 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1684 wrote to memory of 3384 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3384 wrote to memory of 1140 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3384 wrote to memory of 1140 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3572 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 4260 wrote to memory of 1464 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4260 wrote to memory of 1464 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1464 wrote to memory of 3732 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1464 wrote to memory of 3732 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3572 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 976 wrote to memory of 2488 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 976 wrote to memory of 2488 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2488 wrote to memory of 5076 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2488 wrote to memory of 5076 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3572 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 4324 wrote to memory of 1356 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4324 wrote to memory of 1356 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3572 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2468 wrote to memory of 1584 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2468 wrote to memory of 1584 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3572 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3900 wrote to memory of 3492 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3900 wrote to memory of 3492 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3572 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3572 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe

"C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe"

C:\Windows\system32\cmd.exe

cmd /C "reg add HKEY_CLASSES_ROOT\.0xc1cde648bdc03\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,47 /f"

C:\Windows\system32\reg.exe

reg add HKEY_CLASSES_ROOT\.0xc1cde648bdc03\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,47 /f

C:\Windows\system32\cmd.exe

cmd /C "iisreset /stop"

C:\Windows\system32\cmd.exe

cmd /C "NET STOP IISADMIN"

C:\Windows\system32\net.exe

NET STOP IISADMIN

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 STOP IISADMIN

C:\Windows\system32\cmd.exe

cmd /C "net stop WAS"

C:\Windows\system32\net.exe

net stop WAS

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop WAS

C:\Windows\system32\cmd.exe

cmd /C "NET stop MSSQLSERVER"

C:\Windows\system32\net.exe

NET stop MSSQLSERVER

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop MSSQLSERVER

C:\Windows\system32\cmd.exe

cmd /C "NET stop \"SQL Server (MSSQLSERVER)\""

C:\Windows\system32\net.exe

NET stop \"SQL Server (MSSQLSERVER)\"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop \"SQL Server (MSSQLSERVER)\"

C:\Windows\system32\cmd.exe

cmd /C "net stop MSSQL$SQLEXPRESS"

C:\Windows\system32\net.exe

net stop MSSQL$SQLEXPRESS

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS

C:\Windows\system32\cmd.exe

cmd /C "net stop SQLSERVERAGENT"

C:\Windows\system32\net.exe

net stop SQLSERVERAGENT

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop SQLSERVERAGENT

C:\Windows\system32\cmd.exe

cmd /C "net stop mysql"

C:\Windows\system32\net.exe

net stop mysql

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop mysql

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlservr.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlservr.exe /T

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlceip.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlceip.exe /T

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlwriter.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlwriter.exe /T

C:\Windows\system32\cmd.exe

cmd /C "Del /S /F /Q %Windir%\Temp"

C:\Windows\system32\cmd.exe

cmd /C C:\Users\Public\Log.cmd

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" el

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl AMSI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl AirSpaceChannel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Application

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl EndpointMapper

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl FirstUXPerf-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "General Logging"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl HardwareEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl IHM_DebugChannel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS-GPIO/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS-I2C/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-GPIO2/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-GPIO2/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-I2C/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-I2C/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceMFT

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationFrameServer

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MedaFoundationVideoProc

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MedaFoundationVideoProcD3D

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationAsyncWrapper

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationContentProtection

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDS

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationMP4

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationMediaEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformanceCore

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationSrcPrefetch

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client-Streamingux/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-AppV-Client/Virtual Applications"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-SharedPerformance/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-OneCore-Setup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Admin/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Agent Driver/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Agent Driver/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Analytic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-IPC/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AAD/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AAD/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ASN1/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-All-User-Install-Agent/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AllJoyn/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AllJoyn/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/ApplicationTracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Internal

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Deployment"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Execution"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Diagnostics

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-State/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-State/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppSruProv

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeployment/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeployment/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Restricted

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ApplicabilityEngine/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ApplicabilityEngine/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Steps-Recorder

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccess/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccess/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccessBroker/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccessBroker/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AsynchronousCausality/Causality

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/GlitchDetection

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/PlaybackManager

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUser-Client

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHPORT/HCI

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHPORT/L2CAP

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHUSB/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHUSB/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTaskInfrastructure/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Base-Filtering-Engine-Connections/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Battery/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-Driver-Performance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-BitLocker/BitLocker Management"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-BitLocker/BitLocker Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-Bthmini/Operational

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-Policy/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheMonitoring/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-CAPI2/Catalog Database Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ApartmentInitialize

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ApartmentUninitialize

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Call

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/CreateInstance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ExtensionCatalog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/FreeUnusedLibrary

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/RundownInstrumentation

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Activations

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/MessageProcessing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Cleanmgr/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CloudStore/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CloudStore/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Compat-Appraiser/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Compat-Appraiser/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-BindFlt/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-BindFlt/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcifs/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcifs/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcnfs/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcnfs/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreWindow/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreWindow/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crashdump/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-BCRYPT/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-CNG/Analytic

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DSSEnh/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-NCrypt/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RSAEnh/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAL-Provider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAL-Provider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAMM/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DDisplay/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DDisplay/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DLNA-Namespace/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Data-Pdf/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DataIntegrityScan/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DataIntegrityScan/CrashRecovery

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Scrubbing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Defrag-Core/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DesktopActivityModerator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceAssociationService/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceConfidence/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceGuard/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceGuard/Verbose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUpdateAgent/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Devices-Background/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D9/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3DShaderCache/Default

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectComposition/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectManipulation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/ExternalAnalytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/InternalAnalytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Cli/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dot3MM/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DucUpdateAgent/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-API/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Dwm/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Redir/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Udwm/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl-Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Contention

