Analysis Overview
SHA256
f1f72dc070609ea57ed4e3e07fab2de6770f9bcae6b85ec395184f9fe2cb2cb7
Threat Level: Likely malicious
The file XorEncrypt.exe was found to be: Likely malicious.
Malicious Activity Summary
Clears Windows event logs
Credentials from Password Stores: Windows Credential Manager
Reads user/profile data of web browsers
Deletes itself
Power Settings
Drops file in Program Files directory
Browser Information Discovery
Unsigned PE
System Time Discovery
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Runs net.exe
Kills process with taskkill
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-12 12:39
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-12 12:39
Reported
2024-11-12 12:41
Platform
win7-20240903-en
Max time kernel
88s
Max time network
88s
Command Line
Signatures
Clears Windows event logs
Credentials from Password Stores: Windows Credential Manager
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\management\jmxremote.access.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Defender\de-DE\MpAsDesc.dll.mui.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\highDpiImageSwap.js.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_es.dll.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_tr.dll.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseout.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.key-CGVLWKISXARN.0xcf5060c6febdc | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
Browser Information Discovery
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcf5060c6febdc\DefaultIcon | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcf5060c6febdc | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcf5060c6febdc\DefaultIcon\ = "C:\\Windows\\System32\\SHELL32.dll,47" | C:\Windows\system32\reg.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe
"C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe"
C:\Windows\system32\cmd.exe
cmd /C "reg add HKEY_CLASSES_ROOT\.0xcf5060c6febdc\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,47 /f"
C:\Windows\system32\reg.exe
reg add HKEY_CLASSES_ROOT\.0xcf5060c6febdc\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,47 /f
C:\Windows\system32\cmd.exe
cmd /C "iisreset /stop"
C:\Windows\system32\cmd.exe
cmd /C "NET STOP IISADMIN"
C:\Windows\system32\net.exe
NET STOP IISADMIN
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 STOP IISADMIN
C:\Windows\system32\cmd.exe
cmd /C "net stop WAS"
C:\Windows\system32\net.exe
net stop WAS
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop WAS
C:\Windows\system32\cmd.exe
cmd /C "NET stop MSSQLSERVER"
C:\Windows\system32\net.exe
NET stop MSSQLSERVER
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop MSSQLSERVER
C:\Windows\system32\cmd.exe
cmd /C "NET stop \"SQL Server (MSSQLSERVER)\""
C:\Windows\system32\net.exe
NET stop \"SQL Server (MSSQLSERVER)\"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop \"SQL Server (MSSQLSERVER)\"
C:\Windows\system32\cmd.exe
cmd /C "net stop MSSQL$SQLEXPRESS"
C:\Windows\system32\net.exe
net stop MSSQL$SQLEXPRESS
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS
C:\Windows\system32\cmd.exe
cmd /C "net stop SQLSERVERAGENT"
C:\Windows\system32\net.exe
net stop SQLSERVERAGENT
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop SQLSERVERAGENT
C:\Windows\system32\cmd.exe
cmd /C "net stop mysql"
C:\Windows\system32\net.exe
net stop mysql
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop mysql
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlservr.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlservr.exe /T
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlceip.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlceip.exe /T
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlwriter.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlwriter.exe /T
C:\Windows\system32\cmd.exe
cmd /C "Del /S /F /Q %Windir%\Temp"
C:\Windows\system32\cmd.exe
cmd /C C:\Users\Public\Log.cmd
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" el
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Application
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DebugChannel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl EndpointMapper
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl HardwareEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Media Center"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEDVTOOL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-API-Tracing/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AltTab/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Problem-Steps-Recorder
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-TaskManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite-FontCache/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskRingtone/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Feedback-Service-TriggerProvider
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GettingStarted/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotStart/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPBusEnum/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MCT/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/WHC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeopleNearMe/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Recovery/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReliabilityAnalysisComponent/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-UTProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Leak-Diagnostic/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sidebar/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemHealthAgent/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceNotifications
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeControl/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeSnapshot-Driver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WABSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WCN-Config-Registrar/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WER-Diag/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-AutoConfig/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-Autoconfig/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLANConnectionFlow/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMI-Activity/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCCore/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-Service/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSSUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-MTPClassDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WSC-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WUSA/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-MM-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-SVC-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-UI-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO-NDF/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebServices/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Concurrency
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Power
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Render
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/UIPI
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHTTP-NDF/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHttp/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinINet/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Windeploy/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/WHC"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsBackup/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsUpdateClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wininit/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-AFD/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-WS2HELP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsrv/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-mobsync/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ntshrui
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-osk/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-stobject/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl OAlerts
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Security
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Setup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl System
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl TabletPC_InputPanel_Channel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WINDOWS_MP4SDECD_CHANNEL
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WINDOWS_MSMPEG2VDEC_CHANNEL
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WINDOWS_WMPHOTO_CHANNEL
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WMPSetup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WMPSyncEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Windows PowerShell"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl muxencode
C:\Windows\system32\cmd.exe
cmd /C "Del /S /F /Q %Windir%\Temp"
C:\Windows\system32\cmd.exe
cmd /C "powershell \"wevtutil el | Foreach-Object {wevtutil cl \"$_\"}\""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell \"wevtutil el | Foreach-Object {wevtutil cl \"$_\"}\"
C:\Windows\system32\cmd.exe
cmd /C C:\Users\Public\Log.cmd
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" el
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Application
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DebugChannel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl EndpointMapper
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl HardwareEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Media Center"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEDVTOOL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-API-Tracing/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AltTab/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Problem-Steps-Recorder
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-TaskManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite-FontCache/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskRingtone/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Feedback-Service-TriggerProvider
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GettingStarted/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotStart/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPBusEnum/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MCT/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/WHC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeopleNearMe/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Recovery/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReliabilityAnalysisComponent/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-UTProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Leak-Diagnostic/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sidebar/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemHealthAgent/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceNotifications
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeControl/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeSnapshot-Driver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WABSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WCN-Config-Registrar/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WER-Diag/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-AutoConfig/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-Autoconfig/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLANConnectionFlow/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMI-Activity/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCCore/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-Service/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSSUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-MTPClassDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WSC-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WUSA/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-MM-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-SVC-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-UI-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO-NDF/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebServices/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Concurrency
