Analysis Overview
SHA256
f1f72dc070609ea57ed4e3e07fab2de6770f9bcae6b85ec395184f9fe2cb2cb7
Threat Level: Likely malicious
The file XorEncrypt.exe was found to be: Likely malicious.
Malicious Activity Summary
Clears Windows event logs
Credentials from Password Stores: Windows Credential Manager
Deletes itself
Reads user/profile data of web browsers
Power Settings
Drops file in Program Files directory
Browser Information Discovery
Unsigned PE
System Time Discovery
Suspicious use of AdjustPrivilegeToken
Delays execution with timeout.exe
Modifies registry class
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Kills process with taskkill
Runs net.exe
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-12 12:44
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-12 12:44
Reported
2024-11-12 12:46
Platform
win7-20240903-en
Max time kernel
89s
Max time network
90s
Command Line
Signatures
Clears Windows event logs
Credentials from Password Stores: Windows Credential Manager
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\index.html.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows NT\TableTextService\ja-JP\TableTextService.dll.mui.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\RSSFeeds.js.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\settings.css.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\America\Nipigon.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\DVD Maker\Eurosti.TTF.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\ar.txt.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Journal\jnwppr.dll.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\FDFFile_8.ico.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\codec\libd3d11va_plugin.dll.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\spu\libmarq_plugin.dll.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\currency.html.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png.key-YEEISFLSETDV.0xcf41769d063c9 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
Browser Information Discovery
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcf41769d063c9\DefaultIcon | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcf41769d063c9 | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcf41769d063c9\DefaultIcon\ = "C:\\Windows\\System32\\SHELL32.dll,47" | C:\Windows\system32\reg.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe
"C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe"
C:\Windows\system32\cmd.exe
cmd /C "reg add HKEY_CLASSES_ROOT\.0xcf41769d063c9\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,47 /f"
C:\Windows\system32\reg.exe
reg add HKEY_CLASSES_ROOT\.0xcf41769d063c9\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,47 /f
C:\Windows\system32\cmd.exe
cmd /C "iisreset /stop"
C:\Windows\system32\cmd.exe
cmd /C "NET STOP IISADMIN"
C:\Windows\system32\net.exe
NET STOP IISADMIN
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 STOP IISADMIN
C:\Windows\system32\cmd.exe
cmd /C "net stop WAS"
C:\Windows\system32\net.exe
net stop WAS
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop WAS
C:\Windows\system32\cmd.exe
cmd /C "NET stop MSSQLSERVER"
C:\Windows\system32\net.exe
NET stop MSSQLSERVER
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop MSSQLSERVER
C:\Windows\system32\cmd.exe
cmd /C "NET stop \"SQL Server (MSSQLSERVER)\""
C:\Windows\system32\net.exe
NET stop \"SQL Server (MSSQLSERVER)\"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop \"SQL Server (MSSQLSERVER)\"
C:\Windows\system32\cmd.exe
cmd /C "net stop MSSQL$SQLEXPRESS"
C:\Windows\system32\net.exe
net stop MSSQL$SQLEXPRESS
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS
C:\Windows\system32\cmd.exe
cmd /C "net stop SQLSERVERAGENT"
C:\Windows\system32\net.exe
net stop SQLSERVERAGENT
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop SQLSERVERAGENT
C:\Windows\system32\cmd.exe
cmd /C "net stop mysql"
C:\Windows\system32\net.exe
net stop mysql
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop mysql
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlservr.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlservr.exe /T
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlceip.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlceip.exe /T
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlwriter.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlwriter.exe /T
C:\Windows\system32\cmd.exe
cmd /C "Del /S /F /Q %Windir%\Temp"
C:\Windows\system32\cmd.exe
cmd /C C:\Users\Public\Log.cmd
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" el
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Application
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DebugChannel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl EndpointMapper
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl HardwareEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Media Center"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEDVTOOL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-API-Tracing/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AltTab/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Problem-Steps-Recorder
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-TaskManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite-FontCache/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskRingtone/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Feedback-Service-TriggerProvider
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GettingStarted/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotStart/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPBusEnum/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MCT/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/WHC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeopleNearMe/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Recovery/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReliabilityAnalysisComponent/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-UTProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Leak-Diagnostic/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sidebar/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemHealthAgent/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceNotifications
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeControl/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeSnapshot-Driver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WABSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WCN-Config-Registrar/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WER-Diag/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-AutoConfig/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-Autoconfig/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLANConnectionFlow/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMI-Activity/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCCore/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-Service/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSSUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-MTPClassDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WSC-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WUSA/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-MM-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-SVC-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-UI-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO-NDF/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebServices/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Concurrency
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Power
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Render
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/UIPI
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHTTP-NDF/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHttp/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinINet/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Windeploy/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/WHC"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsBackup/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsUpdateClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wininit/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-AFD/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-WS2HELP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsrv/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-mobsync/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ntshrui
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-osk/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-stobject/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl OAlerts
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Security
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Setup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl System
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl TabletPC_InputPanel_Channel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WINDOWS_MP4SDECD_CHANNEL
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WINDOWS_MSMPEG2VDEC_CHANNEL
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WINDOWS_WMPHOTO_CHANNEL
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WMPSetup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WMPSyncEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Windows PowerShell"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl muxencode
C:\Windows\system32\cmd.exe
cmd /C "Del /S /F /Q %Windir%\Temp"
C:\Windows\system32\cmd.exe
cmd /C "powershell \"wevtutil el | Foreach-Object {wevtutil cl \"$_\"}\""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell \"wevtutil el | Foreach-Object {wevtutil cl \"$_\"}\"
C:\Windows\system32\cmd.exe
cmd /C C:\Users\Public\Log.cmd
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" el
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Application
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DebugChannel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl EndpointMapper
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl HardwareEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Media Center"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEDVTOOL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-API-Tracing/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AltTab/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Problem-Steps-Recorder
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-TaskManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite-FontCache/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskRingtone/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Feedback-Service-TriggerProvider
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GettingStarted/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotStart/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPBusEnum/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MCT/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/WHC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeopleNearMe/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Recovery/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReliabilityAnalysisComponent/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-UTProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Leak-Diagnostic/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sidebar/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemHealthAgent/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceNotifications
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeControl/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeSnapshot-Driver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WABSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WCN-Config-Registrar/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WER-Diag/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-AutoConfig/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-Autoconfig/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLANConnectionFlow/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMI-Activity/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCCore/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-Service/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSSUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-MTPClassDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WSC-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WUSA/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-MM-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-SVC-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-UI-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO-NDF/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebServices/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Concurrency