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Power

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Application-Learning/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Audit-Regular/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Audit-TCB/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ESE/IODiagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ESE/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-RasChap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-RasTls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-Sim/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-Ttls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Energy-Estimation-Engine/EventLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Energy-Estimation-Engine/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FeatureConfiguration/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FeatureConfiguration/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Catalog/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Catalog/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-ConfigManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-ConfigManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/WHC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/BackupLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-EventListener/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-EventListener/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Service/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Service/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-UI-Events/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-UI-Events/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GPIO-ClassExtension/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GenericRoaming/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HelloForBusiness/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotspotAuth/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotspotAuth/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Log

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-NETVSC/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-VID-Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-VID-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IE-SmartScreen

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-Broker/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CandidateUI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CustomerFeedbackManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPAPI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPLMP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPPRED/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPSetting/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPTIP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-KRAPI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-KRTIP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-OEDCompiler/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TCCORE/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TCTIP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TIP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPNAT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPxlatCfg/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPxlatCfg/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IdCtrls/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IdCtrls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Input-HIDCLASS-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-InputSwitch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KdsSvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kerberos/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-AppCompat/General

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-AppCompat/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-IO/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-IoTrace/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-LiveDump/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-LiveDump/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Pdc/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Pep/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Configuration

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-XDV/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LimitsManagement/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LiveId/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LiveId/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSFTEDIT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/DMC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/DMR

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/MDE

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-Performance/SARStreamResource

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Minstore/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Minstore/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mprddm/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ncasvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NcdAutoSetup/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NcdAutoSetup/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NdisImPlatform/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ndu/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-Connection-Broker

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-DataUsage/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-Setup/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkBridge/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvisioning/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvisioning/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkSecurity/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkStatus/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-RealTimeCommunication/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/WHC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLE/Clipboard-Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-DUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-DUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OcpUpdateAgent/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneBackup/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OtpCredentialProvider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Partition/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Partition/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PerceptionRuntime/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PerceptionSensorDataService/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Certification

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PhotoAcq/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PlayToManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Policy/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Policy/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Power-Meter-Polling/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintBRM/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService-USBMon/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Privacy-Auditing/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ProcessStateManager/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Developer/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-InProc/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RRAS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RRAS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RadioManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RasAgileVpn/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RasAgileVpn/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReFS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Regsvr32/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-Rdbss/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-Rdbss/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResetEng-Trace/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RetailDemo/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RetailDemo/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Graphics/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Networking/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Web-Http/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-WebAPI/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime/CreateInstance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime/Error

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/HelperClassDiagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/ObjectStateDiagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Netmon

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Audit

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Connectivity

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Security

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBWitnessClient/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBWitnessClient/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SPB-ClassExtension/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SPB-HIDI2C/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Schannel-Events/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdbus/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdbus/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdstor/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SearchUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SearchUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecureAssessment/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Adminless/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityStore/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Mitigations/KernelMode

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Mitigations/UserMode

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Netlogon/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-GC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-UserConsentVerifier/Audit

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Vault/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SendTo/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sensors/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sensors/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Serial-ClassExtension-V2/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Serial-ClassExtension/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Servicing/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-Azure/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-Azure/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/VerboseDebug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupPlatform/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AppWizCpl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/AppDefaults

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/LogonTasksChannel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-LockScreenContent/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-OpenWith/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SleepStudy/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-Audit/Authentication

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-DeviceEnum/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartScreen/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Audit

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Connectivity

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Security

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spellchecking-Host/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SruMon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SrumTelemetry

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Restricted

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Health

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Tiering-IoHeat/Heat

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Tiering/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageManagement/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageManagement/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSettings/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-ManagementAgent/WHC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-SpaceManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Store/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storsvc/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/PfApLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysmon/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-System-Profile-HardwareId/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsHandlers/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TTS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinAPI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZSync/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZSync/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Maintenance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Tethering-Manager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Tethering-Station/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Threat-Intelligence/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Time-Service/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Troubleshooting-Recommended/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Troubleshooting-Recommended/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UI-Shell/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-MAUSBHOST-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-UCX-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB3-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBXHCI-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBXHCI-Trustlet-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UniversalTelemetryClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Usage/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Device Registration/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Device Registration/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserAccountControl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceInstall

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxInit/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VIRTDISK-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VPN-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VPN/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VerifyHardwareSecurity/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VerifyHardwareSecurity/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Volume/Diagnostic

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp

Files

C:\Users\Public\Log.cmd

MD5 6a2f870841e0126632f5b9bf0d000d6a
SHA1 51689e26641f0eb054cd90553a21a472a2e79148
SHA256 4bcbb565ad2fd05a4fc458cd68254853cbcbf5749beffccb2b1e22b8a53ecb2f
SHA512 de089c5d2dd691c64e38bdc82a2a5266e65cf8f9fc40e2d60ecded7a775922ae5100cc406f09346fbaf402fc1fe3074ca29ecd64119f7c490381aee72780bdb0

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_44jvl4e3.bzl.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1852-14-0x000001C9C2330000-0x000001C9C2352000-memory.dmp

memory/4832-32-0x000002A1ADB70000-0x000002A1ADB80000-memory.dmp

memory/4832-15-0x000002A1ADA60000-0x000002A1ADA70000-memory.dmp

memory/4832-50-0x000002A1B5D90000-0x000002A1B5D91000-memory.dmp

memory/4832-52-0x000002A1B5ED0000-0x000002A1B5ED1000-memory.dmp

memory/4832-54-0x000002A1B5ED0000-0x000002A1B5ED1000-memory.dmp

memory/4832-55-0x000002A1B5EE0000-0x000002A1B5EE1000-memory.dmp

memory/4832-56-0x000002A1B5EE0000-0x000002A1B5EE1000-memory.dmp

memory/4832-57-0x000002A1B5EE0000-0x000002A1B5EE1000-memory.dmp

memory/4832-58-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-59-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-60-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-61-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-62-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-63-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-65-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-67-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-66-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-64-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-69-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-68-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-72-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-71-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-70-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-73-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-74-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-75-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp