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Power
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Render
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/UIPI
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHTTP-NDF/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHttp/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinINet/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Windeploy/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/WHC"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsBackup/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsUpdateClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wininit/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-AFD/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-WS2HELP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsrv/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-mobsync/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ntshrui
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-osk/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-stobject/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl OAlerts
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Security
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Setup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl System
Network
Files
C:\Users\Public\Log.cmd
| MD5 | 6a2f870841e0126632f5b9bf0d000d6a |
| SHA1 | 51689e26641f0eb054cd90553a21a472a2e79148 |
| SHA256 | 4bcbb565ad2fd05a4fc458cd68254853cbcbf5749beffccb2b1e22b8a53ecb2f |
| SHA512 | de089c5d2dd691c64e38bdc82a2a5266e65cf8f9fc40e2d60ecded7a775922ae5100cc406f09346fbaf402fc1fe3074ca29ecd64119f7c490381aee72780bdb0 |
memory/2628-5-0x000000001B550000-0x000000001B832000-memory.dmp
memory/2628-6-0x0000000002810000-0x0000000002818000-memory.dmp
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 67cf5011fda726528a7e67fd20fcd601 |
| SHA1 | 600d48d216797cf533a28f7f8e72e83d539193f8 |
| SHA256 | e7e3eaffdc919c34ee7efa40b5476ab7c97ce30b5257b08c48d5caf06d093709 |
| SHA512 | 6a03e89220e542d939a0d389706f1374edc31fe65c636a6e5d75dc498b4956af1b5d39cf16982d0c69cefd1161148fd8cd37826927cf90f07e010c0991966583 |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 7e92658c84875e8a9cd38af52a1052ca |
| SHA1 | 4441d96700bd9122cebcd174dcf3dcaf1ddba360 |
| SHA256 | d402eca4d1fff0e7ab6945570572d2c22c59b50b1cb9832ae2737fce929ea084 |
| SHA512 | ade04dcf6ea84f17e3d02bd4383512b38bbafff96e1a65f929664e4a90f9f0c6c696464a3677ce8fa36e67b089e779451099aa3dcedae666adacc1af6293accb |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 76be0b072abcb1886a57848293fdaeab |
| SHA1 | 9e2dadf62c9849316a217ca3e53101ff7e959a56 |
| SHA256 | af63f627c6f3e1eeeecafff4d1d8d833812ea365ac764bc073b1493b66f13f59 |
| SHA512 | 04de8222c04119af0bd07043205059d86edda346311d0aa96ec52cbf646c4ba8e7ba7fb51d3c84e1612c64289314a80e7b38fd57fe6d35a7f8ae962b4ef547df |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | be6f6a06f187663cc43734c74c7b39c3 |
| SHA1 | b84d3bc555edb1510488e96f9588f2e56d681164 |
| SHA256 | a31f129dd3794a5fc1a1dd1a069f3d31e6fb460a6a523abcaddfa25db98af5fd |
| SHA512 | d3c47c3c73b9d9aa482a090a0a0359500cef608f49f4b8870e8822d2b607b543c53dce777791563e6ea88f41ef37ada899222130354a76bf3994c32cab73ccfb |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 50fb676cf16016356e039e44bcc2b468 |
| SHA1 | d845c6c9ef4e6c08586dc534e6ad56f924673651 |
| SHA256 | 0b2d0bf0104f1d6c56a169c9c56169f217db2102a9370f640f8bddfbd43ae991 |
| SHA512 | b8feb72d3ae24f11ef39390c4a5830ad5eb5b018c61ae230cf8a0ee4aaab004b32bd0e9c2524e56a457cfc9dae1807d1e03a043c8c6a3e234749396be05372fe |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | c6cd9e8b33d80dc66d6c9fe776cbe784 |
| SHA1 | 81b9beface689e56298ad558d85a8d44afc864d2 |
| SHA256 | 5a613145b0d0576ac552bc403259676c56e79bfc13da556b41eb7b71b282f22d |
| SHA512 | dcc966c3949eb7e8bc8f4ea1b47d70bfffa0bfee9ac7d3656270e7d870e21e6052f78eabd4ba181be213b6526f6f742e35fa1dc0e1cf95129e3a3ce869d272a8 |
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 0df827ff5a595a41ff0a61a2310f446d |
| SHA1 | e8fa17ad6438c4373169d3e1183326534c5b583f |
| SHA256 | 74476a44bd1a071bb76a1415199bc55f8f7b0a4f26b97b6e6e229dcd5c36a87b |
| SHA512 | 100a192254bd023b2d7e10be7c74980b700468535d680270249910c82c7d3c694778fd6064c5dc39c137191bcfd8ca53a2fd387db0febc85943edcfcf95b76c0 |
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | fd1feb3a3fb981948c438d033ccde024 |
| SHA1 | 17b08c84f39a7543182abf70ca03d18736cb4114 |
| SHA256 | 27f50e2e4a94fe544a3db5034a4f19a9d8e18f4d99f7ca45725b922f4177c86e |
| SHA512 | 0bf39932b70c0b3227d39c6b1ddd30af92d3dbcd35525396ee14811a1577e70e0ddf113db569b46c98f12cb69b78cddf8eeeb0f2f2afe8827060f31b427f1f12 |
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 0a25e4bda9f7c0b69103c1360bc31044 |
| SHA1 | 95dd566ad62190025f671d1cc6f4ec90b1194fd8 |
| SHA256 | b7dc4d00385bed20e4ba2482f62087b3133316f8b739905280fc85b7dbc6c243 |
| SHA512 | a80c350c500d6394376841789d160270f0dd13e349d8157be1f6f7478358896b8a96d59f2a969586e405730f5416e253eae11ac50f4f427959bc9f842d20664b |
C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 1c5b224b8a041e0f7462c05c7c8d79de |
| SHA1 | cd0ff8f8e2928194d014fe4d7187027daaf7b867 |
| SHA256 | 344fe713121ccaa4fa3429ac20ebb1e4574ed0b45f66009ac1eaf3cc0b491893 |
| SHA512 | bdeff2c0d1c89754da97db783d20e20280eeb1c0c8f17238fde47df338caa59f65b1b0085d71d8abaeed00a526bfea810608a14440058313955bfa6498c87799 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | d8059a0a2040bf9766483bd8f1a8c73a |
| SHA1 | 8cb7c8e0e7b167dade75495090a20e9420500c7a |
| SHA256 | f47300dc9b6dd3031ca9c9a1015f80631e16aed9618586c961dd61df05a97cc9 |
| SHA512 | c7571909d9bd2d49ce8234e7775189d88cb0d7dfd816f803bc1a9087ce604b95a00982a75126f7d177d2cba9b6a56de187c0d2a409e9a99a172aa03f87e96efe |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | e3b971d55dfae9a3f706dea05fb56ef5 |
| SHA1 | 777abe1359e31d317f21c8d48c50a5ea904b23c6 |
| SHA256 | ebdc9f3ab95f002684dfb5625c4ee4d60f73d5e1faeb378df435715b384e5704 |
| SHA512 | d48e0e7f46b1ad90f2373d56a3e2d2ca9f3d8cacc5f9b81c526995cab61ed70a120ef1708b28b59da4000f5497c70644b6c744f6cc502239c8ea27e325d2d574 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | f72493633517677037468b7b7c9015b1 |
| SHA1 | e54e066769b78c5dfa29f1680a53fcec2297a13e |
| SHA256 | 4c4de29157c7f5df28369c7fd22efbfa84ac82c07be22410305e9170f3e81625 |
| SHA512 | 1259e4c7422e8efdc11a18d176b5b1e6b9f722673a02e34484a16152baafe1712701bf3d8abde6076fde412e8c73d810fe03338616f0cc320b652489700f0f33 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | bf82ae3642fc11cea044708b43d30201 |
| SHA1 | 10b236fddcbfb125f214ee048b7c502a8e454b72 |
| SHA256 | e2ec7ed7d838b2ed4d3c2b51594350fded0bb45c1c04f1fa2168a1cc2aba832f |
| SHA512 | 9281156e8771ec0294d756028d048c4454a75c7b52dbf0cbbe92994d219bdc19efcfaf05021fba6168833356b0a274ed6e8a17017b1048b25cbf5859d56fd874 |
C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | c4d74d6064a76f6afea73c87cc3a2a14 |
| SHA1 | da8d08b2fdfbd5a356365e144dc84a002e8eea3d |
| SHA256 | defda24e486cf9d5af11edb35f442e625f274ba4c73c021e8af83b64cd8613e5 |
| SHA512 | b16254fc40d4b596a31658f7b38324b737484ee1759f6d4ce45696ee2872400849430fbaf74c3dbda4a30cade357e23a40ca7e01cc3a9f60fedc085f5f9f8822 |
C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | e3453e3b883698448cf6668919145ca7 |
| SHA1 | 798bd03be8fcc367cabf3073c001f0a4501be011 |
| SHA256 | 0d78f784b6e61a3ce7ab91e7da7aad2c26ddf2f431205707b029b05d1402202e |
| SHA512 | aec656bec03a7a8b682f53da8dc8b6e9026f5e4e60bf293f74f714a7c5248666b9f2555d25ae41058bd741868b16416e01b5a324b0cf91b015ff3f76c7e7eda8 |
C:\Program Files\Java\jre7\lib\zi\Etc\GMT.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 43890346b366820c0a98439e9c8b2ba2 |
| SHA1 | 8be77b4d4618e0c11f3bc1d9036241d5ddedebe6 |
| SHA256 | 79086ab2384098bd048c323a4fe84a1fc8ce3e9f1dd05108d2e261f2a29a08fa |
| SHA512 | 78901787d3a2bd715857a34347ffbe19f0f4d93d97198fdf4124765a1c1cb1b805b8742dce8a0828dbaee8bae35dd20147a4a4589f43768f7e74f60ab9a28b9d |
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 90a453ec289c6f215f1557d13810a266 |
| SHA1 | 6bc111f406b912b59b5ee492adc1963e75e84a04 |
| SHA256 | c268e5fd50bf515fff4861930ae4d7c6be1d96a2afaf741bfab2ac9ba983f74e |
| SHA512 | 906a691c35e1020b3b1baef7900f5ffaec793822b7db4c05ca078b3c4af9c1ad0a180ecdc32a3733e56446cab7f8f848343b15072186b51cee529fe06b85f377 |
C:\Program Files\Java\jre7\lib\zi\HST.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | aab9f87ff2409e60830d2f61ed823b5b |
| SHA1 | 358da27240092396618f92efc748a2ded3b5abb4 |
| SHA256 | 77f03553b299552c282e8590393695f8bedab23bd83a3bc05c2eab40de5ca3fa |
| SHA512 | 72bfec4be1846178119aa72d1464f854142ce5f652c42b472af1f02d42e3735dccefbbaa96ea985beeeab0d82defbd71aacd6653caa861350fc3be93486cfd59 |
C:\Program Files\Java\jre7\lib\zi\MST.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | f9a5a6b5ff4c4be3c16bf7efe9c8b63f |
| SHA1 | cc2f6acf28938d8467284933147b6aac81fb13f2 |
| SHA256 | 24ed53788b4ca3c869aa8d468000f0d034b981da5d9cf0575a01f378288f7291 |
| SHA512 | f13dcd6c7f59d3e75275aa136cd9b54db259192ecd3709bd10c858419431792114668b175e6b09f45112de88259517283f66e9cd45ecbef0fbcb7c824a7b1c1a |
C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | f476d7b3436a549fc8dac074551f4081 |
| SHA1 | 54ece3d2c4e66bab2fc325a7f76fe0dc2e15f598 |
| SHA256 | 0ad64cf8d6ba0d81f2cf0f91530c07aa5dcff92b90614aa15ebebaf526c38fc6 |
| SHA512 | a34c35a600a984345694a8917873b85302ab4a85068ca1dcee89c73f3b0f7ce738fdfb9ce353b0ef8dba9c0e7044d1b8fec6e234e9b9304c258d4598734be113 |
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | e654362483babe2b6fe17b397ebcc308 |
| SHA1 | 65489f876219826a39b801db1592a665d0e5980d |
| SHA256 | 096bcf22ae488bc1c175d9a2c3302ef50890fbd408eb4bdf09557e6a9e432922 |
| SHA512 | 22c101667734e42242e5804873e71895a531cf4c1cb6c18f0fb5c54a8a72665dd8779690bd210ecfc1365a35920f94b21589b0acefd98b05f52bdb30d9c7613f |
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | d966818bd824f3d1e7f811e77f74c5c7 |
| SHA1 | 6f7ab09b21148ddaf777f0b3f692c023eca7285a |
| SHA256 | 6d932dedd828edfce66f26fca19949f735d770d5a1c2a2b1012c5911ad2bf930 |
| SHA512 | dd76ba4fcef8bd450031334bbc38b63dc22a9719b25b8cdf7aeff21bb9546c5be31b7ecebeae982365b9f108180726faa40c3a860932504f585984d11c54e2b7 |
C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 5a3fdb4f1f892298c8edd3d4cf8a5631 |
| SHA1 | 3b5c865e140167743edba9f115b723a4aead8538 |
| SHA256 | 23f2218c10cfa214bd6fbf56f27edfdca2639bad811b5baad63610b1040057f3 |
| SHA512 | 20564360ef8824cfc7adc12153bee0aca6f1369cf109765276ec5109c2d5b44c1b166a1bd8bb3e1c47ac9b1d57a6d4635f7f3c46e109c6731d696ba2d646c153 |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | fcf903d4f17d70a0a997cf016480cc96 |
| SHA1 | 0b214a1c10d189d4b251d20bef6d7bc7dc467023 |
| SHA256 | d85820499af745bc3814bbf8e992b536316432395a5b7e6c33c053c746f7c620 |
| SHA512 | eb46341403112d592f0f070211af9f77457e0d4b6a4e4120a265e9763fc7801336c8d51b7bba5fd4d7e1b8f21c93b3d1b6df1d676bc9224935baa3dd660c851b |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | c54603328bd7ce9ce7ead6519319a35b |
| SHA1 | f2cb8c6e8c9df7b453ed5c3c9cde90e0e3b40ab8 |
| SHA256 | 92e1812edd3be5725a2c73b414612e98b975cbdaf944076810536230c16916ae |
| SHA512 | 2fd79960e61149ce7cb83ca13485f9830efc46f8dce4b8ffb0458820ec5d74bce25fb59b23fbd2fec8ff6b9394ae34eb1827af6467aee4b567a794851f7fdb73 |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 206b8a434470c5702a5557843dc667a4 |
| SHA1 | dc55ce1af2b482ad5eed050f31b32a22b1bdaa7e |
| SHA256 | aaee738eecf1655028719beab49e7a72d2898b7e73251118188f48b17823a71c |
| SHA512 | 844a97c667376c6df6b47f95ec97a107687c0a396784180caa70d5b84580600d17b9c179b6ee6edd9deb99a53cb00b9f4f25372580d93730f70841ea7d6f9cbc |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 5fd6efc53fc8bdf727df7b8a4a2f7067 |
| SHA1 | 431382f3a16a53c6c35addfbe7086479bdb1dee8 |
| SHA256 | 94547161fb5532caa1ae1dd630f25310caf1f6e2e5d461c80b1d1c76f1c58c68 |
| SHA512 | fad73c3f01d8b7b179d5e6877c36d2932c76238e8e8f27b620a183fc6fba55d46985961f60ab4b812fd96e9d0de3ed125028bd3fc8a5820a11b794e509532f88 |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 24b271df049e51c900d31f5d395bc854 |
| SHA1 | 0fe5dd1c25588da7ff9e07bd5c3b0bd189c398ae |
| SHA256 | f4bdf329031a4ba0c5b80e825b3497030c62109c133e34ea434e459318b71491 |