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Power
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Render
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/UIPI
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHTTP-NDF/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHttp/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinINet/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Windeploy/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/WHC"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsBackup/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsUpdateClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wininit/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-AFD/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-WS2HELP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsrv/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-mobsync/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ntshrui
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-osk/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-stobject/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl OAlerts
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Security
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Setup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl System
Network
Files
C:\Users\Public\Log.cmd
| MD5 | 6a2f870841e0126632f5b9bf0d000d6a |
| SHA1 | 51689e26641f0eb054cd90553a21a472a2e79148 |
| SHA256 | 4bcbb565ad2fd05a4fc458cd68254853cbcbf5749beffccb2b1e22b8a53ecb2f |
| SHA512 | de089c5d2dd691c64e38bdc82a2a5266e65cf8f9fc40e2d60ecded7a775922ae5100cc406f09346fbaf402fc1fe3074ca29ecd64119f7c490381aee72780bdb0 |
memory/748-5-0x000000001B640000-0x000000001B922000-memory.dmp
memory/748-6-0x0000000001D40000-0x0000000001D48000-memory.dmp
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | ce2aa00a9c7636bdada7dc6e86ec31d4 |
| SHA1 | d023a510fe3b564ce80decbb3b79f257d29c74a2 |
| SHA256 | 2ee1c1a96b829b32ad5e739b8293c04512e4a4e30f16d2312828136b843026cb |
| SHA512 | edaa54fa1746c22488ad63d068effbd2f71fc86a0b7994af2dbc05d22d8b5cf858c0f8c93cd8c5efe59fe4d2e1955b80b5412e0114bb27785ab5e74e7af39b4d |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | f79c7f75abeab78049ee1b696fdc7478 |
| SHA1 | 5a7fa1a3107e31749af04d9a69e3ac527dc8d3d8 |
| SHA256 | edd384c4a063ef349672b22b5c2f4ced9f855b2d0387d4f0f4a430350515bcbc |
| SHA512 | 6f671161274cf6052bfdc5dfb0076d516c328047992dcc8e86d414eb92675fb149b358c860eecb38d9ec2d4a90de3eb5022c0c24e2c535f29a5d7166868b85c9 |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 1183d34132159a801276da3058547270 |
| SHA1 | 980c686089f500fda4724a8651a86ae9f9b83f7a |
| SHA256 | 00232978790508f71222e2390433bdd1a15b6a382ccc198766a1ceeac48c99df |
| SHA512 | 84db462c8e5613a57fb890f8869e33edf8a1666ea7c7a0a629640c32e9f0cfa345dcb824bccb9ebadb35661495081fb73a21999b385e3796d4f12b566b640a8b |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | aecfd47f1150a74c9921bf41429a93f1 |
| SHA1 | 2572a4d7bf4dfc294ab6785b5eb1127397aeee22 |
| SHA256 | 29c8acca4e56b3148a1de90bd0a79da3e3cd7304ed9d2b13774bd51c28b06bd4 |
| SHA512 | f06f7bc3b771137b3b2fe1258dd96d557df1866a4d772c0a4f3c31fabddac48824b4533a94d509616ec750fea21ef8fe0d414ed97e68e45291e8d729a2beec1a |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | cf6fb4fc2b16c59bbdd610ad291c7be3 |
| SHA1 | d0ce9fff07870cdcf0695d6ad4907b7a29d76327 |
| SHA256 | c595590b46b3fb0ab8cec3eee25076ca6da8e9a50d01d6767112c270f0f42150 |
| SHA512 | 336cb935b71af0a101fa454ad5413c17c99d5ba7c5b10f2e7226fa6a0b299923ed4527c5d122a2244ddb9df0b8b290915a12c8bbfad5316c59b4d226d60fbc11 |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 3376e7a933d307118c25251c10925187 |
| SHA1 | 701ce13ef10aabf4af167ed2757035f0de796329 |
| SHA256 | 47b30bc2cd62be1094bbe3953e8be4ca1b4a0facda80edaa40f3886aa38bd1bb |
| SHA512 | 9725244de2585e19d13dfa02d67b84cfa7237c147947d1cb0746c46dc6a7bc0e7f721f163d98804f14dda64f52eb04f45d4922c86287bb8c083af0849794443b |
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 23fd661f9cc86c3fc999e975f137967c |
| SHA1 | 821c0b5aa16b96454d5436e3e8f6b359c2b71651 |
| SHA256 | 826127c2b0e6a13e958a43ecea4a06058c918ebad548c0a8197e99b41cbc7f55 |
| SHA512 | 297047e52069697df2bace2a9b8f55334a374d0ecd91092313926fbb8c518e58e4099c486b7b12b28691b29535137ef45602465b2c63613c3f6fd4bdce68d1cd |
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | e79be0d060808c84a14abaf4e1ee2bc3 |
| SHA1 | 9590cd325b32f988013a25875862bf908f2e34d3 |
| SHA256 | 988a0c2249ed816bd5bb4831ed4fb41bf4aa5ddd8c1bf7ee3a5837c46083f97d |
| SHA512 | d1947ab77229a3f755a4861fd14f66ccc8e67f9f374bbec4afc6584ac6ceb825310146c3a6c3d904dfd22d370fbf81c9d2dbd10b626ba90f168cfbb8d63be5ab |
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | c303ec0feedacbc85646fe1297c59109 |
| SHA1 | b2af4f80ab60e8543ce03439b75fad9ffd8716aa |
| SHA256 | 8f46586f4dcefbd4d3ce564645cd2d790e2473eb8fbab76103e4b18f3c5fe332 |
| SHA512 | 0b9dfcf27aaa86da9949317281eca427cf7bfa8d22336c11c5db4930c5159125b5bb4a978389870f98034e7e171cd5f2dd51e958277654b5fbf77ecb9389462a |
C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 62a57ba3dbb0c69476d4efd848abb8c5 |
| SHA1 | 2185463679423322481f1039b634a53952bb5504 |
| SHA256 | c78e6310c713baf1330bb1a958b801a7adbadb33f84fc419bf2c8014261bb40d |
| SHA512 | 9d4d064a245de67fb285e0dc3b3cee609bf2adaeee3bb9bd5655ce900601dc8cd591e5f311df47e980b06692da27e20d48c1e942d1ffb56654e67de3983c9c6e |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 5cd7d81912b3c547069a6d60cb8432a9 |
| SHA1 | c3ab0d5b03828a4e0616b28a09550cbba1b243e2 |
| SHA256 | 6e2711ffd4d58f6193b3fc5b47cb5ca0322395dae3bdf0a50c328584028003fe |
| SHA512 | 2c19d2b19a45f563340f65ef709afd04f4c1ffdb8620dada3e0bdecfe0beef5f3f4b67389482fbf5e44239754eae0f43d9d6f9a2a081043bb364bee52eecb444 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 18aa5c8a2060906cabcd075f25d6971f |
| SHA1 | c6e6812055f86197556fb10380d86b7069f82d8e |
| SHA256 | 0e77b921f0342cc931d6e11ca4e345cb6f3100d68dea912abce139ae0de6563f |
| SHA512 | 9a9daf406c6b7eb168de798970815374eae244635bb25a890bdb975cbc992eb7ae383052061f7880609e5245ce46c0f886967622357abb93c9e543fd39a4a496 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | bde7e407d6c979fbbc51578db586b444 |
| SHA1 | e66f9e424d3fd95f68f2b230b2741a672682b6d3 |
| SHA256 | 97cb2f74999481c42b4f2ad463387dfc3564fc8e9c16998f5f78240bad5079ee |
| SHA512 | ce1fe9783288fd919f5c717fc9f19a6ff37a75f7cf683dc0f1cb50bf31e63f033a6b4ad18cb71631110fc8afde5ebdcdf75c9b535e32039827f3c71ae90a6d9f |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 566cf081a3316f361451738aab9c0d53 |
| SHA1 | f3a084126e9170fbde5c27935a716207f189c34c |
| SHA256 | ad1cec42ab911f458b53a3d2b700542e653eabed830092a43c08b118979bf5e5 |
| SHA512 | 7e7fbf834be9e75ed1aed18a94685c46fb9caa25569ca9202d3d0e2f59247905a4d0f90aef45e603c3422c98bd0c0adb1204690318f7d2df4c13c5ead3959561 |
C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | e64b7bbe8546af2feec986f9d6649270 |
| SHA1 | 7550c2917d7d2c571b8043c3f89f6cc490620671 |
| SHA256 | 2fae4c2d3ec0042f199983bca7233e8b010068e8ec0a1ddbd66bf647634c04bd |
| SHA512 | 0095fb1a0e57495edec293ebac09cd45b1db0391c6de150c909e063cde721252debcf8ede7189df3b6d80bfbb7e68e4559af82395bcdd485eff3686bc7711733 |
C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 4e6878e1dc23649c00be49079afa6dc3 |
| SHA1 | 1ce7f499260052022fb1b291e950098aa0e4edb3 |
| SHA256 | 62b154c93d38414e647dde621b6ad3a6a22c4b1357ca950912e3ed06ed5f7c30 |
| SHA512 | 621b2849ff00ff1456cecc30cb59bdf9921f78ddd4a37c03f724e22d7572c7f6f11647a73a4ee58e8b01507f24f83edadd022ace5efe3c42edafed57fd6ddff6 |
C:\Program Files\Java\jre7\lib\zi\Etc\GMT.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 3137c57d68f05211847688c97b4d235a |
| SHA1 | 35a7b20494f1e18f56bf62dfb2d139e85c0e1763 |
| SHA256 | 591cc1d4f289a93ec9d716fa1abbd7a48b691c5b3643dba3c683c7eecca03571 |
| SHA512 | c660ffbcc7af9c425c6c09c0ae1b6b3f5ab0e990fd9f8d8647357de370a6a3534b321315d04ab37da3b5f718eab52cda30c953b1b77c52bde4335a15f3fe0a7b |
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 7af2125dc2a907e9d8f8f71bcb861968 |
| SHA1 | 7b39e8b6599bcbd9c0bb6def9509ddfbf2ebeb08 |
| SHA256 | 2eb23da4920adf1436470f502f718ffb734432795be05263fa19851bb508d459 |
| SHA512 | ebc6bdfdcac39ebcda605d5bfa35dc1ef35c39f06aa590fed7f3bfd72aab0e5fe1d151c8423e940d8ac3df95ffe2786d692bf9eb1a568a159f99788b961f2df6 |
C:\Program Files\Java\jre7\lib\zi\HST.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 7b4baf8030663e94624508c9210c77e9 |
| SHA1 | 60f396cfc1f3bbf4b01ab5b4999ac57846dcaf9b |
| SHA256 | aab95ca58814eb9203dcc3dbd9c1304acd89423d89a80eb2096eb06f353eb840 |
| SHA512 | 51fff77743b0b80f4473c3adff86f63f0305dd8aeb77959a55e760c6e22e74adc9ab0fe9aa8be095a4757deabdfbd4d1de24bcf30327f1dd9777fe37c87126da |
C:\Program Files\Java\jre7\lib\zi\MST.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 792a285cb45f9db796366c59fc7a5bf3 |
| SHA1 | 21ce3ad8c776a9bcce100f7e6dde1efe12a85f1e |
| SHA256 | 77aa5c907a7cb632657516d2694a604d21491712cd2956a84603e6412cf20b34 |
| SHA512 | 811692774d2eb6e9b8cfab6b612f1a398330a1bc054bcd00f6db297e27ca836631440d3a23a4cfbd36a8bf63200d30e9d91fd9ed69a092a993d1f0984c9c34a2 |
C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | e531ed3d053b71c157425cea81434c46 |
| SHA1 | 4a7840f37f716fec26a721924daab208e6d8f93b |
| SHA256 | e77e6a432ba242e9a05521d1de046a1df69ceb5cbce6352664e4ec9a83916cd4 |
| SHA512 | 64b186f06b1df44095ee42384b29de290faca31adfb6d174f0aae84f4020c72951b07cfba5df04ed4801a76477c86f3f30a97c796a7b233cd48b613e672451c9 |
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | d5477689ae58d3c70ff5f74a6c7dc179 |
| SHA1 | ca14da79e4ab6e2f93a7a3e50f777fbb915f9324 |
| SHA256 | bb256736ef061053bb63a64d072b336a7d6690bf69f44981a688521e056ee2ab |
| SHA512 | 417d4655dde4414ad60ea37ffe77b11c57ce25c808d68497b2e3f9668a06ebf1fe8d35ee93faaecf2f93e09430155663ba81426b44e0aced013f416fb7f355e9 |
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | bdf5d1abe010fba9d1142a28a4dd123d |
| SHA1 | 1ebc803db0cba309a23993b830cff2b229fb6732 |
| SHA256 | fed69b70d393833572d4900ff4b2d477091a236df4cadb6ba3f4567c23269424 |
| SHA512 | 2daa9fc157b26270efffdb45e35404e7ec4a28504a1e58c6cb81236097cc67fb833c621cd33655ce4b6ca30ac144c4a04c08ebd48d8846d4c697aefd512f76d8 |
C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | fd7a13d080d1a41b1e21d71560f92e43 |
| SHA1 | 1b966c1002657c865438f7b5b94d6ee5e35dcc52 |
| SHA256 | ad0c3473f268b959f67b1e523e99e5932ab96a95f6e18f83b5c800cf214ad53a |
| SHA512 | a779b8aeb6046055ee13f776a47fa4d24fc1d20e9aa07ee468dc0e798b2f7377f2576ff53defce7a21e15dd8e8c13bc137a27da34ec15b8ede773aed0c2e7f7e |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | a96da39acc67c586e49772d1c867629f |
| SHA1 | b5c56faed81cd95cb5584d02a78f9ebaa8f8cb9e |
| SHA256 | c3110a5620eb0276a4185f7323293d03875e56cc1493952121ca0191acf0c550 |
| SHA512 | 2a229c98a6c3316ca1510a03742871c4eb8fb0ae66a584d1ce4f296fb99b58b2515f74d516eb230a17c8383580c1fe3d27db7eb810ddfbdfaa525373cf4a5670 |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | dde82db73b277388b6875d7cd9af38ab |
| SHA1 | a71a53a596e08aa81b74b1d929f8ea9ac57478a0 |
| SHA256 | d24842944c6fd8aad927379fe5a0963015fd8625817efc9c5b31ecd3b6b038a2 |
| SHA512 | 604c5ebcc3c7c0500be580dadb43879bc416df25b9d9a729967edf7e5392d87a6139d44dc493695c8018a60d2e9fa5b1a8cd2e4a1c0d3f166c54319af85701c4 |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | be306972d8110a4817d014fc1c4c8a28 |
| SHA1 | 8ee29894aa43a5e53ef24c9e43e74b6cdf146cd5 |
| SHA256 | 8e5c76b3d0256e3b9fa9912fde0bc41e1af223ed5282d97e7ef962d1b5a37b35 |
| SHA512 | 14660bfd8a48f0519ef96f573dca80d7eacd67b87226a13ef904967731edbf8edf932f6c444a6bd82d78789ea7aa2ae2e57321428d8c2091157d4cd8101e6165 |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | a9f3b17299882457364e16b6976a8cba |
| SHA1 | ea8e248887c083967936cde1566b035288c8658c |
| SHA256 | f026ca4ec11b880ae9e441a6aefb56f58083606bd7ad3dc500786703cb3d34df |