memory/4832-76-0x000002A1B5F10000-0x000002A1B5F11000-memory.dmp

memory/4832-77-0x000002A1B5F10000-0x000002A1B5F11000-memory.dmp

memory/4832-78-0x000002A1B5F20000-0x000002A1B5F21000-memory.dmp

memory/4832-79-0x000002A1B5F70000-0x000002A1B5F71000-memory.dmp

memory/4832-80-0x000002A1B5F70000-0x000002A1B5F71000-memory.dmp

memory/4764-89-0x00000186F2740000-0x00000186F2760000-memory.dmp

memory/4764-116-0x00000186F2A80000-0x00000186F2AA0000-memory.dmp

memory/4764-104-0x00000186F2700000-0x00000186F2720000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\VJ4UBUK8\microsoft.windows[1].xml

MD5 fd8dd34b110691be30e7dd9a85980568
SHA1 5f5e4ffb2b8d424180304c5b311f6a81303cc349
SHA256 5f1332f3a97608019bec2a06069701e49e123074aa15a0e4eabb766e2c082c17
SHA512 188e93127748f8e1f0f0bc625462bd13f615ac96ffefc0531df894e8c44479a2267aafff2fe84fe6c5c68b57d5d3667169383d1a36066e3756865fb5f4206eff

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

MD5 a85103cd820360e5d061373112ede58f
SHA1 77522693324a9ac16c2bf436cd4bb5b0ce47707d
SHA256 dd326d2351e65bcfb7cc116a14664532a7f9cc4f3340b63d666b51ec1ffc5d8d
SHA512 00011de54e94ded71b4bf178b5a2c276f25f47bffcca2ddabc427fb73735f04a7700c6d65a596c85eb519fde3edf23b26d44c6cb8fa0005bdf0aba43013bf518

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133758888105834385.txt

MD5 acaef159923856ea5385473680463f1a
SHA1 8c961466b14c2070162ba4c62e1a6a7bc125adb6
SHA256 43c06c4ece982a6d6257b4edb81f99761aaa6da3900bb1b3960a76796044d7c8
SHA512 5a2ce71643926da5478125474593fb0a814025d4a09c29f96ca7735b4a7cc27d7e039d04831928ddb56b1bc820fbe36cf283c513a9c47e75050a2b1239ca3edf

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json

MD5 6995ba55e193b97ecd12de12bd40faa7
SHA1 b935b51a5ad2b3fe18d798ec345d1c958e7ed2d5
SHA256 6be760b3f7a6c75cdda41413a869912583fa8a85e39284685810522bac30eb6b
SHA512 357e2a35efc6ef2e4f98a66677c51b7ea20bf17548feadc4ff0932ea39b681fc13d9a7f4da168e986132e5f8e688d54850fbeab1b55ac4089860ad76e076f3d2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

MD5 5f8ed1b2e05f4654943d688e99c8eb7a
SHA1 31574ff8a022c6e96d3b406e51fbb7c02f0163cc
SHA256 bfc111eeeb5090a11caed8d2cd71caa985ba8208fbc2ff60d3da97a6f3555391
SHA512 0ec4f4c498552cb29686c155fbb8784c47d925b3eaadd005d20a4b1ef9e7c091b4ed4368694702d0bdb7ecd55882b94871207fe581af40bf5eb83b731e38a086

C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 869564798e053885404f0bea336cc743
SHA1 9de398d1c4f7c9a795d1413cb113e873eab91a0f
SHA256 99acee41993bb552942f6db66200af0a3634c593b2af5c746f5d2bb85ddaf14e
SHA512 46db3d27ef140e2a0a616647f87dd0a2f576c57dda984a6e8fa3c39935a8bb6453fb8a9903edf8b654e17e6140798cdbe3f7bf990b00c7ddff73e45d4247fc86

C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 8eebf91ada2f41cc15e2838ec6ed77dc
SHA1 909760a59d6f3e7f6cdc3f1c5b1178d316961a56
SHA256 b0853893c8984f2b6f0ae9344c1514a7fd4f35eb91b79e7f3682ff4c16145319
SHA512 3607d812cab26690d0597fe7e9a6f8729d059b292a39ac10d5dca51ff9fc24d443a1098e668f44cd4c59bb365ad2c89bc6bb50c33116094ac39cfad059da55f5

C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 b04abd16c8f95e9d8d9b0dbcc69f8e47
SHA1 f786f280736c58120f2ac08442e0fc89dda0646b
SHA256 2f8b974cef885370f12058e07b44f8ac929aef0d148bc7780dfac18755a12f6c
SHA512 15df7f81abb1f523510dec83fc3f142e1ef062b68628ad47a8027eadc1dacf74dc5fb07a56a1b06988b34f65000077fb96dbcf1b79d8177dbe53c71c9ef2246b

C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 14f405342d3ba6b4af5a603ca7d94932
SHA1 8b558e83c22fd305f283dabde13c3ccaabedabc6
SHA256 7539063afdcd2e8847e356257a0558880dd9f6056555d57b35fc05f57327e68b
SHA512 ad97c572a2063b40c96007fa7257fc1e964e554def92310cdad33f5ae01e5efc5468d52746e19c6ec1572ece3c0683188eb38f85786ba1d00cbfb1082aac221e

C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 bed2c8d80e5af2b3767ff3f24c451dd5
SHA1 b0778ec6c07ebe5b3d2c8a8b42ee5ac2c66a25cb
SHA256 295721d379c602e76f89f54a84e65846cffab3c6242da10b3e58dc8424b159cb
SHA512 634ecfa786d9ed2be684dad3e73ad3f493a3a0e55b9143b1cbca51ba5fe03c3093cde516d77a86cda26e967e850a8163f6d0425c10313d16db51efd6fe9c618a