| SHA512 | 33f783a749d1560644fad3bfb510bc25c67717bba981212838413ce69fe5a31f517f6b736e506e04bc67c264050036961794fd081ceb9d8fbf49b65f86f90e16 |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 517f6b34d670c9b0f69e50b54c567160 |
| SHA1 | 1272f50c91a73d020fe69cbc03b5c5c9c9755261 |
| SHA256 | e971d9d1476ec4cbd435281ca2bcbb33942c031497da2dbae42a4e97180dc8f9 |
| SHA512 | 6abdf9d1dee4907d71be95bbe8c07cab926a39a74ee22c3f797ca06e16f55a18b6ff727677604ef66482c43b31096bb5e7ce06ee1dbcb1739b77b70a99696fe7 |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | cd15798eeaff35660aaba88b53ad208e |
| SHA1 | dfb8f807f28984ebcece6ee1fb3da196bf29f4bc |
| SHA256 | d5f550dcee83f209e948ca8441b2d57c1447fff0eeb8f8f07466564638babdb5 |
| SHA512 | 8fffaaa92a241c44400fd59bcaa13ee7e8dfac2ec4875537df36d6fcd7567450708675b8084e878841f8bdbebc0402c4e203568bc9d0b336d8ef1212b12b301d |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | c96961341daaf7aed3cabd81ca8d1d2d |
| SHA1 | 42bf211ba53d04f3faeab074b2e7aa06f7b8aab1 |
| SHA256 | ea851454ed5aa6fad7d566ac754dcabcada9d1cfe41f70d8bd4db398f55c47b9 |
| SHA512 | 6077dd1fbffafda62f0833df16b070efd3c2d62c25f25a7db1bf0e1e9d98d61bc46f5ed0cc2c680aab82ee128ea68d465568c384cc7feb9ed9ea950aafe24dca |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 856253f88b4c6066cc08824c6113b71b |
| SHA1 | 1587e5120f4a4e218b7b8b5fc0a8993bb4dc0eda |
| SHA256 | 9d417cc2290a5957b19b6ad147c5ca2bfc1a3264422f3e12beee88f86bafe6b2 |
| SHA512 | 8b11386c1b28edaed39ff2ff0248d4d32bef2d4f695a0b323d6ed064c235408efecb3a1e6102bb72c282f920afd21f688571e183a65a8761684e181641cc7885 |
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 255c39bb9ae3282879fb58aceb7874f3 |
| SHA1 | 196b777b3e7b6a850cbffa1424b070103f3991a7 |
| SHA256 | 671fd0313d482f59bf19d7a3e267c88ec78da5a4350bf9a7b272a3912b87f60a |
| SHA512 | 2c53916438180a0fa37d6289fac0aa8996221d182b674b8aec4cd26db2347a3c4de367c1b9a62caa543f2d0dc5a274e723f916f6217fe89ea747cab4cb6ffaff |
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 597bd1b379a788876f4ca2fb679c817e |
| SHA1 | a5ca9189b612b0524bd5c47672568d3c7ceafc00 |
| SHA256 | 52f7b6a22b3e4d39540d35ed51ecebac0c58986ce505a3151093c12eb7a534c3 |
| SHA512 | f1a8fecaad0f0256dcd54e57228717566ce2cef41844067862e71b1cbcdc60e8be0744b59046be6ed5a535d1a84623e2b118e5c8b1dd446b8028f1ffbd1e93dc |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 41dabf927be1bd9efdd24e1c43ceb3da |
| SHA1 | 71f09cf9674da2d0035ad778332570f634ecc985 |
| SHA256 | 27f7369cf9f9e095a194d60d20625c2ac0eb9d3a67ca7bf48077443d440f9765 |
| SHA512 | e0f3786bec0444c2fe0f44cb91fcadc77e9e30c15ad6f1f28befe7f1c8e8ea9c59102394bde2c7bf2fc1110f22799755b6bd392dba3693301015940343bb2f72 |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | b5882af8a41643d4dd72d0b955673105 |
| SHA1 | 65925fca2c54585c7426f42a8abb27a0038c1845 |
| SHA256 | f3d18f4d56202a537d3b9fc4a2afb020e3057cf754e46be2a82c3a28f0d88d53 |
| SHA512 | 554a1cc3f075f4c9dd29c6a0a15bf36a73cc08aa5eaf16b5f3aa732e1bb412eaabc90e8f243251b294a5f174c1b5643169101720a438f890f15654175a4df8d6 |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 15b32ec7bc56fb2f5fb641fbb2dff343 |
| SHA1 | f51c6b1fed3f7a5a95f796f5d8cb899646d29302 |
| SHA256 | b6e20bdc021052f07b6d7ced7ae46751819e45b9735405e923ee1385f27ea941 |
| SHA512 | 5a813f232489da48da201a73c265bbe2f6d9227ac988e4b87d96ec3d8deba6a2b4669726de243f29db5b7e99d7bb4e85592d49f641f1fb7ce8d04509cf512dfe |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 95d3eacdd9257a1190eb69b71cf5a536 |
| SHA1 | 833e4625692a59631de0a04d98b5f36f36989c7e |
| SHA256 | a9a96feda215a69f6d5ca9def305710855086a70704d604cd291faca85f88615 |
| SHA512 | 4f931b670ff3efaa0e1985b4b3e1e14e54cea83d35e8d5f956a034b14cb2594a952e4e2b6124cbdcf170c1a01181c7a9baf5188c8f616a98bb68b1704c0559f4 |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | f2da97fba54f80f26e6a69d1c68fbbd4 |
| SHA1 | cb3e27abcbc12e48ed38245e8b7f957db5ce6728 |
| SHA256 | a69409248aca362953b729afdfa4a82bb1e8ce524afc526cb80b3cdd65bbeb02 |
| SHA512 | 22a9878b75141e819bb73d78bc493c0ca0607ba8478cc9c45d8cb135aa9e9749f9abcfb0aa45f8f9fc23fdd08a384df6e9ebc41eea5be9d027a9595d5997a30b |
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | d6393881010c0e0ef3f42aaed7bf3bc4 |
| SHA1 | fdaa59b9f47039b667da15d892a2dbd227a17c27 |
| SHA256 | 0a461c4a3022afd93ffef7f79bc36c7479f5e34cf496b8182e9bd7078bd39f0b |
| SHA512 | 4c3079ac13ca452c2b4449e5edb97c73f4c5ef0a544e1440fa794bb94c8ccf01414dbcd1a7089ad27e31172b5a6b9d3a0b34462b6a662fb331c8181ab0a4e99e |
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 8671d248ec26872f0e6c2d8f6643d15a |
| SHA1 | 37d59b84900e4b4d83556e4b44da7c426147c866 |
| SHA256 | 104580f9031647033af0c47143706426a54a018fbcf0047a1903867dd497b6d2 |
| SHA512 | 7222cd63ba5389b0aa61f028544320bf185d4af88d896a0c61801711b46c83cecea88c9d217fc64097717dfb755089dc99a9c0de7b50f99a100142ac0da24dbd |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 1abadc36e49fbfed5629522331b5c641 |
| SHA1 | ce054358a9af21526529de67d561b132940c4ed0 |
| SHA256 | 38a2eeb4c18ec9ef6eea35a5c0a75ddd6ce1b96b339f9145eb87fad804e9bced |
| SHA512 | 149b3254c8062ee4cd01fa7efaf20d548bb6de278d0f76ed8182af9e058e09a9bcf33f49e26cf303648c9fc1c3c4beb6eefe58ee6a24d4d769766a1a6c474a4a |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 6ce00995e6cc026968712722b28faa41 |
| SHA1 | 712d1629792b54ed91b3797c71dc81df710d0251 |
| SHA256 | 729d3e261bdc8ffbec8ac12d0253fee98b5d8044afd3656860dba193a3595c6e |
| SHA512 | 57cf43c865533c3877b4e042bf6e01df7688c2a3eb0a638ba5a2dd72b5caca4b2f126d6340bab35f9f37900b8b545f9e13ef2332dded20b73170da65e7ad1d55 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | cd01eca733548ae1de70272532bf1c73 |
| SHA1 | 9acf3b664718b52541bfff2af93cf9a221323c04 |
| SHA256 | ab028e368315353930fd04e544ee95cce81265efa295205684a614e438f4086d |
| SHA512 | e0f93a624523d9f9db8f5b569a09e8dce9677107b7ad5568bd985c45463e02ebd9830e9b0090105c27caa79734bdb738e4273906308d3e9daf053896c7a76d71 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 391fb4b0687ba59c6c4cd5fe4a565c9f |
| SHA1 | d75eafc142a76ec61d211cbc8c918852a93bc6c5 |
| SHA256 | 7fc90dc5974d33fa1d951984c8d3f5165badc6cebb4ea1388c32e0f0ae20236e |
| SHA512 | d61d8e064a49e0479655681d67e8c6a171f746437a4aba418536f124d283b14c1bbd26381b63effefa397c78c2ee6be19df513540f0738da5597e1364909c620 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 012f40a5ebed1d4ead003d75a698d8b1 |
| SHA1 | 20678b12a56d558af773b847965d984a458ec16c |
| SHA256 | 1dec10c8f62fd9dd93c38bec745c96e869650c53b4a37d47409c3c297520dd16 |
| SHA512 | 31020ab8ad3bdbac697c0552a6e788b3f72910c22b72644c45d0832014f404c1169dc1813e422225a7318af2a3f22dca5d04a03c10cf3de0b714a8ccea00dc27 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 85da91e52fd5f721c6bd818eaa023be4 |
| SHA1 | 3ed92f61c63bcf75d778051aab7cf13f54f56277 |
| SHA256 | 4c8dc1eca0f38321b0f6adfe6c722f14de0ba8729192da255345cc7c5ce11277 |
| SHA512 | f452788478baceaa0eb29a935b794c9153952555f6ac9c594fb2734a8f0432911262b024b36716595cc805b67cb43c7ff5292bb8b1c1f723a01df8b117054a39 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 40d8f83e1390e015c748b7970287df36 |
| SHA1 | e2088cf8217ad2187dbac7b154a3a1edf65c78e9 |
| SHA256 | d9041cea71f2b17bcf25d4d621372617dcf0cabc28e2f0ed58516d9353b4a90e |
| SHA512 | de2c0e00d777c60054fd8e5258a9496d1540692a2a95065665d7bb54ba0b1bc3519107e99e0322674e714d52fed5304a000dfe68a0106f88738a943f51537a9b |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 10c7cc1349a64b4a2810349ca4ea31dc |
| SHA1 | f3c38b0a4bd37bda49826ae4c4b7485a29f35131 |
| SHA256 | 4fdbcf84ff45ada225142952520f61b8b5a82779daf43804e38ff73a09398e1e |
| SHA512 | 71f9ba39c40b276314b946ca3ec55b511fc5c2bd5ed310aa90c3d853cb1dc200fc85f0101eb2791d3d29dcd4e665ac09d6b239cd71fb51df6a0b402475fb0bb3 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 715ab105a2a44d0a5579b2ac0a431411 |
| SHA1 | ee42da2f6d96035460c926a97bbaad56f90e0fb4 |
| SHA256 | aa6a24804329ddb130fd45c1e2fa4446258a9ca5f103055dfdb0d35f207c0f3f |
| SHA512 | 5c28baa0fe01cef4aaad7037946111e4d4cb5629ec3e4d84738bb9a6b4898683b5267d2331c483afeb4b9796e8d62c6172e153908ab7b63d571ce72f478e075b |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | cfaf58989fb6ea3a9a5503067ca8c4e2 |
| SHA1 | 902c09afdf7747eb24de4aaf993a5712df42478c |
| SHA256 | 683688767d47a06ab9ca62f15fc8f884b43e3a774474dcc2ef865c65805584c7 |
| SHA512 | d2341cf053cf7f5e31dfe6c17df76be56fab165cab1cc5738aca5243a5e08015a3d25c359767990168c69c223ae52451bbacb983d1a7de541b693c814b2e69a2 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 4372033d69fe503c099a6401e556fccf |
| SHA1 | cce01818451f6b8282d6a3893c12af84ed2348ed |
| SHA256 | bb53043b614dc6bccd1ca7d34ed0a0955dfc806fb64eda388dae9d27e65f6333 |
| SHA512 | bf58c01438bc974ec024147e6f7af2411f1a3e01ee108423c2969dbe6222d8f535b60e2853aec66a36e7c8f8b6cbcd58cbbeb92ba20097388b4be072a19fde77 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | d9a288dd9263ca5e9a9578b452f417a8 |
| SHA1 | 1aed7a2b06e6238ff27da7a1ea6bf68be3209feb |
| SHA256 | 2d8447b57d27c435cf773d33cb3dee333cf0b9590a2a83b211a0db234cd1b2a5 |
| SHA512 | f4e817086c0003dd4071e7da6322da088308dba94c77ad4ac8a9880a578f4c184bbcef93518121e9f6ac143e34d3b9cdba78dcdb7ee585f130da3f143f9291ea |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 71412436efe6a15d73ecbca05b0628ba |
| SHA1 | 90ece61f8ede3016dbff5240237a7bccf0f05208 |
| SHA256 | 5c66d366d45bee6a36a954f5497a7444e58fa035ef7426ad8e117acf3d08a667 |
| SHA512 | d1e084230e88bf39c830f8b3f2dec3336b737be796b6d2ec8c7e980645be0dc01b9438efa3ddd89a37df4385502bcc210fd6966475d87aa158dfa142a924a0ac |
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | fcb0d972a2da20b5bc7690e6950fdfe8 |
| SHA1 | bba0b24ca573ec11d9cf5b313cc9d2f59e51ecff |
| SHA256 | f4fd9375faf9e4971aaf19efdedd89bc1686019f223b36dff03f33ff16923a14 |
| SHA512 | a6575b08e6b1143f5ac02c5d6a4dfc741c5b40fdbb8b336b05a1ec297cf835c523ba7a65112aa01486594dd60b5308eb0a0970c10d26d28f16f353524e65727d |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 34e4fbbb875c60240dcbc17878e0298f |
| SHA1 | b03713e46a96af47587e52680dba753bf588c683 |
| SHA256 | f91161f223ea343ba47ee4dd5d94918b8dfad471807ff01f9e5be8870836eadf |
| SHA512 | d9e8f3c0e68dc65a6640f846e22cd616d395a931c74d6e0932ead86f266b5e6e775442cfd50c0561ba8bf4bed4c07fe06d3031dcb71e2d24d5ef14d87e79bd1e |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | d70a97a211bfa336274228257dfb6b37 |
| SHA1 | 9b802fadf3e2b31b22afd27d2d854b17cc310570 |
| SHA256 | 5ea3769a4f8f8dacaffb8c2605dbb508d6f51f4954eadfe8e917038d38f97e3c |
| SHA512 | 2202b100bd0268c36517bb05d7e56a16b2536ee6a6cac0b5fc25f655010ff14c7f00787b5c74a551078b86a438c1bb82d9218e29d9bda0d8ba4806db6ac1792d |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 53b2d59a96cbde8b05e5ca7250ebd4c1 |
| SHA1 | 6b43b8513c5e2f2008c92e308922ebd814502f12 |
| SHA256 | 4c5f950569a3740fc75184566ecb139f0a46974843d87cfff318a8f643092958 |
| SHA512 | 55670b6a554856d33899ba2a52839be4f38eb818e588788da97753bd78b8964c1cd1795f09efb2083200502a299692cfb1dbbd7f4acc794619d7f0687fb7eaca |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 4d2703d7b5d179f74a9f7607809b5706 |
| SHA1 | d3b118f6dfb442470ab7096ef8f8c2eec8d14668 |
| SHA256 | 10675f41caee6513341cb49d56a75f8bc45f7eccb0bb0e2fc09acaa0c6762549 |
| SHA512 | f59f85b71991dcbfe43acf2bbbdb1613be390b32584c234b66501ff81027085127bbd416526725b36a6a65873406ef79a6c7684f80db067be4275a63934c03d3 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | 0d233702f3c728b216c4bc727dc2fe13 |
| SHA1 | edaac14efa64dbcbef49aceb9b0d4c1306b9f35f |
| SHA256 | b08bdbc97b05f02a5095182f855c115030bbb1671a9981658e08be444fe78f24 |
| SHA512 | 036619bca6237055b4e22e00e3b47f753d2dae15facaa91848c6208903fd07d8d347f59fc2e751aae1807bdcca0b167f124d0f9f93674d0b90f46bf49cc382d0 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | e58a0b942ad1b465b551e1c9b1034cfb |
| SHA1 | 445897a7d6fd9c53c34d8d171550d2361292ac03 |
| SHA256 | 094453b6bab4d5c11fb502a1bf13639d0dbf8e6de5b5452aacd14c9ed7a3f24c |
| SHA512 | db8d6c9956b6148ece4cc9b6d15b66b181cb93b2b70520bf7368535ac5681a38967718362da4ccb9cfbcb7024f560c2862f00a29241efcaee27165619123786b |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.key-CGVLWKISXARN.0xcf5060c6febdc
| MD5 | d278378b6a5b5942e27684adf90c382d |
| SHA1 | 9b2f1bdf8f5e891fabccb4c3a2594e237f758e47 |
| SHA256 | dc932c2bbddc19dcf801a9498fe491832cfe7bf1e2c1ed6cf7401879557a159f |
| SHA512 | 63d2775b7000c9ad6f4057715b5472f33de534d6d843221cbc190fff94f9ebfadca79c84ac246a55956bb6c0d2d7f1ab3dc4d033b120d1e48079f73283ae2bb8 |