| SHA512 | 78559c822baf619d63f0a16fabebdd6d05b01140a20b2c2634c7c95c1e6e7de4c15615040c851aa71d0895a043948dcfbb896165c54cbbadfb55db5603f6d579 |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 958548fbcee5a334e347e5f241e7d7d1 |
| SHA1 | 7ea7acf8ae7f09ec83d35f8cabd41bb72e0b5999 |
| SHA256 | 0990b34ebd066b4c983cf0ea40ea30dece17923d3daa3b2d71b70984a2360889 |
| SHA512 | 07ab72c5bea7358a7ad618ebad5a1341b0ba99022c631ef0adf0e21f4ddb4cc8cdac515e2bbd8508882314157d9e52b54ba66cfc93ec29b26eccdead9c7657cf |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | a6d4a4b25d64dd3b6ece3610e052ab52 |
| SHA1 | f64d5be12fa109195e08266c55af415114404c62 |
| SHA256 | 49066e4422b855a36d7771cce16cff595d6c2cd240ecaf7b0125e2f6f6a6e561 |
| SHA512 | 864c91c409dbdccec5afe085070419cf80fcb407149a91ce78c25dd85f4ff9b292075d8f5612e1b048a4bb38854c58129af0c4729045b90c8d2bd7ab7454dbdc |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 651af6636158994c909660ff5f9a4c3d |
| SHA1 | f8f3722a4bd1d966d4ed5805dcfdadf4ba33e8ef |
| SHA256 | 03a891286e205ba99250bcb1bc4391a7dfafec8959d7b022f1fdd101994b7b93 |
| SHA512 | bd15a73a19bfb2503da9e59b0230e27226c57e3f3ab4268b8658fb917d67054b5e46a47e090f36499ded7f44b21c5684a5e9268220252c64022ee716453aadf0 |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | cd286324895d4daa9b02e5d147bd36f6 |
| SHA1 | 98d1d0959994c2e8b0291755e8aa5b6a306ec453 |
| SHA256 | bdfca98694d0fe47e25d685784f70e0088616acf5fb393cc7d6f592a5514cdf9 |
| SHA512 | 647a7db9f3e229005d0c4c0bc2c89f9c1e3bd7bf837862c13bfb86ba4788b7db6e6a740826be349f54f6ff45ea1c99d0fddcf1d03a7dfa5b7771a09a8d6df791 |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | b263253e9493c988c5bb1bfc5e72886b |
| SHA1 | 11a5de4604d1d043d6bb668b384fe1950026811d |
| SHA256 | 4d3fdd80d51eea668848208f0dfcee435f98cae87b8b1061e0db601eda170d8c |
| SHA512 | 98807cabf6b6a35ee05dbd8d4d3a450d139c964889de74d0bfa257ed47c1f06dd471c8d6fca9e3d3c75a115c46a1682d82e5049604acd8d922a5bd0baa481a4e |
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 72cae315ec275e911fce636f9b23962f |
| SHA1 | cfe7ceb31ff562e0e8ef3e6005a5e8b1881084ce |
| SHA256 | 191123ed6eb786ca94d359195c014de518c978fd965717e44ab0d7a2ed910941 |
| SHA512 | 036de0d451c8c3204952a615e92a344fa0dada710d56ad5936cbf6a883fd790745bb206280006ec35c5f2912f3be4cfde9815e9a7e5c523c57eb171578354dfd |
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 04e90627bd9bf6b98c1e714fa25e5cb1 |
| SHA1 | 9387498a882600c239430eb2e141617ce9b91dff |
| SHA256 | 8f163ed4345c3204452ed526fd8510d9f10c2b1086cb895da8ece64ad329966c |
| SHA512 | a4bbea2e72a66d852623642d7be62f97ff031b00434c619eb02a4f7794eae7235b4d594a2e5633153cf433cb7095e272d3f69ed7ef7770f7008f58e530e15cdf |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | ced308e45fc5171a136d5866c06b8ece |
| SHA1 | 49a26d01932991fda14a341eaa6655313d339119 |
| SHA256 | 86bfea164b38481555f2d6468c786303a6def8e83d11e1d999439d927dab0627 |
| SHA512 | f3435812c070a6511f52f678cae86acab936d8167bd1e875715fcdbdf1354650e4f9a73e1bdc9c7cca265f13402e60310278639288ad65b8c62b5550b8ea7ff3 |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | cc8e1c0feeb8f95e9149b0a1e212f4f6 |
| SHA1 | c6b6f0f4b4eb5f604ee78d0db898eaed5089d1d1 |
| SHA256 | 294380e03e8f53aeccb58b6c45b71d7a0976714b7e6418cc56d1105d496fcc8f |
| SHA512 | 16b3870e00c5455556076c15957f033d14431e0e4ec76375dfb29b7436ea73281fe6c1b116aebd40310a6c1baa1f5e9d06fd9abd5dea9d34c92393d5e4b69f25 |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 1fd8c04be764559c4286f8c10b9e8fb5 |
| SHA1 | ba525722765b8fa4d30016b70f77434f2bc8cf6e |
| SHA256 | a861365b5e5db198a1855c24fb1bb31458b6093732c634855435b2a302572626 |
| SHA512 | 9283916b53def98987715eb4bd653c1b64a99bfa58947e8887317dcb60ed0bfa058bbfebf0d6af0df9a5696473e2c89dcddabe8b42e5a36db74dc99200f3a942 |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 3a39b596cfbd549c08e567c560b5860c |
| SHA1 | 99ea9e2fd3f50f076463ed68e380722a1b086198 |
| SHA256 | 901f8d4c13492a33786042e3851fd6ce81c1d5c004bf58308f0603a3afb1e60d |
| SHA512 | 4989fd8a0ba1ed1fee411419ec2760d0dbb0a5c4fedb18c7a87e572799fd0a992ae867919532969d61e66aace42782fe24becc9d3a80f8fa552d5117ce3cc3a8 |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 6632e11f675e2e0745b20846fc1c3e1f |
| SHA1 | e4c0f157bf24d8a8baeb9884e7657aabb605de5c |
| SHA256 | 0d0a91948bf4d069af14c582a25f86b1c0a72a1ab8b69092539530feeb98e6f9 |
| SHA512 | 43454d9cfe1026e4e18d8d95412c087b9a4741c4a466de6002dd4d2d8972e5facb8c94512105d97ae12ad6db242ac0c280701037fad625fbc7d2acc643aedd29 |
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 891958940168bf807c2dc8fbdd94b007 |
| SHA1 | 598b77e69e3704966ca0a92e38d81369fb9b31b1 |
| SHA256 | 43be700b435a60e1ecd43b42bb8764d413543556ce201dbae2414d32d0bcdb81 |
| SHA512 | 13b7d6d448fbd601bbe3f2aca4e8587e7233e5e243f340efaf2e1fbe65a0a35c66e9f0a74b5c7b76b90d9d1afd69986f8f32cadd33b93552e2f2990fc9198c30 |
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | b582ac4d6ef5f4f950a2565bfa64aa34 |
| SHA1 | 39a2d4acfed81479ae9728eb8e167b2927b43ed1 |
| SHA256 | e79586e7df46c9bbddbff602c57fde9bf96c19306ea5a235298cc6e5bf45fb85 |
| SHA512 | 4136071d458f5f1794556d5f07a40847d381b111ca98acdf34d11f37d9f12845e4041eb9e31f12e9e59b5498a4a67046e148148fdb98ad841519fd574fd515d3 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | aabe06550d6eadc0232f294fe749a60a |
| SHA1 | 46fe97862fbeea7d4a28a60b3bf771e52a0c8979 |
| SHA256 | 7e251e1c9affb7105c49823d7cdd08bbe2f9cf9da84e0d3b6667dd7004da5a9b |
| SHA512 | 7af92aa6d6559045dbcc5d649772819714da497952a3ca66b4ab1f52c04c29462c58bb5e1526bcbdc452e60d22c9c0a8e5db1eef1f1fc28836eabd46aa0f4007 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 2e4e0830395101eb87978c518883c8fd |
| SHA1 | 369342086d8e94642f4392d05c95c64ba1ecdb87 |
| SHA256 | 84394ef9b002c59ca1179fd3138d763ae460da3372451f4799f9747ba6da2384 |
| SHA512 | 3c9f5d021fd87a2c7dc8593978dd3b9c78642e0e9be61fd23dad4b0564b2b2d6558433f2167d8ce13fb4bbd8170fb79bef97f7fa26ddfd7dcdb24dae52e4aee8 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 077b716e306b30fce0b22697a989187e |
| SHA1 | 3168cb3f335c4f01c51e9d6b2fc482a110dfe468 |
| SHA256 | 0167b1cb8dbfe3267bcaa4917b0acde6a6d0cd286bd365aa4a59c1b5b0e727bd |
| SHA512 | 13911471b9bd27da92da2440cd16f98b40b660d24b6b5b3f7a87e1e95e07d9b90db6854f8a4965c3afc91da4fc2f2eb6a4cba7086fcb8438ff0fe66db7a94884 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | cda799ea512cb638dc3cd8a82e8d9375 |
| SHA1 | 7f730a94dbfdf534729f3ac83acdee9a333791f8 |
| SHA256 | dddd842b1fbd9800406afae30f72b511297536df0a9f4eacfd4dffad52219200 |
| SHA512 | a0fc48678f21b054b5337bb5a4f5fcc9a29fc1c1f424e3f03f4caa7add292c3ad977bb82a66dceeb2689ddb173d77222720fd988020352f0187e2aee042eeac4 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | cd14470026659a53a9f76d37a90fe77c |
| SHA1 | dc2fa42d42dcd9028d0f03d3d708e9c9cd3467a3 |
| SHA256 | 1de7c0a66558a1a494cc335c524bd4820cc15532d2c6578e01165b5672e694a1 |
| SHA512 | 0a70081e800b93d50997af8a2a38e0c6af70c9ac59e4c67b9dac6563076f83546c3236ca8463f7c93622ea40b51c4d5a394a163b5c2025cedc6e8fe29bfc2576 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | eaebfc00022713e1e3bb24cf4cc3b9d4 |
| SHA1 | 599f3ce3fddfe1f6807083b38a9d3cd117af71dd |
| SHA256 | 4ab2e6930670975cb05becf0fe2a0494a70a0bdb88c5f9173eeb3021bd82c1e6 |
| SHA512 | 22d2e062e5cec9e5f01964ee5b6a6d60e2086ae632c260a6edbcba9724486dadbafb847591e66ac5f126cade9ad46ebfbb1d2c91fc2efb0f24bb93c790358eba |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 2ae72391be0a74635c3bfbe06078b8b8 |
| SHA1 | 713293030ccb6032de3b831f80693eb9226d3b04 |
| SHA256 | 8e2b7d2273b73cabbbcbfaf3a631cfc3eebbe6903805c9bf89d0d5c932d45ed4 |
| SHA512 | df0d6f4d3872f47ffd6fe1fad40e16d2d0187c1a5f1eb135532b9959d149e248ba615bad82e5a765bef75f7bda71bb6931619001b29aa1b9b474a0d12dcebb07 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 81eff826c9dcd4eb2d463ede59d45be5 |
| SHA1 | 0e9f251f47ef1423a5dbe1ec7af3736010aade7c |
| SHA256 | c1d5df66f2d128a117211238e91053c27119511d756442162a5cf8cc42559b51 |
| SHA512 | b62fedcfbab9025f582aa59e271a5f8a72f3b3934480c55c6e6ebed729922e713bfaca8f326281a15f19d32002b1bfd4b2704ec28940aa474b2b6f1a41a7c0fd |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 924064bb7a59d5af2cbd94b5cc2505b7 |
| SHA1 | 672fd59bdc21babebeeb6b607c34e3a40960f388 |
| SHA256 | c8094ce952862434005b1264fb7852aeb87cd95b1744933b80897a860fcad124 |
| SHA512 | 08c999128628a6d00e2bed7c1ac04bc80788a89eeaccbe9a66e0fcd2403f25856a22a1c2a74232db7027ec87b2b4cf87ad68ec8f97f41dc0a74ae022b603da5b |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 38811c62b60ccfee67155a1c332bf3df |
| SHA1 | e3d6ed81e54a45b60525423ca447ae1ba59005e3 |
| SHA256 | c6aec16d8844d28ee3285fd33165825c6e7890d5889748a976d5b12d3b61465a |
| SHA512 | 0638a90d732ae3cd294a513535d9193fd6e9ec40b1d7262da241bbd5e66065e837d8976256dcb52352a042c45fa8a756e145865fb1b5ecd06d09ccb5924fd38d |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | e5779941f1fdeb1e108bcfc62709e3f2 |
| SHA1 | b7ab220c5eaebaa4c7dc496baee314e33486003e |
| SHA256 | 6759e2a271be098f656c5c910b26522c46b51ec9e72e1b46c467a86e2e8c4bf9 |
| SHA512 | ac62587edf99e43e8adc951719be4acd2abf7c69a60b4b9f622cb0375660384b85b3466ebad1b7e9340e0f96f46f75c3dd7260435ea62b67b1c28a2e7a7a6af2 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 1cd18e9ddd06706be79e356df8623d67 |
| SHA1 | 222972638076939914503a0c126ff7e181aecb7d |
| SHA256 | b18de8e701e35dcb653e560433307fca89fe600d5df9be26096c389e0db3f0ff |
| SHA512 | 837fb778a4802f349e64781f33ea6ca30bc20dcd49d860eb94701d1e5233f7a69caa4aab774e679c42fbfb9d18c444fb5d2bcfef43c7596b95499ce8e9cf4e02 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | d4ac96627b16c2380e3d88bc2bb56724 |
| SHA1 | fe8ac9fc3aa26da23bf43cb0f67fb7184a9be3c9 |
| SHA256 | e05f1b193fa41d88e51215f31fb9c4e43b7f7115246713e7da05955039ccd631 |
| SHA512 | 8480146c6334a8ae25c26a99d23c86ad4e432c3c6d6fb8ddd7fb99d3242fa4868af3ef09f9b14aed3caaafa9bbb2aa07a59eb7365310b42223a74e7cd79f4ec6 |
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 54b267c956983216dd495496952d12b6 |
| SHA1 | 4ebf0a839a700cc17e1c37584de608717125b0fc |
| SHA256 | 3e70082187e6b734db40917563fdf5dfb46c65567ff2827b1d3c25153e708899 |
| SHA512 | a36e62269b219370b3c3332f148bd17cd0a7c324aebf4dff2bab445c79c08b921667b43f52ac61c04ba28a1682784ef74c62a1a126cf6a08249d4d8243f0e1c1 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | e6f6c3393d4b63f1c72a35c6d7976ba1 |
| SHA1 | 3c2d19ad97196a2a9698d6fa16cc8b0453b6ff3b |
| SHA256 | 5c5abe17c5860d2d34ab4939081672529adb20b149f3a72f2d9ff42ec20c278d |
| SHA512 | 5c79bb67e054b4026d799e6599ca9642499fab812bbb99735322e21f66488bab70f3477ae17191cfc780786611c31aac07afaefb6066379e47891ca4fc6721ad |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 74bfeb5845e13d5265fc4fbbd91b652d |
| SHA1 | dd17c9939c2eec14a1bbf4fb8b8dadc7146f4726 |
| SHA256 | 5fe012253835c16eac5c4b6b5f47425fa2f9188814e2ef53abef059e11fe657e |
| SHA512 | 9d7cedc743f2d6f16e297c671d5a5c5b9f7bda33f854ac8bda70a001f303e5343acd0847c18e6a53ae9240ba72967c1d0ca99d672137b6d9eea20540ac22af5d |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 55ae75bd52c741bdd552340faec64471 |
| SHA1 | e6eb8f1c3a90ab4c751aa7c6e3591c589bb86dbf |
| SHA256 | 601e3a7ee64893e9991102459e9a1137486bdd8e588d8a2abeabeeb962739489 |
| SHA512 | c38e3540a77907aa1244dfe10083b499f9f638432729b69686e88ac0dd6760a78afb0cff4642def281fef2d2f56539cedad7e98c6fe9d592a56625fd1a6ba66c |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 0cbc2998978f1e16dffc39c3dcfef930 |
| SHA1 | 28fb5be158f7f7d862b3023a78ea96ebaf4dc3c7 |
| SHA256 | 7ebfe4227abc228dc0ec8e4f5cd3bf870d46e732ec101f35d998bdef0969e0da |
| SHA512 | 7eed3c5e9492d76f0f606462272915ea03d0f436a2e203df3cd7c571973441828e649e1a4bb26fbb1fb741e56649eaf96ec5d2ee31aedae8ed6e56e20120628d |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | fc9bf87e9821f5ca5879e6b21eab5aa2 |
| SHA1 | 638f4dfa785c79597f2900fd9c8f39f1c08bced3 |
| SHA256 | ccc7a0d7119c82c8aad0aa17e07af663e6fe5e7538bd7208e3fa8c228f8e2853 |
| SHA512 | d7ff3ec8c26b0a8decb6738e41bc698527d053e2d795f54dfb960578b47b5e9de385e5b17a0197e5bb03e89b72cd8f0efa5c760081b8df6cc1f43aad48fc2714 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 7a8162f6b3ff71f8a19c45420b9c16ee |
| SHA1 | 6ca2aa47e146a21633849803632de55f26cc2635 |
| SHA256 | a3dc0d3eb761a2efb0599cc7931cba3ca73f1c0a8bab961cb8d96232fe465c09 |
| SHA512 | 333ddce11e35cc2ddf35185be9c5d9a260fe0c3363af1cb8d4f5b97e6526f65ad65d17b7c5fb396e9b5745531ff99df315236cf7376261d19d593cb07e48e575 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.key-YEEISFLSETDV.0xcf41769d063c9