C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 c8bdb7451b776069a5d2ae92a5c82006
SHA1 4d7fa17d9043ab3547ac8dab10600b430586d265
SHA256 4d746412950b914561c704414e79003a11cb74292ee3c56892c005c71236e0e0
SHA512 ac0804c8fa47c56d4a2ad2bf3d0d0268691db6941df0014cc5ac5be09e7ec6fcae87f3ff0ae4bc0e1e4e95bb74550d9bf97e52dd6245b61065c918a32ac7d576

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 b886d9a16b7cd67a75641dcbe4de70bb
SHA1 88c0a6c8e786d8ebd5b3c9ec235afa653bca9e2d
SHA256 9a48edbacbbeb031852a110d6130625164c77c1a57bfb7fdb25af383dea1de7f
SHA512 db4e2672305dfec0038e9f9f1ece251aca42dc3da91b61b27a87e73e0276ec5ca991dfc9397033536c9b70d4040eb27a2ca394f2f5c1d3c1f2bfccc6e087a0e8

C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 1acaf9f59db4a3cb3d3ac35e6cfa87ac
SHA1 8cbc3f8f807cd60512a8a3c9340eba7da5a08a5f
SHA256 759c07cd9a6a7695ee34a69bb78cb60b535ed11d0ca957a4dc21dea3e083a833
SHA512 eb26fd43772fa9705f9c5e6ee16827140a97172edee8be606ecdf6c8105d6875e66fcc2fa6bdd64be88611944944896382bd007bc63ec7bf48c2866d96817de9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 3ea1aeebc2c2e10d9e017ebb1a47a9c9
SHA1 72c2cbf96409f3ccf425e2d63c286cfc3f4ec667
SHA256 97d26b573565d4f5778d6cf7dc08a916f7d061113f05d32ddc66ec404f5d9035
SHA512 40249060629fd7ec01fa4bf717e43f2068cd065697c0b1cccfe23a1ba1574342037b16d25a0665ea35d01cb0342e0b03789ea0850ce9ab41090adb0426141a43

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 7456c5205940b5b324fea5221107b90a
SHA1 77dbe7fe68b9ed8f81c2d199d39af351e155a1d1
SHA256 3f830414f7ca5a3a53b237c075670594c00089ccf58840afdd319b3016d5e27b
SHA512 9091d9c821c5ba3cbd483e77f89396a0e060e457fb841eb74e7c783ca3af1713ce0ef002de02413ef99e61b3a634efc7e622053e43ccaa14257e081dc65e0c5c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 3dd7695b7a48966985d0c250e5d4a9f8
SHA1 afdb2e425157200ab6ac6e701e63502e2f626c38
SHA256 7628994e6eb09b435b398eecfc946bd0bee54ddab40a6c0c50ac2da13644654b
SHA512 ecc58ed6dad2f1dc430b1080e1bb89504f675239e83d28ca6fc2b2373d281215ee66dfdd2c6677fcac82292f30b85f78a36b3a3904e39151027852fcb30411ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 16efaacc07c9dbcf4151e4e7633605b5
SHA1 28e9e81f4942b6521036b1d81a567e4beea224e0
SHA256 653548c1ae0ae8426dba7c3c354c7b3b244e58741e6ebda5f636150b3676c218
SHA512 6c941d2024a77177ad92730fc8c52fe6db0468c4925c06ee3fab38d848f04c4734b427d580c0776477ec6aef106fbd5351130aa54b3ce372baa79d03be43fea2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 acbc97eca2da7c28cdd8b6982900b3c2
SHA1 692a67f25418330ec0bf0fbaea30ab4c6438029a
SHA256 ab6f8e491f96ad45c606da70029ca48ee1e425b8f06d1b8461ac169a03e039f7
SHA512 d5f46b2c56fdd8c74009f9a774cc6b8421f8de4ed1e5fe044b0f73296015255f7a50f75cffa002220bf056a2001a031dee32637ad3c12db5ba26e58fc3733c42

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 9918e2b9676e0d75567efeb76f257054
SHA1 ffe9d8f38721f1ea78c4c89d556527a5053ffea6
SHA256 4dd60eececc1340008d868a65d9b3e96a0af9aac37c4a036cd603c4d1f49208f
SHA512 b9d6319c16f6819e42ba75d64e9852a2281199e94518eaebe64b1339d46bd0bf8a6cf3d905031fa03061a2a3656047c8f6639601d7a1911b31039e4cf71421aa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 af392e620833e0e8af781c2689a2a0b0
SHA1 ceccd82cad1abbb854c9013c5d34fdbb762fbb9e
SHA256 4508bcf09fab9ff070c631b070c3c2cf24a26d8a063bf3e65937dd5796823954
SHA512 0adc72ec7361eafc5e5a1f9807e8f1df7cc018ab5dbf28437cc41964cf831b11ef2c7406cd55b66b1285899097cba472201d35c60d8ad70becff07b1a73b0e1f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 3f8df00686c724ce86670bc19559b570
SHA1 97571df2588fba35c3a7579f42c69589c93cf18c
SHA256 b195d589572c0cda0b79f6c061256e1479e7c283f5dba066de5279bfab92fe96
SHA512 efac0b7f83c1ee735256b45cf231bafa08d21b6b05e0b2ae10480ab5b0d5c3936da83f63b57f7c1be17345c4adb3bd95c205ffd7b47184620bf50050857e4d73

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 828ebae8e40ce1fe4b13d8f9acbf5342
SHA1 f993812171b5df1b52574f5c42b49dc23f4b55f5
SHA256 4377adde326db4bfaaa3f56e3c223a368de173c3103bbf1c7d5e1d1baaba7faf
SHA512 1788ac42ed9df96c5a5240785c7ff7bb38e95b721498874856c83e8ff8d0e83f04e18f71184e6eef5fac6ff509ff221446c7ec36aae4193b9e1b443891e13b29