memory/2628-6416-0x0000000001CD0000-0x0000000001CD8000-memory.dmp
memory/1988-6417-0x000000001B610000-0x000000001B8F2000-memory.dmp
C:\Users\Public\Del.cmd
| MD5 | ec6f5056a81f8cd0039405e8539aff7d |
| SHA1 | b141d0bc1c2a4aea92fb7cda27f084a357060ecf |
| SHA256 | 46d324eb3c936dfd8b446dbb637e4eb9d49f9c187d236905a4877947c09d76cd |
| SHA512 | 8ffa6bc23234180e574e17ff7a0beadbc37c7a4a52e00fb68eec6b63f21250488d109b5009d4ee267b75d093ff51a5ee29249aef7eaf67072dba866e2e2bc3f7 |
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-12 12:39
Reported
2024-11-12 12:42
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Clears Windows event logs
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
Credentials from Password Stores: Windows Credential Manager
Reads user/profile data of web browsers
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PREVIEW.GIF.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso20win32client.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\svgCheckboxUnselected.svg.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\css\main.css.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Media Player\wmlaunch.exe.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\javafx-src.zip.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\PREVIEW.GIF.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RDCNotificationClient.appx.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_ko_135x40.svg.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\xul.dll.sig.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\af.pak.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Photo Viewer\uk-UA\ImagingDevices.exe.mui.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\fillandsign.svg.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-il\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ru-ru\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBUI6.CHM.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\msipc.dll.mui.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Grouping.Windows.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Defender\fr-FR\MpEvMsg.dll.mui.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\ja-jp\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\selector.js.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-gb\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Media Player\uk-UA\wmlaunch.exe.mui.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF.key-GDLTVRKEKXFD.0xc1cde648bdc03 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
Browser Information Discovery
System Time Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "HKEY_LOCAL_MACHINE/SOFTWARE\\Microsoft\\Speech_OneCore\\AudioOutput\\TokenEnums\\MMAudioOut\\" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\de-DE-N\\lsr1031.lxa" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Haruka" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.0xc1cde648bdc03 | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "en-US" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{0CFAE939-931E-4305-8D05-8C76C254EB34}" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Julie" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "MS-1031-110-WINMO-DNN" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "11.0" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Has seleccionado %1 como voz predeterminada." | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "5233694" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\lsr1033.lxa" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\es-ES\\sidubm.table" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Paul" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech SW Voice Activation - French (France)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "16000" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{06405088-BC01-4E08-B392-5303E75090C8}" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "CC" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\es-ES-N\\L3082" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Hortense - French (France)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\ja-JP\\M1041Ichiro" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Male" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\c1033.fe" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\r1033sr.lxa" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "11.0.2016.0129" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\ = "0" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech Recognition Engine - it-IT Embedded DNN v11.1" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\ja-JP\\VoiceActivation_ja-JP.dat" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR de-DE Locale Handler" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Zira" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR fr-FR Lookup Lexicon" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{15E16AEC-F2F0-4E52-B0DF-029D11E58E4B}" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech SW Voice Activation - Spanish (Spain)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Voices\\Tokens\\MSTTS_V110_EnUS_ZiraM" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech Recognition Engine - en-US Embedded DNN v11.1" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\it-IT-N\\AI041040" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\ja-JP\\VoiceActivation_HW_ja-JP.dat" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\CortanaVoices\\Tokens\\MSTTS_V110_enUS_EvaM" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR de-DE Lts Lexicon" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "L3082" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Laura - Spanish (Spain)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\ja-JP-N\\tn1041.bin" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{14E74C62-DC97-43B0-8F2F-581496A65D60}" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{179F3D56-1B0B-42B2-A962-59B7EF59FE1B}" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\MSTTSLocenUS.dat" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "MS-1036-110-WINMO-DNN" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Julie - French (France)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Elsa - Italian (Italy)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR ja-JP Locale Handler" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search\ = "0" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Katja" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "spell=NativeSupported; cardinal=GlobalSupported; ordinal=NativeSupported; date=GlobalSupported; time=GlobalSupported; telephone=NativeSupported; currency=NativeSupported; net=NativeSupported; url=NativeSupported; address=NativeSupported; alphanumeric=NativeSupported; Name=NativeSupported; media=NativeSupported; message=NativeSupported; companyName=NativeSupported; computer=NativeSupported; math=NativeSupported; duration=NativeSupported" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Helena" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR en-US Lookup Lexicon" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "spell=NativeSupported; cardinal=GlobalSupported; ordinal=NativeSupported; date=GlobalSupported; time=GlobalSupported; telephone=NativeSupported; address=NativeSupported; message=NativeSupported; url=NativeSupported; currency=NativeSupported; alphanumeric=NativeSupported" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech SW Voice Activation - Italian (Italy)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\ja-JP-N\\c1041.fe" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\ja-JP\\M1041Ayumi" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Spanish Phone Converter" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe
"C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe"
C:\Windows\system32\cmd.exe
cmd /C "reg add HKEY_CLASSES_ROOT\.0xc1cde648bdc03\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,47 /f"
C:\Windows\system32\reg.exe
reg add HKEY_CLASSES_ROOT\.0xc1cde648bdc03\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,47 /f
C:\Windows\system32\cmd.exe
cmd /C "iisreset /stop"
C:\Windows\system32\cmd.exe
cmd /C "NET STOP IISADMIN"
C:\Windows\system32\net.exe
NET STOP IISADMIN
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 STOP IISADMIN
C:\Windows\system32\cmd.exe
cmd /C "net stop WAS"
C:\Windows\system32\net.exe
net stop WAS
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop WAS
C:\Windows\system32\cmd.exe
cmd /C "NET stop MSSQLSERVER"
C:\Windows\system32\net.exe
NET stop MSSQLSERVER
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop MSSQLSERVER
C:\Windows\system32\cmd.exe
cmd /C "NET stop \"SQL Server (MSSQLSERVER)\""
C:\Windows\system32\net.exe
NET stop \"SQL Server (MSSQLSERVER)\"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop \"SQL Server (MSSQLSERVER)\"
C:\Windows\system32\cmd.exe
cmd /C "net stop MSSQL$SQLEXPRESS"
C:\Windows\system32\net.exe
net stop MSSQL$SQLEXPRESS
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS
C:\Windows\system32\cmd.exe
cmd /C "net stop SQLSERVERAGENT"
C:\Windows\system32\net.exe
net stop SQLSERVERAGENT
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop SQLSERVERAGENT
C:\Windows\system32\cmd.exe
cmd /C "net stop mysql"
C:\Windows\system32\net.exe
net stop mysql
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop mysql
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlservr.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlservr.exe /T
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlceip.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlceip.exe /T
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlwriter.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlwriter.exe /T
C:\Windows\system32\cmd.exe
cmd /C "Del /S /F /Q %Windir%\Temp"
C:\Windows\system32\cmd.exe
cmd /C C:\Users\Public\Log.cmd
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" el
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl AMSI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl AirSpaceChannel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Application
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl EndpointMapper
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl FirstUXPerf-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "General Logging"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl HardwareEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl IHM_DebugChannel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS-GPIO/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS-I2C/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-GPIO2/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-GPIO2/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-I2C/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-I2C/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceMFT
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationFrameServer
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MedaFoundationVideoProc
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MedaFoundationVideoProcD3D
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationAsyncWrapper
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationContentProtection
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDS
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationMP4
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationMediaEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformanceCore
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationSrcPrefetch
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client-Streamingux/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-AppV-Client/Virtual Applications"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-SharedPerformance/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-OneCore-Setup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Admin/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Agent Driver/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Agent Driver/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Analytic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-IPC/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AAD/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AAD/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ASN1/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-All-User-Install-Agent/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AllJoyn/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AllJoyn/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/ApplicationTracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Internal