| MD5 | 53ba6bb7f11ee7c6fc1a4dafc6f58ecb |
| SHA1 | a83de1441c853f976ebcf5832555d7fdd46f6a63 |
| SHA256 | 3c78e48eef9c58f6a1a2cb9a96ff4fd347b22d4f5f6fecfd2e973c82ad4d9138 |
| SHA512 | 03717b9b1e7ac28045c5f8416c014369d80dc38532f7964c6fd31fe9bae24b933c7a822cb900ed29cc5e0e27e34d34e03fedb90c7f29d643d2a516ad05e08d6d |
memory/2396-6396-0x000000001B3B0000-0x000000001B692000-memory.dmp
memory/2396-6397-0x0000000000280000-0x0000000000288000-memory.dmp
C:\Users\Public\Del.cmd
| MD5 | ec6f5056a81f8cd0039405e8539aff7d |
| SHA1 | b141d0bc1c2a4aea92fb7cda27f084a357060ecf |
| SHA256 | 46d324eb3c936dfd8b446dbb637e4eb9d49f9c187d236905a4877947c09d76cd |
| SHA512 | 8ffa6bc23234180e574e17ff7a0beadbc37c7a4a52e00fb68eec6b63f21250488d109b5009d4ee267b75d093ff51a5ee29249aef7eaf67072dba866e2e2bc3f7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-12 12:44
Reported
2024-11-12 12:47
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
141s
Command Line
Signatures
Clears Windows event logs
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Credentials from Password Stores: Windows Credential Manager
Reads user/profile data of web browsers
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\nl-nl\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ReachFramework.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\adal.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.gpd.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\it-it\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_radio_selected_18.svg.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\LICENSE.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\es-es\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYHBD.TTC.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MTEXTRA.TTF.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pl-pl\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-localization-l1-2-0.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\download.svg.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\rt.jar.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGIB.TTF.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_delete_18.svg.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Windows Defender\uk-UA\MpAsDesc.dll.mui.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\adobe_logo.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.stats.json.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_checkbox_selected_18.svg.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\rhp_world_icon_2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Reader.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\adobe_sign_tag_retina.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\ne.txt.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_Full.aapp.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.Misc.v8.1.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.tree.dat.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\files_icons.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01 | C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe | N/A |
Browser Information Discovery
System Time Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{BAE3E62C-37D4-49AC-A6F1-0E485ECD6757}" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\de-DE\\MSTTSLocdeDE.dat" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\lsr1033.lxa" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_HW_en-US.dat" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{14E74C62-DC97-43B0-8F2F-581496A65D60}" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR de-DE Locale Handler" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "11.0.2013.1022" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech SW Voice Activation - German (Germany)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech HW Voice Activation - English (United States)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "C0A" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{A79020BC-1F7E-4D20-AC2A-51D73012DDD5}" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "You have selected %1 as the default voice." | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\es-ES-N\\r3082sr.lxa" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR it-IT Lts Lexicon" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\ = "0" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "1" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\de-DE\\VoiceActivation_HW_de-DE.dat" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Paul" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Hortense" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "È stata selezionata la voce predefinita %1." | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\NumberOfSubdomains = "0" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search\ = "0" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Female" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Julie - French (France)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "spell=NativeSupported; cardinal=GlobalSupported; ordinal=NativeSupported; date=GlobalSupported; time=GlobalSupported; telephone=NativeSupported; computer=NativeSupported; address=NativeSupported; currency=NativeSupported; message=NativeSupported; media=NativeSupported; url=NativeSupported; alphanumeric=NativeSupported" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\es-ES\\VoiceActivation_HW_es-ES.dat" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\it-IT-N\\r1040sr.lxa" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\ja-JP\\sidubm.table" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{0B3398EA-00F1-418b-AA31-6F2F9BE5809B}" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{06405088-BC01-4E08-B392-5303E75090C8}" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "409;9" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\r1033sr.lxa" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\fr-FR\\sidubm.table" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR de-DE Lookup Lexicon" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\tn1033.bin" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech Recognition Engine - fr-FR Embedded DNN v11.1" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Hortense - French (France)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "既定の音声として%1を選びました" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search\ = "0" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\M1033Mark" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Laura - Spanish (Spain)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\it-IT-N\\lsr1040.lxa" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "L1041" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Haruka - Japanese (Japan)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Ichiro" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\de-DE-N\\tn1031.bin" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\c1033.fe" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_en-US.dat.prev" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\es-ES\\M3082Pablo" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "MS-1036-110-WINMO-DNN" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Katja" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR en-US Lts Lexicon" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\AI041033" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR fr-FR Locale Handler" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\SR\\fr-FR-N\\AI041036" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe
"C:\Users\Admin\AppData\Local\Temp\XorEncrypt.exe"
C:\Windows\system32\cmd.exe
cmd /C "reg add HKEY_CLASSES_ROOT\.0xc5ffa1f0ccc01\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,47 /f"
C:\Windows\system32\reg.exe
reg add HKEY_CLASSES_ROOT\.0xc5ffa1f0ccc01\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,47 /f
C:\Windows\system32\cmd.exe
cmd /C "iisreset /stop"
C:\Windows\system32\cmd.exe
cmd /C "NET STOP IISADMIN"
C:\Windows\system32\net.exe
NET STOP IISADMIN
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 STOP IISADMIN
C:\Windows\system32\cmd.exe
cmd /C "net stop WAS"
C:\Windows\system32\net.exe
net stop WAS
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop WAS
C:\Windows\system32\cmd.exe
cmd /C "NET stop MSSQLSERVER"
C:\Windows\system32\net.exe
NET stop MSSQLSERVER
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop MSSQLSERVER
C:\Windows\system32\cmd.exe
cmd /C "NET stop \"SQL Server (MSSQLSERVER)\""
C:\Windows\system32\net.exe
NET stop \"SQL Server (MSSQLSERVER)\"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop \"SQL Server (MSSQLSERVER)\"
C:\Windows\system32\cmd.exe
cmd /C "net stop MSSQL$SQLEXPRESS"
C:\Windows\system32\net.exe
net stop MSSQL$SQLEXPRESS
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS
C:\Windows\system32\cmd.exe
cmd /C "net stop SQLSERVERAGENT"
C:\Windows\system32\net.exe
net stop SQLSERVERAGENT
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop SQLSERVERAGENT
C:\Windows\system32\cmd.exe
cmd /C "net stop mysql"
C:\Windows\system32\net.exe
net stop mysql
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop mysql
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlservr.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlservr.exe /T
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlceip.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlceip.exe /T
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlwriter.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlwriter.exe /T
C:\Windows\system32\cmd.exe
cmd /C "Del /S /F /Q %Windir%\Temp"
C:\Windows\system32\cmd.exe
cmd /C C:\Users\Public\Log.cmd
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" el
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl AMSI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl AirSpaceChannel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Application
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl EndpointMapper
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl FirstUXPerf-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "General Logging"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl HardwareEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl IHM_DebugChannel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS-GPIO/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS-I2C/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-GPIO2/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-GPIO2/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-I2C/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-I2C/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceMFT
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationFrameServer
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MedaFoundationVideoProc
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MedaFoundationVideoProcD3D
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationAsyncWrapper
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationContentProtection
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDS
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationMP4
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationMediaEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformanceCore
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationSrcPrefetch
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client-Streamingux/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-AppV-Client/Virtual Applications"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-SharedPerformance/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-OneCore-Setup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Admin/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Agent Driver/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Agent Driver/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Analytic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-IPC/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AAD/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AAD/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ASN1/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-All-User-Install-Agent/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AllJoyn/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AllJoyn/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/ApplicationTracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Internal