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 9c5f0b9031f189d3b0a680d1c52da6be
SHA1 8c33b5f76a9c6187ebc1422875e7c9eb8ffbf24f
SHA256 2133b0b9cdc929706fbcbfaf04eda78fc54230e53ac2551d1e4702ef264bcdc6
SHA512 bfad5cb1f8f129a0af25485bf8b777d093bb1d7fa384b8d45d9642a6939ba851005104f2493bd9deb8f6acbe55a75ca12d14555e106eec024fb48ef824d22227

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 46708c8fefcce3ac21e06cbc52c6726e
SHA1 e1b79726266e8fa799f137a77a098de9260b582c
SHA256 c3e634f942ed0184827c02e1338a70179e605ad93226fa7df01783cebcd02bbe
SHA512 bb78dfdb80a01bc9c78df568b4caab8f205d5cc0fdf6d6fa483b35e326fdf6573ea6579586a0ab3a0eaa1409c0073a58bafc414af9af1ca6a7c4b2a346e2da63

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 e45e45bc0ccfb607dc60029547a1e767
SHA1 6cd00c75f3062a2c649d4d03deb93373e1da2799
SHA256 d90ac7b52d0132d1fd9ce9811e287b644623606122b9cf34c3cd38f2749bd4f1
SHA512 50765cce0054b992e2f6ab302b922d47b3444b348385bd0cdc564bda300524050e2c16afcf15d513050fbd20b035f06ffdb2b392e984d358ba91c513b1ca4084

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 2592f2cdbf580c8742230e0f68671cf5
SHA1 698954580bc0bb1703285dc2ef133d798becbef0
SHA256 cebf43161097f1bf3ad1bdf9ae7f0278e84644065c2853fdef692b5fdc8d0e1e
SHA512 278d27c5967209c17a527cb7e129fb4a1c555259fe03a49e0a874100e0f36258bb42c7975311977f25d7782551882902ebdd539469dbd10f9c8d67b15d9f2dfe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 b7693656ad7d8e7e8f75684482868691
SHA1 28955497897ff19f8cc65ee3d88a7e162a3a4974
SHA256 25be5dae27157c88c9767bedffda995882c11837145639501b8366b917b26d7e
SHA512 151fbd66592a35707735f5433597709e4f5bbb91e72948a238cce08706e3bef6f47d851bf489c6f9429b457b6bc3058dea31dd892dd0e0c657ac02da333a8074

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 2ea6e521f02d3317291c7d8bc8e7ace3
SHA1 fd0a96ed6dd6f10f5927bdc27aac539ba5593b38
SHA256 413a38138fc0c195e98c3e851d2cc5f58502c73db761c45424d44d2dd4af272d
SHA512 6eed6db78e9344e3dae37200956ba235b7fb3e64953077b26a061fd89689502763ae9ccf2f5056ba4adbcfbbc54b2ba16618c2c6def11ab2dc1a67612c9aeb1d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 294dca633e67fecd0623456bb04cfabb
SHA1 b0ddec972da279c2293fde3ee814edf37cb8bed2
SHA256 839e0cc5b6c5273c55ab7cd2f37d12a10e3e4de6eb42ab805088032b1f4dce4a
SHA512 5163e076985688b1aa8a5a2bb7da84fe03a64b1229b64a0d3fb67db6fa66ea46489caecefd5824b9b6009002c6731b615e7827e2a85d6c2dc16e14fa3f781d80

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 55fae6d156c9eb9e1ddf4d1f31751eb3
SHA1 b4575c8b60bd8402ab4d1bd16ee24fc70280ac5f
SHA256 ef0d58859833c41f86e571067d85de47e807d308e6ac9e5da986c92b0c3e171d
SHA512 82ea5708fdc1bf11940760238ac2c8770d2269104f52c267f7972dd9b4462384c484fbc1df5a1d9f9db5dcf29d33d8b756e185b5b96f026d70f1c42fab5697d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 7d6563e9b52011b74153361ddaed0389
SHA1 8ddd4109db5d0ef8a798958dcb746a6eb362e6df
SHA256 1b3fbcc146cc0d77f43d8bdd503265d1f357558cc4dc5e37def576dca4c8afe6
SHA512 d401455f9d47d40ecab79fbc477241a7b21dede6518af967964ecf99f6d35482fa293961168ca6feb37e51f6687c26ddf9796868fa3bd0a250109f44959d09d4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 91bf1bb972d173d42ba11255eab7b420
SHA1 a28956a65f62e455e742573d4bc6d171c1dad344
SHA256 38ce84e808db701d8f59fa3229c9614abb300c60ffa85505f95975b9e8e9812c
SHA512 bb8759314a03103d6849bacd12195a16cb12b70295f9829353d59d7f79be9e2eedb82569d92c713c0070da40807b769d4c58f832c386839ccc4cefda7a0d8010

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 ec5624760f8a49feb51830f001d484ad
SHA1 fd525d2c75c17125d5375d40f78e7cf5e3aa7585
SHA256 7d5fed0e7955745408bd1640346b9591d8d6316e50a9190ae358663facf9d6fa
SHA512 102a13fff23745202f4e29fd4e7eb03a81cb603b800d4a048d9384a8ae980ee5d1047318dbcebaf5f943f5909e66e9527281e189069c4546dd9398ea740bd82f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 16182b8f3da81f3915c83b2af922ee91
SHA1 dd444cd8d808f2547d93fa6b3fa323a4250a7875
SHA256 9338e67ce108687a92620136c8a641225847fa0bc56160b9a77cfdc69809edd8
SHA512 8e009ae0fea08d5289e978d5638c897fcabfafa695d156fcb024dc5574b925135ff59640ae313f366dbdff297fe3f8280fdf0451ff7e16eedb307ec6ff1e0783