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Deployment"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Execution"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Diagnostics
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-State/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-State/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppSruProv
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeployment/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeployment/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Restricted
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ApplicabilityEngine/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ApplicabilityEngine/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Steps-Recorder
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccess/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccess/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccessBroker/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccessBroker/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AsynchronousCausality/Causality
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/GlitchDetection
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/PlaybackManager
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUser-Client
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHPORT/HCI
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHPORT/L2CAP
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHUSB/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHUSB/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTaskInfrastructure/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Base-Filtering-Engine-Connections/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Battery/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-Driver-Performance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-BitLocker/BitLocker Management"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-BitLocker/BitLocker Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-Bthmini/Operational
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-Policy/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheMonitoring/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-CAPI2/Catalog Database Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ApartmentInitialize
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ApartmentUninitialize
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Call
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/CreateInstance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ExtensionCatalog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/FreeUnusedLibrary
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/RundownInstrumentation
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Activations
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/MessageProcessing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Cleanmgr/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CloudStore/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CloudStore/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Compat-Appraiser/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Compat-Appraiser/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-BindFlt/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-BindFlt/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcifs/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcifs/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcnfs/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcnfs/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreWindow/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreWindow/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crashdump/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-BCRYPT/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-CNG/Analytic
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DSSEnh/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-NCrypt/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RSAEnh/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAL-Provider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAL-Provider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAMM/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DDisplay/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DDisplay/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DLNA-Namespace/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Data-Pdf/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DataIntegrityScan/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DataIntegrityScan/CrashRecovery
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Scrubbing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Defrag-Core/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DesktopActivityModerator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceAssociationService/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceConfidence/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceGuard/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceGuard/Verbose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUpdateAgent/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Devices-Background/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D9/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3DShaderCache/Default
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectComposition/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectManipulation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/ExternalAnalytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/InternalAnalytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Cli/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dot3MM/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DucUpdateAgent/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-API/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Dwm/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Redir/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Udwm/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl-Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Contention
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Power
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Application-Learning/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Audit-Regular/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Audit-TCB/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ESE/IODiagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ESE/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-RasChap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-RasTls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-Sim/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-Ttls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Energy-Estimation-Engine/EventLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Energy-Estimation-Engine/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FeatureConfiguration/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FeatureConfiguration/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Catalog/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Catalog/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-ConfigManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-ConfigManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/WHC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/BackupLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-EventListener/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-EventListener/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Service/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Service/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-UI-Events/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-UI-Events/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GPIO-ClassExtension/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GenericRoaming/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HelloForBusiness/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotspotAuth/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotspotAuth/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Log
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-NETVSC/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-VID-Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-VID-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IE-SmartScreen
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-Broker/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CandidateUI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CustomerFeedbackManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPAPI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPLMP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPPRED/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPSetting/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPTIP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-KRAPI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-KRTIP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-OEDCompiler/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TCCORE/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TCTIP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TIP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPNAT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPxlatCfg/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPxlatCfg/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IdCtrls/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IdCtrls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Input-HIDCLASS-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-InputSwitch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KdsSvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kerberos/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-AppCompat/General
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-AppCompat/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-IO/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-IoTrace/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-LiveDump/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-LiveDump/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Pdc/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Pep/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Configuration
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-XDV/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LimitsManagement/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LiveId/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LiveId/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSFTEDIT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/DMC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/DMR
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/MDE
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-Performance/SARStreamResource
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Minstore/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Minstore/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mprddm/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ncasvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NcdAutoSetup/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NcdAutoSetup/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NdisImPlatform/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ndu/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-Connection-Broker