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Deployment"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Execution"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Diagnostics
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-State/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-State/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppSruProv
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeployment/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeployment/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Operational
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Restricted
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ApplicabilityEngine/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ApplicabilityEngine/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Steps-Recorder
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccess/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccess/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccessBroker/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccessBroker/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AsynchronousCausality/Causality
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/GlitchDetection
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/PlaybackManager
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUser-Client
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHPORT/HCI
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHPORT/L2CAP
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHUSB/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHUSB/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTaskInfrastructure/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Base-Filtering-Engine-Connections/Operational
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Battery/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-Driver-Performance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-BitLocker/BitLocker Management"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-BitLocker/BitLocker Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-Bthmini/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-Policy/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheMonitoring/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-CAPI2/Catalog Database Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ApartmentInitialize
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ApartmentUninitialize
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Call
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/CreateInstance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ExtensionCatalog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/FreeUnusedLibrary
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/RundownInstrumentation
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Activations
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/MessageProcessing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Cleanmgr/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CloudStore/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CloudStore/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Compat-Appraiser/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Compat-Appraiser/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-BindFlt/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-BindFlt/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcifs/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcifs/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcnfs/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcnfs/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreWindow/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreWindow/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crashdump/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-BCRYPT/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-CNG/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DSSEnh/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-NCrypt/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RSAEnh/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAL-Provider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAL-Provider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAMM/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DDisplay/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DDisplay/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DLNA-Namespace/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Data-Pdf/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DataIntegrityScan/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DataIntegrityScan/CrashRecovery
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Scrubbing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Defrag-Core/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DesktopActivityModerator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceAssociationService/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceConfidence/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceGuard/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceGuard/Verbose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUpdateAgent/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Devices-Background/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D9/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3DShaderCache/Default
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectComposition/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectManipulation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/ExternalAnalytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/InternalAnalytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Cli/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dot3MM/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DucUpdateAgent/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-API/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Dwm/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Redir/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Udwm/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl-Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Contention
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Power
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Application-Learning/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Audit-Regular/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Audit-TCB/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ESE/IODiagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ESE/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-RasChap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-RasTls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-Sim/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-Ttls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Energy-Estimation-Engine/EventLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Energy-Estimation-Engine/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FeatureConfiguration/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FeatureConfiguration/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Catalog/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Catalog/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-ConfigManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-ConfigManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/WHC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/BackupLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-EventListener/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-EventListener/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Service/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Service/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-UI-Events/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-UI-Events/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GPIO-ClassExtension/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GenericRoaming/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HelloForBusiness/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotspotAuth/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotspotAuth/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Log
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-NETVSC/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-VID-Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-VID-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IE-SmartScreen
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-Broker/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CandidateUI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CustomerFeedbackManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPAPI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPLMP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPPRED/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPSetting/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPTIP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-KRAPI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-KRTIP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-OEDCompiler/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TCCORE/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TCTIP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TIP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPNAT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPxlatCfg/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPxlatCfg/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IdCtrls/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IdCtrls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Input-HIDCLASS-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-InputSwitch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KdsSvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kerberos/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-AppCompat/General
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-AppCompat/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-IO/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-IoTrace/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-LiveDump/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-LiveDump/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Pdc/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Pep/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Configuration
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-XDV/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LimitsManagement/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LiveId/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LiveId/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSFTEDIT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/DMC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/DMR
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/MDE
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-Performance/SARStreamResource
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Minstore/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Minstore/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mprddm/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ncasvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NcdAutoSetup/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NcdAutoSetup/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NdisImPlatform/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ndu/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-Connection-Broker