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 62f0e098994ad0b3da273dc98da4d823
SHA1 71d38fd7b2dc8c97e12fae4e410e34fbc5bd94dc
SHA256 d1ef60c4e03d968e467564d5ca2b1f3375061d4344977f82b665db2e5c6bac03
SHA512 7db8936f517f054ed320d48ab551121dcb0ace74002bef5e15f3076a559415479bd0d188ab38e30d5715f739654505d7338cfecd0b3a35bcf1c7718035001aa2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 2215fd64e57f0efd00fbc41e5b64df21
SHA1 f70605046695daa0dc57f574cdad79e361938b48
SHA256 8792f9f454eb6376cdde42b504aae225712fe6ccffb298d326239abd21e8bdf8
SHA512 ba42ab1689576d0d3cc762865214a15c75e7e4058fb9370cf69d1ec95c99b2f539d401e55f69ee99fa4b9423c675c21811a772e76968d4d95642671df4a85efd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 109fa08bb3067b4714f86599a0fff40f
SHA1 927f63a95f6d05add5bb14abcf069b531b42406f
SHA256 b2f7ec829691cbc17b68f5163d2af1542b7f8ad112c88b3554290f8c3dd47efe
SHA512 91b7b093dfa2397b5dee47486483b3dfc6bbeb1a530d971194835f324878cea9fa5b4f459ab1248882a039e3aceeac6a88ac72a64d236245f6e2f4c7baebb246

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 116629b9d5d48febd2a2402a38de717c
SHA1 4727ef21632b15a27909f76fef93cbd0da67917c
SHA256 30ce23e4cfa456a7b5e3aa50de4cd16ea603fd16dfb3591dca7bb37f5e659503
SHA512 75203283fe36081aa0917e8b2bdc97c7fcf5af690e49d68e9171916818804b1c388b2bc97aae646ce4c1d596a05971eab2cb3f6c0c56ffc666cbb0043f344d73

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 3afb77239d81f493d5a53a9d646a10c9
SHA1 8c01d9df2422b60a6ded45440a5ec34d6fa85d5a
SHA256 4c1a3c02c00ed5cd57ea4125c8cfbb9e55637559d57a8ba5ae0189c7be2f6a26
SHA512 4a55bcac10c10e9b262d147ab59d414dc60ceb49b06c824294931b606fb9cc96189ee62065dcf873c84974064559b9ac82dd3cd408a2423a6399bf98881ce74f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 e3412a4e34b0242ab38d10f52c952aae
SHA1 0aa037b0caee120b6f6cf05f5e184b8dd04394f9
SHA256 d9feab8f5ebd8b6abe4ad3a6f737b75f1a4ef78b80f3fd32416da3a1b04e23a1
SHA512 69fefab102e91aee67a05478834621695118b40a87f7f4832c52dfeec6a3cd4b1e94111255e8685208ad9f6bff451edb5dce9387b558f855732d5e693e6ce8ec

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 454d3f289158bec2468722fd0bfc71d5
SHA1 4e1b1fbc2470a2280177d790d42f6de119554ac7
SHA256 83e7b41135a87b497ee40fde4267c724b6101ce352c30dd52f62be2e66695b60
SHA512 bcc26ad11b0889a6b1173615de871dce82387842d647f196226674e9688d2d2759cafe25585b6aae921137ed0803b691141dbfa9a4daecee2e5418cee6ae18f6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 24e1accbf53e3eb3973277f912ec2a7b
SHA1 a77be647eaf7998daa83e63038e26df2643ca3f5
SHA256 6d5664e9d143a9c82c970db63b53ab421965e879d202e4b72b40adc5707c2197
SHA512 ab8497d21da4323fa57bd5617b524b6bc2b48687fdbeb10463d625172a9b3dc105b19678b2a7ed9dcb1b7e09a6a3d7b7d3e3d292a26b42ab46dacdd576f8b0d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 2e2d04058a14a22fa26acd73f3c9ce1c
SHA1 165c5ed1ff7b1b30f16c769ecd41d8d9b4cf60ea
SHA256 e9b34a510cc238cb858e73e195bea4d8137d1c5179e9bab0aecfee2f4871c556
SHA512 e048666fed72fe751349987bfefaaec818840e427f5e4667535918142f4919e1ab7cb01cd556b6d951452e780647535f1d59ac577605386dc70959acfb5d09d1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 f5145304a7f71024f73cdb5184a15ecd
SHA1 49a8cb3e57ba60b3b8348b8a0795f116f1b4d371
SHA256 5b3633f9ecf5e3fb14bb49dc9eec42c4d40b84c6d2ea3f8d70b017dd58b18456
SHA512 c855d4f13eaa7beec7b51c2099f15dfc571465cc5533f3fd721992c38dc6fa0634bde5559798f88fa38c4429c14adc6ac884e4cc6301629d90a4acccb3e91e88

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 33df24054ea31c09795e9323e9a5ff8b
SHA1 a55dd60504ab91d505057a5f140a69e62879e0bc
SHA256 c0a9d6bcbf196d498939f50df09b2212aef21ba6f50f5280d0070e3c8f1c187c
SHA512 0f804fbc7b44f6a156535c2083b9ec5833a8208d5e1beb0cd980261c2426a4959e27c15c62e6e8907de04e8fbd4754dcfb7ca5ea2ef2f0c96c7f856fcd6bfdcc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03

MD5 232c4989060d704ea1d0ceb1e7845f00
SHA1 a7ae76ad3e6000184d2b0d857ea608a94d4cb632
SHA256 9ad02234c534534ab6f9eaa007bbd51dfd61c0ab4b455fe2b2f4bd3e5602457d
SHA512 58e339a6609758ab053881312facf6e19547e0e8cb404882471de2557c36c25098937c6a9662328fd42a2171c90bd1ca25491cec00629ffe8e8ce5bdf92540a1