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-DataUsage/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-Setup/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkBridge/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvisioning/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvisioning/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkSecurity/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkStatus/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-RealTimeCommunication/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/WHC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLE/Clipboard-Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-DUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-DUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OcpUpdateAgent/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneBackup/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OtpCredentialProvider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Partition/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Partition/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PerceptionRuntime/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PerceptionSensorDataService/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Certification
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PhotoAcq/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PlayToManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Policy/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Policy/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Power-Meter-Polling/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintBRM/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService-USBMon/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Privacy-Auditing/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ProcessStateManager/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Developer/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-InProc/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RRAS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RRAS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RadioManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RasAgileVpn/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RasAgileVpn/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReFS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Regsvr32/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-Rdbss/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-Rdbss/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResetEng-Trace/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RetailDemo/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RetailDemo/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Graphics/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Networking/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Web-Http/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-WebAPI/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime/CreateInstance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime/Error
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/HelperClassDiagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/ObjectStateDiagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Netmon
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Audit
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Connectivity
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Security
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBWitnessClient/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBWitnessClient/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SPB-ClassExtension/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SPB-HIDI2C/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Schannel-Events/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdbus/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdbus/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdstor/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SearchUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SearchUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecureAssessment/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Adminless/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityStore/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Mitigations/KernelMode
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Mitigations/UserMode
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Netlogon/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-GC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-UserConsentVerifier/Audit
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Vault/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SendTo/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sensors/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sensors/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Serial-ClassExtension-V2/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Serial-ClassExtension/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Servicing/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-Azure/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-Azure/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/VerboseDebug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupPlatform/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AppWizCpl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/AppDefaults
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/LogonTasksChannel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-LockScreenContent/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-OpenWith/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SleepStudy/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-Audit/Authentication
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-DeviceEnum/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartScreen/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Audit
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Connectivity
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Security
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spellchecking-Host/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SruMon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SrumTelemetry
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Restricted
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Health
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Tiering-IoHeat/Heat
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Tiering/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageManagement/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageManagement/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSettings/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-ManagementAgent/WHC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-SpaceManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Store/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storsvc/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/PfApLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysmon/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-System-Profile-HardwareId/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsHandlers/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TTS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinAPI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZSync/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZSync/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Maintenance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Tethering-Manager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Tethering-Station/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Threat-Intelligence/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Time-Service/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Troubleshooting-Recommended/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Troubleshooting-Recommended/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UI-Shell/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-MAUSBHOST-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-UCX-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB3-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBXHCI-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBXHCI-Trustlet-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UniversalTelemetryClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Usage/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Device Registration/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Device Registration/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserAccountControl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceInstall
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxInit/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VIRTDISK-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VPN-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VPN/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VerifyHardwareSecurity/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VerifyHardwareSecurity/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Volume/Diagnostic
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Public\Log.cmd
| MD5 | 6a2f870841e0126632f5b9bf0d000d6a |
| SHA1 | 51689e26641f0eb054cd90553a21a472a2e79148 |
| SHA256 | 4bcbb565ad2fd05a4fc458cd68254853cbcbf5749beffccb2b1e22b8a53ecb2f |
| SHA512 | de089c5d2dd691c64e38bdc82a2a5266e65cf8f9fc40e2d60ecded7a775922ae5100cc406f09346fbaf402fc1fe3074ca29ecd64119f7c490381aee72780bdb0 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_44jvl4e3.bzl.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1852-14-0x000001C9C2330000-0x000001C9C2352000-memory.dmp
memory/4832-32-0x000002A1ADB70000-0x000002A1ADB80000-memory.dmp
memory/4832-15-0x000002A1ADA60000-0x000002A1ADA70000-memory.dmp
memory/4832-50-0x000002A1B5D90000-0x000002A1B5D91000-memory.dmp
memory/4832-52-0x000002A1B5ED0000-0x000002A1B5ED1000-memory.dmp
memory/4832-54-0x000002A1B5ED0000-0x000002A1B5ED1000-memory.dmp
memory/4832-55-0x000002A1B5EE0000-0x000002A1B5EE1000-memory.dmp
memory/4832-56-0x000002A1B5EE0000-0x000002A1B5EE1000-memory.dmp
memory/4832-57-0x000002A1B5EE0000-0x000002A1B5EE1000-memory.dmp
memory/4832-58-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-59-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-60-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-61-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-62-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-63-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-65-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-67-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-66-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-64-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-69-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-68-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-72-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-71-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-70-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-73-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-74-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-75-0x000002A1B5F00000-0x000002A1B5F01000-memory.dmp
memory/4832-76-0x000002A1B5F10000-0x000002A1B5F11000-memory.dmp
memory/4832-77-0x000002A1B5F10000-0x000002A1B5F11000-memory.dmp
memory/4832-78-0x000002A1B5F20000-0x000002A1B5F21000-memory.dmp
memory/4832-79-0x000002A1B5F70000-0x000002A1B5F71000-memory.dmp
memory/4832-80-0x000002A1B5F70000-0x000002A1B5F71000-memory.dmp
memory/4764-89-0x00000186F2740000-0x00000186F2760000-memory.dmp
memory/4764-116-0x00000186F2A80000-0x00000186F2AA0000-memory.dmp
memory/4764-104-0x00000186F2700000-0x00000186F2720000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\VJ4UBUK8\microsoft.windows[1].xml
| MD5 | fd8dd34b110691be30e7dd9a85980568 |
| SHA1 | 5f5e4ffb2b8d424180304c5b311f6a81303cc349 |
| SHA256 | 5f1332f3a97608019bec2a06069701e49e123074aa15a0e4eabb766e2c082c17 |
| SHA512 | 188e93127748f8e1f0f0bc625462bd13f615ac96ffefc0531df894e8c44479a2267aafff2fe84fe6c5c68b57d5d3667169383d1a36066e3756865fb5f4206eff |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
| MD5 | a85103cd820360e5d061373112ede58f |
| SHA1 | 77522693324a9ac16c2bf436cd4bb5b0ce47707d |
| SHA256 | dd326d2351e65bcfb7cc116a14664532a7f9cc4f3340b63d666b51ec1ffc5d8d |