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-DataUsage/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-Setup/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkBridge/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvisioning/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvisioning/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkSecurity/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkStatus/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-RealTimeCommunication/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/WHC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLE/Clipboard-Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-DUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-DUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OcpUpdateAgent/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneBackup/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OtpCredentialProvider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Partition/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Partition/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PerceptionRuntime/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PerceptionSensorDataService/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Certification
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PhotoAcq/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PlayToManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Policy/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Policy/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Power-Meter-Polling/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintBRM/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService-USBMon/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Privacy-Auditing/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ProcessStateManager/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Developer/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-InProc/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RRAS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RRAS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RadioManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RasAgileVpn/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RasAgileVpn/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReFS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Regsvr32/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-Rdbss/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-Rdbss/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResetEng-Trace/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RetailDemo/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RetailDemo/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Graphics/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Networking/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Web-Http/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-WebAPI/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime/CreateInstance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime/Error
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/HelperClassDiagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/ObjectStateDiagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Netmon
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Audit
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Connectivity
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Security
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBWitnessClient/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBWitnessClient/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SPB-ClassExtension/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SPB-HIDI2C/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Schannel-Events/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdbus/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdbus/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdstor/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SearchUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SearchUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecureAssessment/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Adminless/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityStore/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Mitigations/KernelMode
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Mitigations/UserMode
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Netlogon/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-GC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-UserConsentVerifier/Audit
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Vault/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SendTo/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sensors/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sensors/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Serial-ClassExtension-V2/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Serial-ClassExtension/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Servicing/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-Azure/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-Azure/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/VerboseDebug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupPlatform/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AppWizCpl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/AppDefaults
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/LogonTasksChannel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-LockScreenContent/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-OpenWith/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SleepStudy/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-Audit/Authentication
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-DeviceEnum/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartScreen/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Audit
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Connectivity
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Security
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spellchecking-Host/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SruMon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SrumTelemetry
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Restricted
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Health
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Tiering-IoHeat/Heat
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Tiering/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageManagement/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageManagement/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSettings/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-ManagementAgent/WHC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-SpaceManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Store/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storsvc/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/PfApLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysmon/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-System-Profile-HardwareId/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsHandlers/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TTS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinAPI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZSync/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZSync/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Maintenance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Tethering-Manager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Tethering-Station/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Threat-Intelligence/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Time-Service/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Troubleshooting-Recommended/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Troubleshooting-Recommended/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UI-Shell/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-MAUSBHOST-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-UCX-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB3-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBXHCI-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBXHCI-Trustlet-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UniversalTelemetryClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Usage/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Device Registration/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Device Registration/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserAccountControl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceInstall
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxInit/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VIRTDISK-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VPN-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VPN/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VerifyHardwareSecurity/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VerifyHardwareSecurity/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Volume/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeControl/Performance
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Public\Log.cmd
| MD5 | 6a2f870841e0126632f5b9bf0d000d6a |
| SHA1 | 51689e26641f0eb054cd90553a21a472a2e79148 |
| SHA256 | 4bcbb565ad2fd05a4fc458cd68254853cbcbf5749beffccb2b1e22b8a53ecb2f |
| SHA512 | de089c5d2dd691c64e38bdc82a2a5266e65cf8f9fc40e2d60ecded7a775922ae5100cc406f09346fbaf402fc1fe3074ca29ecd64119f7c490381aee72780bdb0 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_02vup1cs.m20.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/464-11-0x00000281ABE50000-0x00000281ABE72000-memory.dmp
memory/4560-31-0x0000018E4BB40000-0x0000018E4BB50000-memory.dmp
memory/4560-15-0x0000018E4BA40000-0x0000018E4BA50000-memory.dmp
memory/4560-50-0x0000018E53D30000-0x0000018E53D31000-memory.dmp
memory/4560-52-0x0000018E53E70000-0x0000018E53E71000-memory.dmp
memory/4560-54-0x0000018E53E70000-0x0000018E53E71000-memory.dmp
memory/4560-55-0x0000018E53E80000-0x0000018E53E81000-memory.dmp
memory/4560-56-0x0000018E53E80000-0x0000018E53E81000-memory.dmp
memory/4560-58-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-57-0x0000018E53E80000-0x0000018E53E81000-memory.dmp
memory/4560-59-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-60-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-61-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-62-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-63-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-65-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-64-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-67-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-66-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-68-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-70-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-72-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-73-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-71-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-69-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-74-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-75-0x0000018E53EA0000-0x0000018E53EA1000-memory.dmp
memory/4560-76-0x0000018E53EB0000-0x0000018E53EB1000-memory.dmp
memory/4560-78-0x0000018E53FC0000-0x0000018E53FC1000-memory.dmp
memory/4560-77-0x0000018E53EB0000-0x0000018E53EB1000-memory.dmp
memory/4560-79-0x0000018E53F10000-0x0000018E53F11000-memory.dmp
memory/4560-80-0x0000018E53F10000-0x0000018E53F11000-memory.dmp
memory/1400-83-0x000002047A7E0000-0x000002047A8E0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\2K46EIP1\microsoft.windows[1].xml
| MD5 | d4094342c1ec7c5fa8fce43f5bd74289 |
| SHA1 | 39c5e3b88e43dd663e336557aa83454a28f109c1 |
| SHA256 | 1ab9a0971256ad36d900e4a1107ff12792d73df3058f10009991dcfdebc7894b |
| SHA512 | def4f0b53d84b1785932abcbbd9dabaf950edaceeb89e367af6a2f9f589c2df02a064f2c371bb36ab409a5bad6fb05b5372394681a9a1ebffbd9a2b4cef77c6b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
| MD5 | 7b955a6f1689da49f8b3c1b2448b4f6f |
| SHA1 | 1db14280a6d1023c916f860fcfe1c23ac5f504e7 |
| SHA256 | 4f43f96785846d93a88fceb53d10959d9090dd6edd34c50d42971e21f81da9f7 |
| SHA512 | bf4ee701706aa982460e9cc2978d4e9803333ed3f1f776a1bfecbe2c36a204dbb28678fa3bf6b8c2a86b3e0cd3339037fdaa8ac0fc50c19f9f5dde75fa64a626 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133758890782403517.txt
| MD5 | acaef159923856ea5385473680463f1a |
| SHA1 | 8c961466b14c2070162ba4c62e1a6a7bc125adb6 |