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jcp

MD5 68cc17177a8f3bd071828a5ad06a07f6
SHA1 fe94c2e0b7210afb5e3d0fa819b566a2d276e43c
SHA256 8b6a4f4f126e81f7f5f4f7c32236c763ae9ad2266df8fd90e36905bc6ca6279a
SHA512 0ba9c3a8fc030e3a03b1eca189cfe1b44a703198d32e5cf4c2894a0d2f157cb45a526160ebedb2439e22e366386f56a6f95925a0615984fc717ba9279179ae03

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 b542bd8a32623d5cf1c907db568d46a8
SHA1 49fe96f250aa5f2696a91daf18801418983095e9
SHA256 638ddab398a968ff6098f7ec7b84fb5c6c338b5142185656f987c8b7b7d21146
SHA512 3a7942e6fb9f9d12856bb0cf4356ca948d5fc3aa41a2d7e94859889f5654fb6fc01194b010b375f3d6f8a1ef6a1e91b6f03cddf7baea26c3f609b0dad069af81

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 4c2bb3880f7367a03bfe7df15bd28292
SHA1 486f7e084fa34bf5b0a242f50a22596ae12fcdfc
SHA256 c14113c49220e367d0e250dc584b5bc1f9bf31f1c24273e76a8428d9791b7281
SHA512 a7edadb2d580303f754cfef46bef9687ccb6c569a77a85545374e6375922f8e7169faf110a999950a5e80ebb6b3446ee0f20547bb9879b7b24b193c1ba047351

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\95d9a2a97a42f02325559b453ba7f8fe839baa18.tbres

MD5 26506bceca1fd47f39284cbb95092f5b
SHA1 4c42f13ac5d9998c93f3d733a9c4dbe5c6415202
SHA256 2294896bdacd627cb039e76c0eb2f20f1b5a1cf526f84b560111af25af02f17e
SHA512 a76837a383a77e32f040cce0aa5713dd0d4fd8a09d732f01335c1ab688dfd734325cd548a34614f6c55bb8d9dffd809a89ad2957f0ad7c459984d1c31aa120ff

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9b2529d7-ec79-4260-a2a5-2621b8303a68}\0.0.filtertrie.intermediate.txt

MD5 f66204ddc2e55a4ba416e9768bd5aeaa
SHA1 0ebb17602b92ee42cfe273619c17c043402cc5dd
SHA256 232204c0488a893d3f9e8efdfbe01e2fc85561f8776449c804226717c394c631
SHA512 89df48f41251e2d0f4e6d0aa27a5edaa83b8d2316e9ef6249ac81c176f240106174620a1a70085e88dff6141319f2cff404f2f493d2240ad90e95bd812c9ede6

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9b2529d7-ec79-4260-a2a5-2621b8303a68}\0.1.filtertrie.intermediate.txt

MD5 34bd1dfb9f72cf4f86e6df6da0a9e49a
SHA1 5f96d66f33c81c0b10df2128d3860e3cb7e89563
SHA256 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c
SHA512 e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9b2529d7-ec79-4260-a2a5-2621b8303a68}\0.2.filtertrie.intermediate.txt

MD5 c204e9faaf8565ad333828beff2d786e
SHA1 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1
SHA256 d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f
SHA512 e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9b2529d7-ec79-4260-a2a5-2621b8303a68}\Apps.ft

MD5 21de42414cc2933affe1828f1ed2a29d
SHA1 1e12e4c389cfc585798e6098eb1fc1dae7f06afa
SHA256 0f10432bb37db721342c227cab39b2309b007c8a1cb7eff2b9b76568e2c69c92
SHA512 1e2607e4fa237e88858e9733ad7adfb2d2fe0f861611f5a2d9e04b8cbee83c68b1ccc30d6a0740a5c64ed55fe62786c489dfc38d8396cfbde56c46b34bc6cec4

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9b2529d7-ec79-4260-a2a5-2621b8303a68}\Apps.index

MD5 b2cef728978026d476329fa104dd233f
SHA1 9b7bef0b534d8e617dea0720c6c924278f14e684
SHA256 60ae00e7bc8fbae18202e651929861d8860a4b6cb6ff7ae782e120468eb7be32
SHA512 33c0dc6afebd4a4a5af2480af84eb589d5776eaf12c2ba5ab4fd3a7d54e35df4cb6abfe06e6c5a370fecdaa9f45f57f6980f7f36088ceacff03a4db61d79013e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\apps.schema

MD5 1659677c45c49a78f33551da43494005
SHA1 ae588ef3c9ea7839be032ab4323e04bc260d9387
SHA256 5af0fc2a0b5ccecdc04e54b3c60f28e3ff5c7d4e1809c6d7c8469f0567c090bb
SHA512 740a1b6fd80508f29f0f080a8daddec802aabed467d8c5394468b0cf79d7628c1cb5b93cf69ed785999e8d4e2b0f86776b428d4fa0d1afcdf3cbf305615e5030

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\appsconversions.txt

MD5 2bef0e21ceb249ffb5f123c1e5bd0292
SHA1 86877a464a0739114e45242b9d427e368ebcc02c
SHA256 8b9fae5ea9dd21c2313022e151788b276d995c8b9115ee46832b804a914e6307
SHA512 f5b49f08b44a23f81198b6716195b868e76b2a23a388449356b73f8261107733f05baa027f8cdb8e469086a9869f4a64983c76da0dc978beb4ec1cb257532c6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\apps.csg

MD5 5475132f1c603298967f332dc9ffb864
SHA1 4749174f29f34c7d75979c25f31d79774a49ea46
SHA256 0b0af873ef116a51fc2a2329dc9102817ce923f32a989c7a6846b4329abd62cd
SHA512 54433a284a6b7185c5f2131928b636d6850babebc09acc5ee6a747832f9e37945a60a7192f857a2f6b4dd20433ca38f24b8e438ba1424cc5c73f0aa2d8c946ff