| SHA512 | 00011de54e94ded71b4bf178b5a2c276f25f47bffcca2ddabc427fb73735f04a7700c6d65a596c85eb519fde3edf23b26d44c6cb8fa0005bdf0aba43013bf518 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133758888105834385.txt
| MD5 | acaef159923856ea5385473680463f1a |
| SHA1 | 8c961466b14c2070162ba4c62e1a6a7bc125adb6 |
| SHA256 | 43c06c4ece982a6d6257b4edb81f99761aaa6da3900bb1b3960a76796044d7c8 |
| SHA512 | 5a2ce71643926da5478125474593fb0a814025d4a09c29f96ca7735b4a7cc27d7e039d04831928ddb56b1bc820fbe36cf283c513a9c47e75050a2b1239ca3edf |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
| MD5 | 6995ba55e193b97ecd12de12bd40faa7 |
| SHA1 | b935b51a5ad2b3fe18d798ec345d1c958e7ed2d5 |
| SHA256 | 6be760b3f7a6c75cdda41413a869912583fa8a85e39284685810522bac30eb6b |
| SHA512 | 357e2a35efc6ef2e4f98a66677c51b7ea20bf17548feadc4ff0932ea39b681fc13d9a7f4da168e986132e5f8e688d54850fbeab1b55ac4089860ad76e076f3d2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
| MD5 | 5f8ed1b2e05f4654943d688e99c8eb7a |
| SHA1 | 31574ff8a022c6e96d3b406e51fbb7c02f0163cc |
| SHA256 | bfc111eeeb5090a11caed8d2cd71caa985ba8208fbc2ff60d3da97a6f3555391 |
| SHA512 | 0ec4f4c498552cb29686c155fbb8784c47d925b3eaadd005d20a4b1ef9e7c091b4ed4368694702d0bdb7ecd55882b94871207fe581af40bf5eb83b731e38a086 |
C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 869564798e053885404f0bea336cc743 |
| SHA1 | 9de398d1c4f7c9a795d1413cb113e873eab91a0f |
| SHA256 | 99acee41993bb552942f6db66200af0a3634c593b2af5c746f5d2bb85ddaf14e |
| SHA512 | 46db3d27ef140e2a0a616647f87dd0a2f576c57dda984a6e8fa3c39935a8bb6453fb8a9903edf8b654e17e6140798cdbe3f7bf990b00c7ddff73e45d4247fc86 |
C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 8eebf91ada2f41cc15e2838ec6ed77dc |
| SHA1 | 909760a59d6f3e7f6cdc3f1c5b1178d316961a56 |
| SHA256 | b0853893c8984f2b6f0ae9344c1514a7fd4f35eb91b79e7f3682ff4c16145319 |
| SHA512 | 3607d812cab26690d0597fe7e9a6f8729d059b292a39ac10d5dca51ff9fc24d443a1098e668f44cd4c59bb365ad2c89bc6bb50c33116094ac39cfad059da55f5 |
C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | b04abd16c8f95e9d8d9b0dbcc69f8e47 |
| SHA1 | f786f280736c58120f2ac08442e0fc89dda0646b |
| SHA256 | 2f8b974cef885370f12058e07b44f8ac929aef0d148bc7780dfac18755a12f6c |
| SHA512 | 15df7f81abb1f523510dec83fc3f142e1ef062b68628ad47a8027eadc1dacf74dc5fb07a56a1b06988b34f65000077fb96dbcf1b79d8177dbe53c71c9ef2246b |
C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 14f405342d3ba6b4af5a603ca7d94932 |
| SHA1 | 8b558e83c22fd305f283dabde13c3ccaabedabc6 |
| SHA256 | 7539063afdcd2e8847e356257a0558880dd9f6056555d57b35fc05f57327e68b |
| SHA512 | ad97c572a2063b40c96007fa7257fc1e964e554def92310cdad33f5ae01e5efc5468d52746e19c6ec1572ece3c0683188eb38f85786ba1d00cbfb1082aac221e |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | bed2c8d80e5af2b3767ff3f24c451dd5 |
| SHA1 | b0778ec6c07ebe5b3d2c8a8b42ee5ac2c66a25cb |
| SHA256 | 295721d379c602e76f89f54a84e65846cffab3c6242da10b3e58dc8424b159cb |
| SHA512 | 634ecfa786d9ed2be684dad3e73ad3f493a3a0e55b9143b1cbca51ba5fe03c3093cde516d77a86cda26e967e850a8163f6d0425c10313d16db51efd6fe9c618a |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | c8bdb7451b776069a5d2ae92a5c82006 |
| SHA1 | 4d7fa17d9043ab3547ac8dab10600b430586d265 |
| SHA256 | 4d746412950b914561c704414e79003a11cb74292ee3c56892c005c71236e0e0 |
| SHA512 | ac0804c8fa47c56d4a2ad2bf3d0d0268691db6941df0014cc5ac5be09e7ec6fcae87f3ff0ae4bc0e1e4e95bb74550d9bf97e52dd6245b61065c918a32ac7d576 |
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | b886d9a16b7cd67a75641dcbe4de70bb |
| SHA1 | 88c0a6c8e786d8ebd5b3c9ec235afa653bca9e2d |
| SHA256 | 9a48edbacbbeb031852a110d6130625164c77c1a57bfb7fdb25af383dea1de7f |
| SHA512 | db4e2672305dfec0038e9f9f1ece251aca42dc3da91b61b27a87e73e0276ec5ca991dfc9397033536c9b70d4040eb27a2ca394f2f5c1d3c1f2bfccc6e087a0e8 |
C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 1acaf9f59db4a3cb3d3ac35e6cfa87ac |
| SHA1 | 8cbc3f8f807cd60512a8a3c9340eba7da5a08a5f |
| SHA256 | 759c07cd9a6a7695ee34a69bb78cb60b535ed11d0ca957a4dc21dea3e083a833 |
| SHA512 | eb26fd43772fa9705f9c5e6ee16827140a97172edee8be606ecdf6c8105d6875e66fcc2fa6bdd64be88611944944896382bd007bc63ec7bf48c2866d96817de9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 3ea1aeebc2c2e10d9e017ebb1a47a9c9 |
| SHA1 | 72c2cbf96409f3ccf425e2d63c286cfc3f4ec667 |
| SHA256 | 97d26b573565d4f5778d6cf7dc08a916f7d061113f05d32ddc66ec404f5d9035 |
| SHA512 | 40249060629fd7ec01fa4bf717e43f2068cd065697c0b1cccfe23a1ba1574342037b16d25a0665ea35d01cb0342e0b03789ea0850ce9ab41090adb0426141a43 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 7456c5205940b5b324fea5221107b90a |
| SHA1 | 77dbe7fe68b9ed8f81c2d199d39af351e155a1d1 |
| SHA256 | 3f830414f7ca5a3a53b237c075670594c00089ccf58840afdd319b3016d5e27b |
| SHA512 | 9091d9c821c5ba3cbd483e77f89396a0e060e457fb841eb74e7c783ca3af1713ce0ef002de02413ef99e61b3a634efc7e622053e43ccaa14257e081dc65e0c5c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 3dd7695b7a48966985d0c250e5d4a9f8 |
| SHA1 | afdb2e425157200ab6ac6e701e63502e2f626c38 |
| SHA256 | 7628994e6eb09b435b398eecfc946bd0bee54ddab40a6c0c50ac2da13644654b |
| SHA512 | ecc58ed6dad2f1dc430b1080e1bb89504f675239e83d28ca6fc2b2373d281215ee66dfdd2c6677fcac82292f30b85f78a36b3a3904e39151027852fcb30411ac |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 16efaacc07c9dbcf4151e4e7633605b5 |
| SHA1 | 28e9e81f4942b6521036b1d81a567e4beea224e0 |
| SHA256 | 653548c1ae0ae8426dba7c3c354c7b3b244e58741e6ebda5f636150b3676c218 |
| SHA512 | 6c941d2024a77177ad92730fc8c52fe6db0468c4925c06ee3fab38d848f04c4734b427d580c0776477ec6aef106fbd5351130aa54b3ce372baa79d03be43fea2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | acbc97eca2da7c28cdd8b6982900b3c2 |
| SHA1 | 692a67f25418330ec0bf0fbaea30ab4c6438029a |
| SHA256 | ab6f8e491f96ad45c606da70029ca48ee1e425b8f06d1b8461ac169a03e039f7 |
| SHA512 | d5f46b2c56fdd8c74009f9a774cc6b8421f8de4ed1e5fe044b0f73296015255f7a50f75cffa002220bf056a2001a031dee32637ad3c12db5ba26e58fc3733c42 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 9918e2b9676e0d75567efeb76f257054 |
| SHA1 | ffe9d8f38721f1ea78c4c89d556527a5053ffea6 |
| SHA256 | 4dd60eececc1340008d868a65d9b3e96a0af9aac37c4a036cd603c4d1f49208f |
| SHA512 | b9d6319c16f6819e42ba75d64e9852a2281199e94518eaebe64b1339d46bd0bf8a6cf3d905031fa03061a2a3656047c8f6639601d7a1911b31039e4cf71421aa |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | af392e620833e0e8af781c2689a2a0b0 |
| SHA1 | ceccd82cad1abbb854c9013c5d34fdbb762fbb9e |
| SHA256 | 4508bcf09fab9ff070c631b070c3c2cf24a26d8a063bf3e65937dd5796823954 |
| SHA512 | 0adc72ec7361eafc5e5a1f9807e8f1df7cc018ab5dbf28437cc41964cf831b11ef2c7406cd55b66b1285899097cba472201d35c60d8ad70becff07b1a73b0e1f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 3f8df00686c724ce86670bc19559b570 |
| SHA1 | 97571df2588fba35c3a7579f42c69589c93cf18c |
| SHA256 | b195d589572c0cda0b79f6c061256e1479e7c283f5dba066de5279bfab92fe96 |
| SHA512 | efac0b7f83c1ee735256b45cf231bafa08d21b6b05e0b2ae10480ab5b0d5c3936da83f63b57f7c1be17345c4adb3bd95c205ffd7b47184620bf50050857e4d73 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 828ebae8e40ce1fe4b13d8f9acbf5342 |
| SHA1 | f993812171b5df1b52574f5c42b49dc23f4b55f5 |
| SHA256 | 4377adde326db4bfaaa3f56e3c223a368de173c3103bbf1c7d5e1d1baaba7faf |
| SHA512 | 1788ac42ed9df96c5a5240785c7ff7bb38e95b721498874856c83e8ff8d0e83f04e18f71184e6eef5fac6ff509ff221446c7ec36aae4193b9e1b443891e13b29 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 9c5f0b9031f189d3b0a680d1c52da6be |
| SHA1 | 8c33b5f76a9c6187ebc1422875e7c9eb8ffbf24f |
| SHA256 | 2133b0b9cdc929706fbcbfaf04eda78fc54230e53ac2551d1e4702ef264bcdc6 |
| SHA512 | bfad5cb1f8f129a0af25485bf8b777d093bb1d7fa384b8d45d9642a6939ba851005104f2493bd9deb8f6acbe55a75ca12d14555e106eec024fb48ef824d22227 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 46708c8fefcce3ac21e06cbc52c6726e |
| SHA1 | e1b79726266e8fa799f137a77a098de9260b582c |
| SHA256 | c3e634f942ed0184827c02e1338a70179e605ad93226fa7df01783cebcd02bbe |
| SHA512 | bb78dfdb80a01bc9c78df568b4caab8f205d5cc0fdf6d6fa483b35e326fdf6573ea6579586a0ab3a0eaa1409c0073a58bafc414af9af1ca6a7c4b2a346e2da63 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | e45e45bc0ccfb607dc60029547a1e767 |
| SHA1 | 6cd00c75f3062a2c649d4d03deb93373e1da2799 |
| SHA256 | d90ac7b52d0132d1fd9ce9811e287b644623606122b9cf34c3cd38f2749bd4f1 |
| SHA512 | 50765cce0054b992e2f6ab302b922d47b3444b348385bd0cdc564bda300524050e2c16afcf15d513050fbd20b035f06ffdb2b392e984d358ba91c513b1ca4084 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 2592f2cdbf580c8742230e0f68671cf5 |
| SHA1 | 698954580bc0bb1703285dc2ef133d798becbef0 |
| SHA256 | cebf43161097f1bf3ad1bdf9ae7f0278e84644065c2853fdef692b5fdc8d0e1e |
| SHA512 | 278d27c5967209c17a527cb7e129fb4a1c555259fe03a49e0a874100e0f36258bb42c7975311977f25d7782551882902ebdd539469dbd10f9c8d67b15d9f2dfe |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | b7693656ad7d8e7e8f75684482868691 |
| SHA1 | 28955497897ff19f8cc65ee3d88a7e162a3a4974 |
| SHA256 | 25be5dae27157c88c9767bedffda995882c11837145639501b8366b917b26d7e |
| SHA512 | 151fbd66592a35707735f5433597709e4f5bbb91e72948a238cce08706e3bef6f47d851bf489c6f9429b457b6bc3058dea31dd892dd0e0c657ac02da333a8074 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 2ea6e521f02d3317291c7d8bc8e7ace3 |
| SHA1 | fd0a96ed6dd6f10f5927bdc27aac539ba5593b38 |
| SHA256 | 413a38138fc0c195e98c3e851d2cc5f58502c73db761c45424d44d2dd4af272d |
| SHA512 | 6eed6db78e9344e3dae37200956ba235b7fb3e64953077b26a061fd89689502763ae9ccf2f5056ba4adbcfbbc54b2ba16618c2c6def11ab2dc1a67612c9aeb1d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 294dca633e67fecd0623456bb04cfabb |
| SHA1 | b0ddec972da279c2293fde3ee814edf37cb8bed2 |
| SHA256 | 839e0cc5b6c5273c55ab7cd2f37d12a10e3e4de6eb42ab805088032b1f4dce4a |
| SHA512 | 5163e076985688b1aa8a5a2bb7da84fe03a64b1229b64a0d3fb67db6fa66ea46489caecefd5824b9b6009002c6731b615e7827e2a85d6c2dc16e14fa3f781d80 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 55fae6d156c9eb9e1ddf4d1f31751eb3 |
| SHA1 | b4575c8b60bd8402ab4d1bd16ee24fc70280ac5f |
| SHA256 | ef0d58859833c41f86e571067d85de47e807d308e6ac9e5da986c92b0c3e171d |
| SHA512 | 82ea5708fdc1bf11940760238ac2c8770d2269104f52c267f7972dd9b4462384c484fbc1df5a1d9f9db5dcf29d33d8b756e185b5b96f026d70f1c42fab5697d0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 7d6563e9b52011b74153361ddaed0389 |
| SHA1 | 8ddd4109db5d0ef8a798958dcb746a6eb362e6df |
| SHA256 | 1b3fbcc146cc0d77f43d8bdd503265d1f357558cc4dc5e37def576dca4c8afe6 |
| SHA512 | d401455f9d47d40ecab79fbc477241a7b21dede6518af967964ecf99f6d35482fa293961168ca6feb37e51f6687c26ddf9796868fa3bd0a250109f44959d09d4 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 91bf1bb972d173d42ba11255eab7b420 |
| SHA1 | a28956a65f62e455e742573d4bc6d171c1dad344 |
| SHA256 | 38ce84e808db701d8f59fa3229c9614abb300c60ffa85505f95975b9e8e9812c |
| SHA512 | bb8759314a03103d6849bacd12195a16cb12b70295f9829353d59d7f79be9e2eedb82569d92c713c0070da40807b769d4c58f832c386839ccc4cefda7a0d8010 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | ec5624760f8a49feb51830f001d484ad |
| SHA1 | fd525d2c75c17125d5375d40f78e7cf5e3aa7585 |
| SHA256 | 7d5fed0e7955745408bd1640346b9591d8d6316e50a9190ae358663facf9d6fa |
| SHA512 | 102a13fff23745202f4e29fd4e7eb03a81cb603b800d4a048d9384a8ae980ee5d1047318dbcebaf5f943f5909e66e9527281e189069c4546dd9398ea740bd82f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 16182b8f3da81f3915c83b2af922ee91 |
| SHA1 | dd444cd8d808f2547d93fa6b3fa323a4250a7875 |
| SHA256 | 9338e67ce108687a92620136c8a641225847fa0bc56160b9a77cfdc69809edd8 |
| SHA512 | 8e009ae0fea08d5289e978d5638c897fcabfafa695d156fcb024dc5574b925135ff59640ae313f366dbdff297fe3f8280fdf0451ff7e16eedb307ec6ff1e0783 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 62f0e098994ad0b3da273dc98da4d823 |
| SHA1 | 71d38fd7b2dc8c97e12fae4e410e34fbc5bd94dc |
| SHA256 | d1ef60c4e03d968e467564d5ca2b1f3375061d4344977f82b665db2e5c6bac03 |
| SHA512 | 7db8936f517f054ed320d48ab551121dcb0ace74002bef5e15f3076a559415479bd0d188ab38e30d5715f739654505d7338cfecd0b3a35bcf1c7718035001aa2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 2215fd64e57f0efd00fbc41e5b64df21 |
| SHA1 | f70605046695daa0dc57f574cdad79e361938b48 |
| SHA256 | 8792f9f454eb6376cdde42b504aae225712fe6ccffb298d326239abd21e8bdf8 |