| SHA256 | 43c06c4ece982a6d6257b4edb81f99761aaa6da3900bb1b3960a76796044d7c8 |
| SHA512 | 5a2ce71643926da5478125474593fb0a814025d4a09c29f96ca7735b4a7cc27d7e039d04831928ddb56b1bc820fbe36cf283c513a9c47e75050a2b1239ca3edf |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
| MD5 | c1098adee8c87ca90f4c906b7e6bc669 |
| SHA1 | f63a5456f52c4771cb0ea2aa5c1dfdfe9c712d57 |
| SHA256 | a0c2c4208dfa166b894caf9b2f82eb397d3917eb9dff1e269d95dbcb750dd84b |
| SHA512 | a4b36aa3441fc1ce35078fc470f87e228b8b7e5806ff31619f07e45da43095cd79ef578faf57a99352a53525550170a10cec58b4f74abbfdc5e2ed0156238c5a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{2F519BF2-C697-59F8-8F6A-1E19509CE66B}
| MD5 | 8aaad0f4eb7d3c65f81c6e6b496ba889 |
| SHA1 | 231237a501b9433c292991e4ec200b25c1589050 |
| SHA256 | 813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1 |
| SHA512 | 1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc
| MD5 | eab75a01498a0489b0c35e8b7d0036e5 |
| SHA1 | fd80fe2630e0443d1a1cef2bdb21257f3a162f86 |
| SHA256 | fdf01d2265452465fcbed01f1fdd994d8cbb41a40bbb1988166604c5450ead47 |
| SHA512 | 2ec6c4f34dcf00b6588b536f15e3fe4d98a0b663c8d2a2df06aa7cface88e072e2c2b1b9aaf4dc5a17b29023a85297f1a007ff60b5d6d0c65d1546bf0e12dd45 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
| MD5 | 77905bc2d6817bd87aa8c7d780e88091 |
| SHA1 | 95a8e1ec3e239f1d47ab381d76969408c77a92c1 |
| SHA256 | 993fa904b1fa428ff23df3f7bfee41025747acb95184f6fe0d67e92e59f9865e |
| SHA512 | 4214fb6cfb54cabccf6ed49cd3c05594835a90c9db752a791c5d698493bf5a718e694225e3e0a45e1bbe724a481cb9c4997c27a636adf6c3da3323f30bf13979 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{ef3ef15b-7e43-4463-856b-4e550e1f40ec}\appssynonyms.txt
| MD5 | 06a69ad411292eca66697dc17898e653 |
| SHA1 | fbdcfa0e1761ddcc43a0fb280bbcd2743ba8820d |
| SHA256 | 2aa90f795a65f0e636154def7d84094af2e9a5f71b1b73f168a6ea23e74476d1 |
| SHA512 | ceb4b102309dffb65804e3a0d54b8627fd88920f555b334c3eac56b13eeb5075222d794c3cdbc3cda8bf1658325fdecf6495334e2c89b5133c9a967ec0d15693 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{ef3ef15b-7e43-4463-856b-4e550e1f40ec}\appsglobals.txt
| MD5 | 931b27b3ec2c5e9f29439fba87ec0dc9 |
| SHA1 | dd5e78f004c55bbebcd1d66786efc5ca4575c9b4 |
| SHA256 | 541dfa71a3728424420f082023346365cca013af03629fd243b11d8762e3403e |
| SHA512 | 4ba517f09d9ad15efd3db5a79747e42db53885d3af7ccc425d52c711a72e15d24648f8a38bc7e001b3b4cc2180996c6cac3949771aa1c278ca3eb7542eae23fd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{ef3ef15b-7e43-4463-856b-4e550e1f40ec}\apps.schema
| MD5 | 1659677c45c49a78f33551da43494005 |
| SHA1 | ae588ef3c9ea7839be032ab4323e04bc260d9387 |
| SHA256 | 5af0fc2a0b5ccecdc04e54b3c60f28e3ff5c7d4e1809c6d7c8469f0567c090bb |
| SHA512 | 740a1b6fd80508f29f0f080a8daddec802aabed467d8c5394468b0cf79d7628c1cb5b93cf69ed785999e8d4e2b0f86776b428d4fa0d1afcdf3cbf305615e5030 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{ef3ef15b-7e43-4463-856b-4e550e1f40ec}\appsconversions.txt
| MD5 | 2bef0e21ceb249ffb5f123c1e5bd0292 |
| SHA1 | 86877a464a0739114e45242b9d427e368ebcc02c |
| SHA256 | 8b9fae5ea9dd21c2313022e151788b276d995c8b9115ee46832b804a914e6307 |
| SHA512 | f5b49f08b44a23f81198b6716195b868e76b2a23a388449356b73f8261107733f05baa027f8cdb8e469086a9869f4a64983c76da0dc978beb4ec1cb257532c6b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{91fae7da-18a1-43c8-aea8-6f40e8e2bc13}\0.0.filtertrie.intermediate.txt
| MD5 | f66204ddc2e55a4ba416e9768bd5aeaa |
| SHA1 | 0ebb17602b92ee42cfe273619c17c043402cc5dd |
| SHA256 | 232204c0488a893d3f9e8efdfbe01e2fc85561f8776449c804226717c394c631 |
| SHA512 | 89df48f41251e2d0f4e6d0aa27a5edaa83b8d2316e9ef6249ac81c176f240106174620a1a70085e88dff6141319f2cff404f2f493d2240ad90e95bd812c9ede6 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{91fae7da-18a1-43c8-aea8-6f40e8e2bc13}\0.1.filtertrie.intermediate.txt
| MD5 | 34bd1dfb9f72cf4f86e6df6da0a9e49a |
| SHA1 | 5f96d66f33c81c0b10df2128d3860e3cb7e89563 |
| SHA256 | 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c |
| SHA512 | e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{91fae7da-18a1-43c8-aea8-6f40e8e2bc13}\0.2.filtertrie.intermediate.txt
| MD5 | c204e9faaf8565ad333828beff2d786e |
| SHA1 | 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1 |
| SHA256 | d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f |
| SHA512 | e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{ef3ef15b-7e43-4463-856b-4e550e1f40ec}\apps.csg
| MD5 | 5475132f1c603298967f332dc9ffb864 |
| SHA1 | 4749174f29f34c7d75979c25f31d79774a49ea46 |
| SHA256 | 0b0af873ef116a51fc2a2329dc9102817ce923f32a989c7a6846b4329abd62cd |
| SHA512 | 54433a284a6b7185c5f2131928b636d6850babebc09acc5ee6a747832f9e37945a60a7192f857a2f6b4dd20433ca38f24b8e438ba1424cc5c73f0aa2d8c946ff |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{91fae7da-18a1-43c8-aea8-6f40e8e2bc13}\Apps.index
| MD5 | b2cef728978026d476329fa104dd233f |
| SHA1 | 9b7bef0b534d8e617dea0720c6c924278f14e684 |
| SHA256 | 60ae00e7bc8fbae18202e651929861d8860a4b6cb6ff7ae782e120468eb7be32 |
| SHA512 | 33c0dc6afebd4a4a5af2480af84eb589d5776eaf12c2ba5ab4fd3a7d54e35df4cb6abfe06e6c5a370fecdaa9f45f57f6980f7f36088ceacff03a4db61d79013e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{91fae7da-18a1-43c8-aea8-6f40e8e2bc13}\Apps.ft
| MD5 | 21de42414cc2933affe1828f1ed2a29d |
| SHA1 | 1e12e4c389cfc585798e6098eb1fc1dae7f06afa |
| SHA256 | 0f10432bb37db721342c227cab39b2309b007c8a1cb7eff2b9b76568e2c69c92 |
| SHA512 | 1e2607e4fa237e88858e9733ad7adfb2d2fe0f861611f5a2d9e04b8cbee83c68b1ccc30d6a0740a5c64ed55fe62786c489dfc38d8396cfbde56c46b34bc6cec4 |
C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 8a2f24238337814192af1f6f222ee2b8 |
| SHA1 | f77989f6b9ce7b33753dab6f20f2e94412ea2d65 |
| SHA256 | 0f8e6be247da2a107f90f72d40187534d5cacaf7a6d87def82377dc9681969ea |
| SHA512 | a95eec21afb27ffb5b5f29163e377b2f8f7a0e02044f19dad2e6f663e90b46c7cc86b4501d3392d947d38215cc249f051f30361f0295634b74a14fff2562203e |
C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | bb66788cf28ea103512fb4b5d5e9f58a |
| SHA1 | 7dc3372408736f1ecf4d459bfc5ff2893ecbb036 |
| SHA256 | dc7047cbfd3e106215f09a7f72ad5c9146084afbe9aa77448bdd7dec5b5028e9 |
| SHA512 | fe78b2052f83e3a4225f62d9d39afb54dcf332f357c076565a2dbd1d7a3f8bc052d7e0201fb03ee8ab171e490d6a4d18984f6024a094c3bc75c25a6b64e53053 |
C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | f10e5963ec1f7ca97152b1708ede5a61 |
| SHA1 | a61f94a2b285337e8d8a8a9c138598d24956ec45 |
| SHA256 | cd849d862b6fae851f2d3e38657630aa194cc11fe72f00be4379d3c4243606b0 |
| SHA512 | 46645ecfc4dc7eeabc485acac6d0fc776c59d3769c714283f566eb9be6a67dbb2c409cea5b65001b7a125331066697c485c6d30df553810e2d19923da876d9bd |
C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | f5c4ae0449edcf9ad8d0c34db2bce1a2 |
| SHA1 | ed9d8fbe771aed233c5cc72241445e947e5a729f |
| SHA256 | ee5e0753ad1e243c39a9f41ee0ee2e3cac98ac6c88f6af0322885efed7647561 |
| SHA512 | 75719f869d085428bf7b8b7aa48de9f48d9bd27c8cd54c4aa69449e63789763835e0fb4028fb53c69e7e348e1de3ab75c407b5ecf46e588aa00cc73c739073de |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | d6e360efe4605f8b917db9a63f7bb3d5 |
| SHA1 | 975a72a6b595447afe76d54d3f91642d76ae6965 |
| SHA256 | a489a015c62c3e38cc061aedaa8ea00926dcb9dc4fe90364137d32059ab219b3 |
| SHA512 | 5c05e2632f4835c96a200458de93d451e23f44503d7890a74f16eb112da5a6e4cdff0b8c2e17f9b07f0f4d1dcc026cae1c79a10e5bd9a8057b1bc71c43efd7ac |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | c6c933e2b547a1c42bc13245d2267abb |
| SHA1 | 476707fd451a4a3db4e3e588bba508eb35cdeac1 |
| SHA256 | 885a33e8976b37641f478d0f4b61f118f8c49013bcd332c5fd7e45196e2603fc |
| SHA512 | c51dec891b75501def0c4953b86aa8b76d82430e56cfcb0b281578cc8e4d6cb068f7f729ddbbae4efe08532afe15c318548503ef1a0a2b52f90e15c2a21cd1f7 |
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 4ed64eb7a9a4ee0dd3218a532128e63a |
| SHA1 | 5e4cef070f6f2f463f54a2f5a6afa65ade15ef95 |
| SHA256 | a363c89d46b85a62d9c3b2cea91cafcf24fc978c3da7ba6c47df1b15a8c9f0c8 |
| SHA512 | e45454bdb56418f7a727e673358f11c850e013938ab978430cb3f8097034c79201fae5a78ddbf6d32d0542e5af70bf39b117152847c841c326d343e33983ac8b |
C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 8695bce8703f8e372799b4f145a19348 |
| SHA1 | b46f196a65ccf477347749f2bd7d67df23dd79b9 |
| SHA256 | daa457f01354ea108867b2b8232073f921080ac76fe33d2914b3a814a25c8d71 |
| SHA512 | cf501777bb3e71f069033120de940e7803062e94041a7ff5526ada23bad543b7c5d5f990d632796009a978c57c0922c326a05d02bca62500cb8b57f4b972852f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 4dd495be28e1c2854b4edcf0df87fe4e |
| SHA1 | c7bb88904dbda71cb310d2a84c7a7ecf743e2bd8 |
| SHA256 | 9434abbca5697d7adf73720768446ee571f90609c8fbf2fb3c5abde47682ba53 |
| SHA512 | e5e9cd6d314999b9205d3188ecb08245ecfd955ff90e7f11c4b6ba6799c4ec2d99c453c3a91f80fab9255c50c6a8338f14bbd5a7500053f2f778f79d30a743db |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 25f7c9a769c5b13bda3ce67204f04eaf |
| SHA1 | e84328a08a897d8609bd7bbcdc91c14dbf007539 |
| SHA256 | b543d287b3a4ff0d89b01bdecf3bc2ca6e34142bd0b6ca3008d246d78f8d2b3b |
| SHA512 | 798cf1b051e88003ba83e6765a69dc02f781edd34c1287651777e80e50b717ddc545105fad857186d8b0bebf07f81571ee710a1749bee8767732a35c000e346b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 46f3f315e3b4531fee62724e81c9d1a0 |
| SHA1 | d56298c8b6327be8f6052a6291e8d65cbf025633 |
| SHA256 | 364d57fd363719b6713347b41e82ff9ac163ef4c234e93c23f8a224a6a91d243 |
| SHA512 | b860ff69719404f1a1b728396b59d405a31febae5d56fbbf3d68dc40eddb67950b8c0dec9fee9bcf9cfe686e2e9ea47bdbe6688d43173cce39ff624c4641ebf2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | db065acdbfc2cd041463b32c081a0e1e |
| SHA1 | 57a21225a915a08989166e8ddbf4d72bf81ab056 |
| SHA256 | 4c784e972f2cd052196406ef605c215541165bdfaf69e35b7feb5364809f9619 |
| SHA512 | 55c1e398c1395712ad8deaa91f687940c0207e457b9f34587634d996a3325e3ee765aaf7e2b0845a0e0d4d8aa6241be49a73bf98e95aa9c1b03ec07f8c42d286 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | e2be4094a94877be8c2a94c7cc145c03 |
| SHA1 | d25135cb1b9a57940b6308d2e96661205a23090a |
| SHA256 | 5393ad387b8b676af4a4fc80c32be94d2dd941f231313bdc837c68d69eabf3c3 |
| SHA512 | bbea15320a01fc65dd927a15bfacb9b1dd991c15ab864b4291a73eaa3d13df9e1fcdee2ace0e8a239eeb6814af2ce06cade095c4646d5489ac9b2df5c72391a1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | ab6a7551f660c977fdf4e8c92507ae93 |
| SHA1 | 818da62e71b87641e912e33d6e012d7931aa903e |
| SHA256 | da21edd65ea398431edc1a0a433cdf4be2f84a5bfd2d1d007d98f355d6c1486a |
| SHA512 | 772eeefa1e314ffc9fa4a9643853e7fb0c30475ba1802856a1085e0690d3f53389ceac05fc6e217a0fe0aa24075aaafaa5fbf6be07aa92fbda13c235ff0beb79 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 6188c40603d989c0b55a44204500eed9 |
| SHA1 | ab7f6d982fa63fb3ef43905a561a64f10d416e28 |
| SHA256 | 058ab1c68afabce7939d82245ee2dbad42aa337a178495d4823d90ca7be99b9a |
| SHA512 | bcedc40db7d95be24d1c1ef87b756b7960810dd7b0a0e0ef2dfa755f03e7f9b010ac5fd5b8840b4ac8b9dd8fd68e67bbd2e65a1f3fc2070b8d72ddce63c7d8a5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 0acc50727a8b8a84ba16fc89371915c5 |
| SHA1 | d317f81a1837ce6d56dfdaa326896f22fda67886 |
| SHA256 | 7bb5609fd14b729802c9b818865b6d27dc57b6d224b9c239060b4be3fe7ff732 |
| SHA512 | 8880f88085ef0cb4f60f00e38d429605daa585e0d8f89e23c0b2bb0b96357858e8cc150512d7627ad568a6bcd7b43910e7e96482f4316005dd6c60dcee179b0c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 850fcd19b5795e1a1d919e12a1fc109f |
| SHA1 | 1270c4a2be96453469008d4bfe0e4f1dc4fd04f8 |
| SHA256 | 7f6ca98bce792683d3ee2dca9f2107da0c8f8253e4cec9923af27212b7c30d0c |
| SHA512 | 79642009582ebe7edfc7411a3dc99242903848320a51c037d4e138fc733677d25977487b8c65d5d2a4c543ffed0a689072816a021be22d103a3bad26bfeeb472 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 486d6b1f4372f5e1f171c922f26d5e4b |
| SHA1 | 996deb66670460b56eb9a5841dd6a080b625fcfa |
| SHA256 | b5f586d28d733379d1f5a965fe99c3136784dbd1fef5e28b7af5b24997048378 |
| SHA512 | be3f8cf4bc8cb569e4fc307dc92db597111631b021be8034f01e04c24d582ba0facd20abcbbac4bd3f14ed9303d7424fc729312633d3f7423f7e509238573899 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 68c0a7b2efcc460bf29ac811acc6de36 |
| SHA1 | 4e4875f2f32fbc8f384ad1bcfe68007cf9a1fe88 |
| SHA256 | 605ae922d33eb262f5769a0001d22729858dc085b95e098c469697fcffb8dccb |
| SHA512 | 1892fd8c6b366f06401900d4c8fd9bf8b6edf53462894da61e1f5b80deaedd591e4b83a2ae1fccdc62f5852caab7d12dc71535fa9836b73c05f2fd534fd0487b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | d2a9c49c795020d8f734b3e378456107 |