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\appsglobals.txt

MD5 931b27b3ec2c5e9f29439fba87ec0dc9
SHA1 dd5e78f004c55bbebcd1d66786efc5ca4575c9b4
SHA256 541dfa71a3728424420f082023346365cca013af03629fd243b11d8762e3403e
SHA512 4ba517f09d9ad15efd3db5a79747e42db53885d3af7ccc425d52c711a72e15d24648f8a38bc7e001b3b4cc2180996c6cac3949771aa1c278ca3eb7542eae23fd

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\settings.schema

MD5 ac68ac6bffd26dbea6b7dbd00a19a3dd
SHA1 a3d70e56249db0b4cc92ba0d1fc46feb540bc83f
SHA256 d6bdeaa9bc0674ae9e8c43f2e9f68a2c7bb8575b3509685b481940fda834e031
SHA512 6c3fcce2f73e9a5fc6094f16707109d03171d4a7252cf3cb63618243dbb25adb40045de9be27cad7932fd98205bdaf0f557d282b2ba92118bba26efcf1cd2a02

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\settingssynonyms.txt

MD5 003ece80b3820c43eb83878928b8469d
SHA1 790af92ff0eb53a926412e16113c5d35421c0f42
SHA256 12d00eee26e5f261931e51cfa56e04c54405eb32d1c4b440e35bd2b48d5fcf07
SHA512 b2d6d9b843124f5e8e06a35a89e34228af9e05cbfa2ae1fe3d9bc4ddbebda4d279ce52a99066f2148817a498950e37a7f0b73fe477c0c6c39c7016aa647079a5

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\settingsglobals.txt

MD5 bbeadc734ad391f67be0c31d5b9cbf7b
SHA1 8fd5391c482bfbca429aec17da69b2ca00ed81ae
SHA256 218042bc243a1426dd018d484f9122662dba2c44a0594c37ffb3b3d1d0fb454a
SHA512 a046600c7ad6c30b003a1ac33841913d7d316606f636c747a0989425697457b4bc78da6607edd4b8510bd4e9b86011b5bd108a5590a2ba722d44e51633ed784f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\settingsconversions.txt

MD5 721134982ff8900b0e68a9c5f6f71668
SHA1 fca3e3eb8f49dd8376954b499c20a7b7cad6b0f1
SHA256 2541db95c321472c4cb91864cdfa2f1ed0f0069ac7f9cec86e10822283985c13
SHA512 5d1c305b938e52a82216b3d0cee0eead2dc793fac35da288061942b2bd281fb48c7bd18f5fdaa93a88aa42c88b2a0cce1f0513effb193782670d46164d277a59

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\settings.csg

MD5 411d53fc8e09fb59163f038ee9257141
SHA1 cb67574c7872f684e586b438d55cab7144b5303d
SHA256 1844105bb927dbc405685d3bf5546be47fa2fc5846b763c9f2ba2b613ec6bc48
SHA512 67b342c434d8f3a8b9e9ac8a4cbd4c3ef83ddfc450fe7e6ad6f375dba9c8a4977a15a08b49f5ad7644fbde092396e6da08865aa54d399836e5444cb177a33444

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\appssynonyms.txt

MD5 06a69ad411292eca66697dc17898e653
SHA1 fbdcfa0e1761ddcc43a0fb280bbcd2743ba8820d
SHA256 2aa90f795a65f0e636154def7d84094af2e9a5f71b1b73f168a6ea23e74476d1
SHA512 ceb4b102309dffb65804e3a0d54b8627fd88920f555b334c3eac56b13eeb5075222d794c3cdbc3cda8bf1658325fdecf6495334e2c89b5133c9a967ec0d15693

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 440cb38dbee06645cc8b74d51f6e5f71
SHA1 d7e61da91dc4502e9ae83281b88c1e48584edb7c
SHA256 8ef7a682dfd99ff5b7e9de0e1be43f0016d68695a43c33c028af2635cc15ecfe
SHA512 3aab19578535e6ba0f6beb5690c87d970292100704209d2dcebddcdd46c6bead27588ef5d98729bfd50606a54cc1edf608b3d15bef42c13b9982aaaf15de7fd6

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 96ff1ee586a153b4e7ce8661cabc0442
SHA1 140d4ff1840cb40601489f3826954386af612136
SHA256 0673399a2f37c89d455e8658c4d30b9248bff1ea47ba40957588e2bc862976e8
SHA512 3404370d0edb4ead4874ce68525dc9bcbc6008003682646e331bf43a06a24a467ace7eff5be701a822d74c7e065d0f6a0ba0e3d6bc505d34d0189373dcacb569

C:\Users\Public\Del.cmd

MD5 ec6f5056a81f8cd0039405e8539aff7d
SHA1 b141d0bc1c2a4aea92fb7cda27f084a357060ecf
SHA256 46d324eb3c936dfd8b446dbb637e4eb9d49f9c187d236905a4877947c09d76cd
SHA512 8ffa6bc23234180e574e17ff7a0beadbc37c7a4a52e00fb68eec6b63f21250488d109b5009d4ee267b75d093ff51a5ee29249aef7eaf67072dba866e2e2bc3f7

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 f4e3e63ac395c1ef5a54799f4edab643
SHA1 b7a0b2758a60bbad146c624564b4d04f3d936d15
SHA256 f2c0c59424be3ec1e307f0c38ca9e687ee8c0ebd2b9affddb8c62cac7c420a33
SHA512 719286b7925cb70baaf9277ca8b5e0dbbf65b96cbcc95ffabecdcae90a2708d15db393e8290553a9e9c53e547e87967e022ca57c8fdf6285b5039f506ae5b0f3