| SHA512 | ba42ab1689576d0d3cc762865214a15c75e7e4058fb9370cf69d1ec95c99b2f539d401e55f69ee99fa4b9423c675c21811a772e76968d4d95642671df4a85efd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 109fa08bb3067b4714f86599a0fff40f |
| SHA1 | 927f63a95f6d05add5bb14abcf069b531b42406f |
| SHA256 | b2f7ec829691cbc17b68f5163d2af1542b7f8ad112c88b3554290f8c3dd47efe |
| SHA512 | 91b7b093dfa2397b5dee47486483b3dfc6bbeb1a530d971194835f324878cea9fa5b4f459ab1248882a039e3aceeac6a88ac72a64d236245f6e2f4c7baebb246 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 116629b9d5d48febd2a2402a38de717c |
| SHA1 | 4727ef21632b15a27909f76fef93cbd0da67917c |
| SHA256 | 30ce23e4cfa456a7b5e3aa50de4cd16ea603fd16dfb3591dca7bb37f5e659503 |
| SHA512 | 75203283fe36081aa0917e8b2bdc97c7fcf5af690e49d68e9171916818804b1c388b2bc97aae646ce4c1d596a05971eab2cb3f6c0c56ffc666cbb0043f344d73 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 3afb77239d81f493d5a53a9d646a10c9 |
| SHA1 | 8c01d9df2422b60a6ded45440a5ec34d6fa85d5a |
| SHA256 | 4c1a3c02c00ed5cd57ea4125c8cfbb9e55637559d57a8ba5ae0189c7be2f6a26 |
| SHA512 | 4a55bcac10c10e9b262d147ab59d414dc60ceb49b06c824294931b606fb9cc96189ee62065dcf873c84974064559b9ac82dd3cd408a2423a6399bf98881ce74f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | e3412a4e34b0242ab38d10f52c952aae |
| SHA1 | 0aa037b0caee120b6f6cf05f5e184b8dd04394f9 |
| SHA256 | d9feab8f5ebd8b6abe4ad3a6f737b75f1a4ef78b80f3fd32416da3a1b04e23a1 |
| SHA512 | 69fefab102e91aee67a05478834621695118b40a87f7f4832c52dfeec6a3cd4b1e94111255e8685208ad9f6bff451edb5dce9387b558f855732d5e693e6ce8ec |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 454d3f289158bec2468722fd0bfc71d5 |
| SHA1 | 4e1b1fbc2470a2280177d790d42f6de119554ac7 |
| SHA256 | 83e7b41135a87b497ee40fde4267c724b6101ce352c30dd52f62be2e66695b60 |
| SHA512 | bcc26ad11b0889a6b1173615de871dce82387842d647f196226674e9688d2d2759cafe25585b6aae921137ed0803b691141dbfa9a4daecee2e5418cee6ae18f6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 24e1accbf53e3eb3973277f912ec2a7b |
| SHA1 | a77be647eaf7998daa83e63038e26df2643ca3f5 |
| SHA256 | 6d5664e9d143a9c82c970db63b53ab421965e879d202e4b72b40adc5707c2197 |
| SHA512 | ab8497d21da4323fa57bd5617b524b6bc2b48687fdbeb10463d625172a9b3dc105b19678b2a7ed9dcb1b7e09a6a3d7b7d3e3d292a26b42ab46dacdd576f8b0d0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 2e2d04058a14a22fa26acd73f3c9ce1c |
| SHA1 | 165c5ed1ff7b1b30f16c769ecd41d8d9b4cf60ea |
| SHA256 | e9b34a510cc238cb858e73e195bea4d8137d1c5179e9bab0aecfee2f4871c556 |
| SHA512 | e048666fed72fe751349987bfefaaec818840e427f5e4667535918142f4919e1ab7cb01cd556b6d951452e780647535f1d59ac577605386dc70959acfb5d09d1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | f5145304a7f71024f73cdb5184a15ecd |
| SHA1 | 49a8cb3e57ba60b3b8348b8a0795f116f1b4d371 |
| SHA256 | 5b3633f9ecf5e3fb14bb49dc9eec42c4d40b84c6d2ea3f8d70b017dd58b18456 |
| SHA512 | c855d4f13eaa7beec7b51c2099f15dfc571465cc5533f3fd721992c38dc6fa0634bde5559798f88fa38c4429c14adc6ac884e4cc6301629d90a4acccb3e91e88 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 33df24054ea31c09795e9323e9a5ff8b |
| SHA1 | a55dd60504ab91d505057a5f140a69e62879e0bc |
| SHA256 | c0a9d6bcbf196d498939f50df09b2212aef21ba6f50f5280d0070e3c8f1c187c |
| SHA512 | 0f804fbc7b44f6a156535c2083b9ec5833a8208d5e1beb0cd980261c2426a4959e27c15c62e6e8907de04e8fbd4754dcfb7ca5ea2ef2f0c96c7f856fcd6bfdcc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.key-GDLTVRKEKXFD.0xc1cde648bdc03
| MD5 | 232c4989060d704ea1d0ceb1e7845f00 |
| SHA1 | a7ae76ad3e6000184d2b0d857ea608a94d4cb632 |
| SHA256 | 9ad02234c534534ab6f9eaa007bbd51dfd61c0ab4b455fe2b2f4bd3e5602457d |
| SHA512 | 58e339a6609758ab053881312facf6e19547e0e8cb404882471de2557c36c25098937c6a9662328fd42a2171c90bd1ca25491cec00629ffe8e8ce5bdf92540a1 |
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jcp
| MD5 | 68cc17177a8f3bd071828a5ad06a07f6 |
| SHA1 | fe94c2e0b7210afb5e3d0fa819b566a2d276e43c |
| SHA256 | 8b6a4f4f126e81f7f5f4f7c32236c763ae9ad2266df8fd90e36905bc6ca6279a |
| SHA512 | 0ba9c3a8fc030e3a03b1eca189cfe1b44a703198d32e5cf4c2894a0d2f157cb45a526160ebedb2439e22e366386f56a6f95925a0615984fc717ba9279179ae03 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | b542bd8a32623d5cf1c907db568d46a8 |
| SHA1 | 49fe96f250aa5f2696a91daf18801418983095e9 |
| SHA256 | 638ddab398a968ff6098f7ec7b84fb5c6c338b5142185656f987c8b7b7d21146 |
| SHA512 | 3a7942e6fb9f9d12856bb0cf4356ca948d5fc3aa41a2d7e94859889f5654fb6fc01194b010b375f3d6f8a1ef6a1e91b6f03cddf7baea26c3f609b0dad069af81 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | 4c2bb3880f7367a03bfe7df15bd28292 |
| SHA1 | 486f7e084fa34bf5b0a242f50a22596ae12fcdfc |
| SHA256 | c14113c49220e367d0e250dc584b5bc1f9bf31f1c24273e76a8428d9791b7281 |
| SHA512 | a7edadb2d580303f754cfef46bef9687ccb6c569a77a85545374e6375922f8e7169faf110a999950a5e80ebb6b3446ee0f20547bb9879b7b24b193c1ba047351 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\95d9a2a97a42f02325559b453ba7f8fe839baa18.tbres
| MD5 | 26506bceca1fd47f39284cbb95092f5b |
| SHA1 | 4c42f13ac5d9998c93f3d733a9c4dbe5c6415202 |
| SHA256 | 2294896bdacd627cb039e76c0eb2f20f1b5a1cf526f84b560111af25af02f17e |
| SHA512 | a76837a383a77e32f040cce0aa5713dd0d4fd8a09d732f01335c1ab688dfd734325cd548a34614f6c55bb8d9dffd809a89ad2957f0ad7c459984d1c31aa120ff |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9b2529d7-ec79-4260-a2a5-2621b8303a68}\0.0.filtertrie.intermediate.txt
| MD5 | f66204ddc2e55a4ba416e9768bd5aeaa |
| SHA1 | 0ebb17602b92ee42cfe273619c17c043402cc5dd |
| SHA256 | 232204c0488a893d3f9e8efdfbe01e2fc85561f8776449c804226717c394c631 |
| SHA512 | 89df48f41251e2d0f4e6d0aa27a5edaa83b8d2316e9ef6249ac81c176f240106174620a1a70085e88dff6141319f2cff404f2f493d2240ad90e95bd812c9ede6 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9b2529d7-ec79-4260-a2a5-2621b8303a68}\0.1.filtertrie.intermediate.txt
| MD5 | 34bd1dfb9f72cf4f86e6df6da0a9e49a |
| SHA1 | 5f96d66f33c81c0b10df2128d3860e3cb7e89563 |
| SHA256 | 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c |
| SHA512 | e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9b2529d7-ec79-4260-a2a5-2621b8303a68}\0.2.filtertrie.intermediate.txt
| MD5 | c204e9faaf8565ad333828beff2d786e |
| SHA1 | 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1 |
| SHA256 | d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f |
| SHA512 | e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9b2529d7-ec79-4260-a2a5-2621b8303a68}\Apps.ft
| MD5 | 21de42414cc2933affe1828f1ed2a29d |
| SHA1 | 1e12e4c389cfc585798e6098eb1fc1dae7f06afa |
| SHA256 | 0f10432bb37db721342c227cab39b2309b007c8a1cb7eff2b9b76568e2c69c92 |
| SHA512 | 1e2607e4fa237e88858e9733ad7adfb2d2fe0f861611f5a2d9e04b8cbee83c68b1ccc30d6a0740a5c64ed55fe62786c489dfc38d8396cfbde56c46b34bc6cec4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9b2529d7-ec79-4260-a2a5-2621b8303a68}\Apps.index
| MD5 | b2cef728978026d476329fa104dd233f |
| SHA1 | 9b7bef0b534d8e617dea0720c6c924278f14e684 |
| SHA256 | 60ae00e7bc8fbae18202e651929861d8860a4b6cb6ff7ae782e120468eb7be32 |
| SHA512 | 33c0dc6afebd4a4a5af2480af84eb589d5776eaf12c2ba5ab4fd3a7d54e35df4cb6abfe06e6c5a370fecdaa9f45f57f6980f7f36088ceacff03a4db61d79013e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\apps.schema
| MD5 | 1659677c45c49a78f33551da43494005 |
| SHA1 | ae588ef3c9ea7839be032ab4323e04bc260d9387 |
| SHA256 | 5af0fc2a0b5ccecdc04e54b3c60f28e3ff5c7d4e1809c6d7c8469f0567c090bb |
| SHA512 | 740a1b6fd80508f29f0f080a8daddec802aabed467d8c5394468b0cf79d7628c1cb5b93cf69ed785999e8d4e2b0f86776b428d4fa0d1afcdf3cbf305615e5030 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\appsconversions.txt
| MD5 | 2bef0e21ceb249ffb5f123c1e5bd0292 |
| SHA1 | 86877a464a0739114e45242b9d427e368ebcc02c |
| SHA256 | 8b9fae5ea9dd21c2313022e151788b276d995c8b9115ee46832b804a914e6307 |
| SHA512 | f5b49f08b44a23f81198b6716195b868e76b2a23a388449356b73f8261107733f05baa027f8cdb8e469086a9869f4a64983c76da0dc978beb4ec1cb257532c6b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\apps.csg
| MD5 | 5475132f1c603298967f332dc9ffb864 |
| SHA1 | 4749174f29f34c7d75979c25f31d79774a49ea46 |
| SHA256 | 0b0af873ef116a51fc2a2329dc9102817ce923f32a989c7a6846b4329abd62cd |
| SHA512 | 54433a284a6b7185c5f2131928b636d6850babebc09acc5ee6a747832f9e37945a60a7192f857a2f6b4dd20433ca38f24b8e438ba1424cc5c73f0aa2d8c946ff |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\appsglobals.txt
| MD5 | 931b27b3ec2c5e9f29439fba87ec0dc9 |
| SHA1 | dd5e78f004c55bbebcd1d66786efc5ca4575c9b4 |
| SHA256 | 541dfa71a3728424420f082023346365cca013af03629fd243b11d8762e3403e |
| SHA512 | 4ba517f09d9ad15efd3db5a79747e42db53885d3af7ccc425d52c711a72e15d24648f8a38bc7e001b3b4cc2180996c6cac3949771aa1c278ca3eb7542eae23fd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\settings.schema
| MD5 | ac68ac6bffd26dbea6b7dbd00a19a3dd |
| SHA1 | a3d70e56249db0b4cc92ba0d1fc46feb540bc83f |
| SHA256 | d6bdeaa9bc0674ae9e8c43f2e9f68a2c7bb8575b3509685b481940fda834e031 |
| SHA512 | 6c3fcce2f73e9a5fc6094f16707109d03171d4a7252cf3cb63618243dbb25adb40045de9be27cad7932fd98205bdaf0f557d282b2ba92118bba26efcf1cd2a02 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\settingssynonyms.txt
| MD5 | 003ece80b3820c43eb83878928b8469d |
| SHA1 | 790af92ff0eb53a926412e16113c5d35421c0f42 |
| SHA256 | 12d00eee26e5f261931e51cfa56e04c54405eb32d1c4b440e35bd2b48d5fcf07 |
| SHA512 | b2d6d9b843124f5e8e06a35a89e34228af9e05cbfa2ae1fe3d9bc4ddbebda4d279ce52a99066f2148817a498950e37a7f0b73fe477c0c6c39c7016aa647079a5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\settingsglobals.txt
| MD5 | bbeadc734ad391f67be0c31d5b9cbf7b |
| SHA1 | 8fd5391c482bfbca429aec17da69b2ca00ed81ae |
| SHA256 | 218042bc243a1426dd018d484f9122662dba2c44a0594c37ffb3b3d1d0fb454a |
| SHA512 | a046600c7ad6c30b003a1ac33841913d7d316606f636c747a0989425697457b4bc78da6607edd4b8510bd4e9b86011b5bd108a5590a2ba722d44e51633ed784f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\settingsconversions.txt
| MD5 | 721134982ff8900b0e68a9c5f6f71668 |
| SHA1 | fca3e3eb8f49dd8376954b499c20a7b7cad6b0f1 |
| SHA256 | 2541db95c321472c4cb91864cdfa2f1ed0f0069ac7f9cec86e10822283985c13 |
| SHA512 | 5d1c305b938e52a82216b3d0cee0eead2dc793fac35da288061942b2bd281fb48c7bd18f5fdaa93a88aa42c88b2a0cce1f0513effb193782670d46164d277a59 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\settings.csg
| MD5 | 411d53fc8e09fb59163f038ee9257141 |
| SHA1 | cb67574c7872f684e586b438d55cab7144b5303d |
| SHA256 | 1844105bb927dbc405685d3bf5546be47fa2fc5846b763c9f2ba2b613ec6bc48 |
| SHA512 | 67b342c434d8f3a8b9e9ac8a4cbd4c3ef83ddfc450fe7e6ad6f375dba9c8a4977a15a08b49f5ad7644fbde092396e6da08865aa54d399836e5444cb177a33444 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{47e5ef10-fdb8-4b99-afad-e78067c56ffe}\appssynonyms.txt
| MD5 | 06a69ad411292eca66697dc17898e653 |
| SHA1 | fbdcfa0e1761ddcc43a0fb280bbcd2743ba8820d |
| SHA256 | 2aa90f795a65f0e636154def7d84094af2e9a5f71b1b73f168a6ea23e74476d1 |
| SHA512 | ceb4b102309dffb65804e3a0d54b8627fd88920f555b334c3eac56b13eeb5075222d794c3cdbc3cda8bf1658325fdecf6495334e2c89b5133c9a967ec0d15693 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 440cb38dbee06645cc8b74d51f6e5f71 |
| SHA1 | d7e61da91dc4502e9ae83281b88c1e48584edb7c |
| SHA256 | 8ef7a682dfd99ff5b7e9de0e1be43f0016d68695a43c33c028af2635cc15ecfe |
| SHA512 | 3aab19578535e6ba0f6beb5690c87d970292100704209d2dcebddcdd46c6bead27588ef5d98729bfd50606a54cc1edf608b3d15bef42c13b9982aaaf15de7fd6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 96ff1ee586a153b4e7ce8661cabc0442 |
| SHA1 | 140d4ff1840cb40601489f3826954386af612136 |
| SHA256 | 0673399a2f37c89d455e8658c4d30b9248bff1ea47ba40957588e2bc862976e8 |
| SHA512 | 3404370d0edb4ead4874ce68525dc9bcbc6008003682646e331bf43a06a24a467ace7eff5be701a822d74c7e065d0f6a0ba0e3d6bc505d34d0189373dcacb569 |
C:\Users\Public\Del.cmd
| MD5 | ec6f5056a81f8cd0039405e8539aff7d |
| SHA1 | b141d0bc1c2a4aea92fb7cda27f084a357060ecf |
| SHA256 | 46d324eb3c936dfd8b446dbb637e4eb9d49f9c187d236905a4877947c09d76cd |
| SHA512 | 8ffa6bc23234180e574e17ff7a0beadbc37c7a4a52e00fb68eec6b63f21250488d109b5009d4ee267b75d093ff51a5ee29249aef7eaf67072dba866e2e2bc3f7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | f4e3e63ac395c1ef5a54799f4edab643 |
| SHA1 | b7a0b2758a60bbad146c624564b4d04f3d936d15 |
| SHA256 | f2c0c59424be3ec1e307f0c38ca9e687ee8c0ebd2b9affddb8c62cac7c420a33 |
| SHA512 | 719286b7925cb70baaf9277ca8b5e0dbbf65b96cbcc95ffabecdcae90a2708d15db393e8290553a9e9c53e547e87967e022ca57c8fdf6285b5039f506ae5b0f3 |