| SHA1 | 08cc1548c517b2ae889e613e2f3b3a570ffd1114 |
| SHA256 | 0ba3b42ad5fb6ca129faefa087b3a30265fa7766bedc08a87c6954ff0c3166c8 |
| SHA512 | 516b216dc31c72ebf0297f0f244937ed414e05b54de78640f0a8a0be638de2adaa302d99bf37aa5bc9dd44e20e01eea269c10756523b3af4ec1b71c2fe46f0bb |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 65f80bb467c7ad1cf8b145beb561ab95 |
| SHA1 | 4eaa89dc056f1e9889f7c679a0f0563b75caddcf |
| SHA256 | 36c430adf5a8e6a931b1221fe4dd3e6f6b205017165dba879e3fbdea07091754 |
| SHA512 | 18d847db71b0178f48472803d21e4a656a1b6a3e3da5ed74caece5341ec8aec10a5c20a04de17d17d963d63dba462c5f8eb87a9f0d2a8dcbf01cdae389d101e6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 29f78f2f9031f9173501a32e861c54bc |
| SHA1 | 45ce5043ce54f489bd2352b242e316f1b6fe329b |
| SHA256 | 7a59647952e5519589c9506d1a6fe671bb246558009e2666ee34af7f0a8eff43 |
| SHA512 | 526b2bf46165f840efe5c5f56ff87c7c856bb5e52323d87eac49c738ad0038ed54b8f49fd7c5d915854b19197b0ac697cf95b21b06ec7f475d8b7ee23499e457 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 5d9c4da05ed65bfe06d816f5a721e2be |
| SHA1 | b5c599ed90b9a8ecdb86fd7e457c07bb56da78d3 |
| SHA256 | d0d7dc2434880c916ab1042420453a6990efb2e0515d9d5462306c082cc7a0ce |
| SHA512 | d1714c90ee039919627e77f63302b9a3b0a9b5491487f03e0bfb26e7e94d672ffd84e4eedebf72ef8571bc06a09234785ad6d9316008f9ae218e64651d707d59 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 30140eca45f8f9eaab9db748dffd7ce3 |
| SHA1 | 21b4062b851a40687e9faa5d70e9c1220d36eece |
| SHA256 | 580250d9652c9176d5d6e8c83cff5bef76bca57e24a456a8d416a38bf3dfc9e3 |
| SHA512 | 8363f39a2c794ad56486850e3f25dd78977e5d851da0f6ffdf95c44344b91e36f721886ef09ff7c359ea73113baf413945dc5270456b30b28ae0ee37c2a457c0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | f6aeaae05d2f7a9b5f2943156469cd13 |
| SHA1 | eabb3bcd04cf5700cb27668669829c7dec71b60f |
| SHA256 | 8bd33b17fa41cee943a1a335af3a42fd678533d05129270bf436005eb20b862b |
| SHA512 | ea34f01f90ac683f505911e509470362d7630272fcf255fc6df240a139d05abfaef7ce71345bc12aa5705782c12f5229222684c405ceec79c1b4d486acb82a34 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | d02e8df5eb5b242a40983d453bfde597 |
| SHA1 | f625caa6aa58492ade0341bbcd48ab2ac246ff51 |
| SHA256 | cac1f14aa971251a30eafc9871eb9ba8a94924823c02f4038a8818059a4e4c42 |
| SHA512 | b6e36c79dffc472eb43344d710a1b6072a6fd384202ebaf2388e1f9ccd37fd91fee5c07a3faed880c59438d3a372e31ddd42f2c99fd4a243a841278e60bf7ed4 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 0e32e77e5ef1f3a3116a253b6c8e8282 |
| SHA1 | da9a1556c8bdb97dfda7c35112075efd98b63bbf |
| SHA256 | b679ab0eb6f9ef0315d4d2225ef14cc344d7e13f8a9355b0547dc694d861a00e |
| SHA512 | b498ce6793f4f4e418460198ba9f41e9c5f7a265b89707839540b8f7ba0be69e12494c8ccdaad85922d2fa117088ecdbf327c45591e46346d14bbf9ba2f3a171 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 2105ea29c81aa7822082d7ed83f9fc6d |
| SHA1 | 1678a1662f97f0112b5675207abd079a502b3ab6 |
| SHA256 | c190673aab34f8908821fed8910e0348dfa40f6c1bcafe6f547baea3dda2f1a8 |
| SHA512 | 07308ddfb9cdafa6f0602b3c8a851ef50ab0616d8e15948ce57f3a9b172d364f0a70665d45f2a29f6618dad5f79146026da103e8efb691acfc5a40b7ac229522 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 832427448c321f4c7a43531dc5f11216 |
| SHA1 | 39d641d874b2caed09da869e426482d41f137eb6 |
| SHA256 | 4fdea97a26cb25a49c99f7f1d0e7bd7df4a77205b2ea6e8bc78e74c164933520 |
| SHA512 | de0920486e587784977b2a336d9249fc4e1d7d269208afc5afb7374435a095f6e72103ec76892a31639e93dbe8f67e0c9a667715c094e918dc8473e1398dbd6c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 4e0434993515f634578b89a9dc1ba54c |
| SHA1 | da348e46447d7f973f20328a1d91a7bf90578079 |
| SHA256 | 14e2059e378ef1b58e0bdc15f33fa75b609c3d5be2cce56536240c6a20ad4c3b |
| SHA512 | 87f57722cecd79b72a2c1253a446a4523348501e5ae2f8bc604211f91954e55dc232d912602fb4488cc72408847ebdbc574847327e4d55496d115a653d65181d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 37b3e0bc3cbaa1bb400d300246f359e3 |
| SHA1 | afdcfe6d98fc2a8898024e3b85a31c557e2f03bc |
| SHA256 | a2005a28ed5652dbc103b4a56904a9cad27e4861b207b3886a5e03e32c192c07 |
| SHA512 | 2c3399c4597fb6c8c8aecdae0a21b7c4b69ec84e045fa18a485b6f8832fc9ae8f2e81489343b7a9afd8d3ec996633df06849f2456c5defe4d6f3a0d91539cbc3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 89a7c31037999e6e3ff910ad65f533dc |
| SHA1 | cabeb4713304bc4b78aafa5af1fa3664753d29ec |
| SHA256 | f1a5d8079057925ce61676a2d00ed699627c5f0f4b853f2eba88aec890226554 |
| SHA512 | bb236487b85dac378c3a66f92ef5316a95a33f82f96f86ad04d1706373ea5b7a58957ba0dd70e0b21c85fffbcb00c6afeddefcbb3b1e0bc4871a0926dcf080cf |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | b609f33d21b254018df37322df8c418d |
| SHA1 | 3609a9bde9d8327f1c97732fab7963d07f09cde1 |
| SHA256 | e93fed3c67b397fad72e4754b749bf88593f1d64217550fb959b8a8ed383eeca |
| SHA512 | e1ffb2fe3095e53c51430cf28ccab0f62b9119e5e96eadc3da039b70878a67c96f45acbd3c8326bb682526e5ebc75f152fc31938c2931d5736656f8d8d306078 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | a058ba0aec8d43d88f7aa8e5750db006 |
| SHA1 | f7dab2af6df60a1c6d48d4289e7e398d2182840f |
| SHA256 | 4557b67eafeb233ef8d9c72d1175c20805e1b51f8569958b6e178d6b49bfcbc3 |
| SHA512 | 5665ace355b8ca241715db8b2a98b3f964f96971618758bb47eee1dddf62a2949af1025a9f2d7263d92334cd182398b6e1cf09472bef5495346dd71253dc457e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | d8a327715e40daa454fe9c492c4136e6 |
| SHA1 | c9cad077c0bcf121e0ab198ab2259b19e9bc78f8 |
| SHA256 | 28abff49112c57c3a926afbe92a2cd56fd59dfbf1038f3a195a849f43c0643f7 |
| SHA512 | 469209557a2560ea3e7c05896d6e3c1b30e98b17a83140fdaf1d5fc75a3a316eb9671cdc6b6d1758a3825887ac21a5c988a5d1210f2860d1d74f5a963e935049 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | ae56df40e10a2ea735fde1d066bcda4c |
| SHA1 | 909bf726455de89818551f68def3a984d7f0b89f |
| SHA256 | 773e3e06b94fa43d3c1def9d6d8717915bc54513c621bd8c76acffce74285b09 |
| SHA512 | 1dc2bb177c5b033bdf6f0c154d4b369de6d3f995b3737f9eed525b7d27618e2f7d025af177f44f58d2ede83aa87702e328823a7ad977c0999fa7fc0bed7d9d1e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 45da21e11daff6f2140c806cb5fa642f |
| SHA1 | 70d6fd1818f1548905c0771c875644e89bc1895a |
| SHA256 | 5427c28d3297608d4e749fc25d68585dfc6760922ff51cacef319801cf290ed0 |
| SHA512 | 8f7b3a62a744280be6ed4363d7d74cd774bc925b8d89b46d171ab045ca11b7f6af85fbf2eb8e22c3c61dd39d93f2036f27ba0275e7f81dd053c9b89b6b99f039 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | fe979472aca8923ece3fb26fd886e7ac |
| SHA1 | 178b4507c1a30cfaac455d55c1bd7bf973436b13 |
| SHA256 | 96c8647b8329b3a84450ebe108aa877ae6252e8948300c52adfac081a97cbc7d |
| SHA512 | 71a53dfc8922909618c70ef6f9500bb352a0b5d53a8cbc120f6a27cf1af2b014eb1fa45a9408227d9457fda2ef7466809674fa27e63eda7f18b6e12c4b3c65f5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | a8a8f767d48fe805931f5e87bfd8ea8b |
| SHA1 | 4d5101fc283036cc58757719b51a7479ff23a856 |
| SHA256 | ea98ff96d88084620cc2bdd0c97fd78c00ec7adcd8f052f13b5ecb2b0cb8d46c |
| SHA512 | e0995d771dfaa0535d3d41daaf0361bad8ab42373b79c244fb5ae0dfe5ae4dce3923879cb0355a3c4706ef6cdef81a06c040a6508ad11d10af8f5fe1a58af8ea |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | b0cbb97d6c8d07338436f8a1ac7fec0c |
| SHA1 | cdd2579259781ef821d7f623867afb16214f7318 |
| SHA256 | ef312e65f3796dd05546a239dac48e0ec6fc870ec6be8b63db45f9b7060b3206 |
| SHA512 | d445b731e07a9f1eeda57ad30c79fd6dc70ae74b5e5db4a84ff79cf4936102e02fe34c14dad592b651f7b577f93a6dc2ef8dd5cfa81ae04bd4d24e79fa09be92 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | c680f02ede52b43b24f605b8002be2c5 |
| SHA1 | e4984926042ed1c13223faa8730959fcf933d440 |
| SHA256 | f09de78935774600df279c9796f4b960d82d17bf735a23e6eb8378ab3eb03f37 |
| SHA512 | afe13b981f209c6f01aeafc3cec50cd26799fdb0bc6a651f7aeae710dba2435e924a784ffd589ec324faa31403e1ebadec11760d792a3efa72ec1e1b3bdf11c7 |
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jcp
| MD5 | 536267d79e691202b8e21ee9791e763f |
| SHA1 | c901d6a13e59636d387bbfc539618201a8794462 |
| SHA256 | 8ee57520362a363347b87c8f90b2c15317b0d66d754f1ce5c936d7c974409a0b |
| SHA512 | 220289000852b6ee1e6a12359fb508b805b653a4b49eb7b38f65cfcd67bfc64f42a9f4a336676f79ef3938d0fa46b4a930c00efa63bd3c7a9349bf254f85d132 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | b542bd8a32623d5cf1c907db568d46a8 |
| SHA1 | 49fe96f250aa5f2696a91daf18801418983095e9 |
| SHA256 | 638ddab398a968ff6098f7ec7b84fb5c6c338b5142185656f987c8b7b7d21146 |
| SHA512 | 3a7942e6fb9f9d12856bb0cf4356ca948d5fc3aa41a2d7e94859889f5654fb6fc01194b010b375f3d6f8a1ef6a1e91b6f03cddf7baea26c3f609b0dad069af81 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | a6c0790566c6146722b3d0616e11ccca |
| SHA1 | 3cfb8c483e1b9df50accef771d6331d7c78ca6cc |
| SHA256 | 87da7b10724d337eca9f416c7975f5f8cacfce9f40ff4c7ac6ded5f35e8e26db |
| SHA512 | 1b5efa020a1e607f5a6873f2debd2253d790ce805fec973560ca9e3d29ef9cb3babe3dbc9e012905bb8d664221945b9f496f51f106dba82d1aeb8c1e2b21c1ac |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\95d9a2a97a42f02325559b453ba7f8fe839baa18.tbres
| MD5 | 2aa77ae0bcec24142f0f3505852b222a |
| SHA1 | c818f5471b82ee641425834e12cf3ed1e13a10ec |
| SHA256 | a2d8228b02d454a77ad8058ddfa56602e1e95b881dc71bc7dd9dd3bf94476ee7 |
| SHA512 | 76b711b7eadc304b90ddac1dc60b4316e5079f22be026eba940fd5acb363655c74f462822a42877b4ac6574d00a9974b75d33bbe9a36239db234c01fe805756a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\308046B0AF4A39CB
| MD5 | 0191a80f1e300a5a7af5d6784231dd9d |
| SHA1 | 70753f21c7c81dccc1b63f59c559e50ac303de68 |
| SHA256 | a01b9af0190fcb8f7d8d0756fe99264d7206e1f4698919ffd634c4297d0843ec |
| SHA512 | 430e42a2d96aa4f4c84a3b61680b4b64854df9b0cccb50b7389fef68399d561030fab78f269b829e744d1b1e32df09cf7c974eea10e4f4b9b3a43b49f5814602 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\308046B0AF4A39CB;PrivateBrowsingAUMID
| MD5 | a86b5d0d4a6ecaedaee39c49dc80a3c1 |
| SHA1 | 0c686e5164d49dc1fe4cf3c990d21c047cf0829e |
| SHA256 | a8dc9ea66e36e8aa0a9620a12228bc62ba39cf632862f67ec825b7594cdb2757 |
| SHA512 | a75e786237d02d1ce666a6ef98e66db53ce696f3481ba01f6f311709ae42c299503d5b6c2cfed95c55310d0639f11038f7b0ecfb6d54bfc59045233006c15ed4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome
| MD5 | 3f0b6f9c120427797ec49194b7b2684d |
| SHA1 | 94b42d47c67f254aed67e13e0fcc3b1dc22763b9 |
| SHA256 | c47300de08378a4ab89911e77d5ba068651f04717e85a8d9304be5d9914facae |
| SHA512 | 7779115cd1f87e150de121b5af4fccf6ad8acd37443e67649078a53f1cf512a52a737caa2d81d5bd41a20d392f0151de202c609f97328cf748cab2f83875bc23 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\MSEdge
| MD5 | 5998c2059f49770bd20c81c12805b08f |
| SHA1 | c85963f4c05b4ea9a18cdf054abde21385320ebe |
| SHA256 | c325f613d9e1f9e9df1d0bd7db8a3c59f7884d91bd4fa2078cf0509969c8d918 |
| SHA512 | 814f3a603bedbab272e942040390b285e559662cd94a52a91003ffaa2f5b7d6e4d224e37da9bb755484c659fda9f6c59c0c84fe10892d7df207185598219067a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{30BD9A02-CB9A-93FD-A859-09C8803F2346}
| MD5 | 8ab0ccfe101f2a223bf9fc11f910ec64 |
| SHA1 | 86a7cf51b399bb786896fb77f59ee8b4844f5afe |
| SHA256 | 8cc15be591c4f70f964d3554be30283f925747d09eb71692bf40b8125e2bb68a |
| SHA512 | b862068ea8bdb828186c2bc693b1e99d622a48a82eea13886090c44e17d132ad1a96bae4a96214d9a8abeb22f7c85f4ef25a000cc1bf977fd43e67bf1064a61e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8AA47365-B2B3-1961-69EB-F866E376B12F}
| MD5 | 9f1ff11e31c55a87372e85612ca3c290 |
| SHA1 | c94dc58d7e8f070d3eeff5bc8ecb3a2d7008323d |
| SHA256 | 0c650065d284a6a0f6a17ce2250214b40219b7082e940689a2cd2948162fd893 |
| SHA512 | dd490e167b4455aace73dda6d9ec6b90aee5e5994701c249a44d316b17c3f8a8f5e776e9ecb6d751dfbed8e74743a3f13d95edbbf3b09998e148bfcba1ef721f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{923DD477-5846-686B-A659-0FCCD73851A8}
| MD5 | 0705d6835877cf0e3c45fc7427647c75 |
| SHA1 | b03330cd06f821600bb0323e7c2277311f065f6f |
| SHA256 | b04759fee392d36cc20a319943c4ddac356cd1fbed6223a4961688689350a84e |
| SHA512 | 0faaf02180ef6ea2a8a74ab2be7b72be24eff69e5aecdf97bec838a637e7b3efb85ffed32c2e035b2100615e2711cccbe8afe231ec55a7245d00d6c98329d83c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8ABD94FB-E7D6-84A6-A997-C918EDDE0AE5}
| MD5 | 93a41069c98050e3ea095a2185fddce9 |
| SHA1 | 92eecf90eb3e8235397bf0574acf0e7405541b26 |
| SHA256 | 0382664c279fd723231cbef1f76c8592dfa408b3b42dd8f343a21f4e77adc497 |
| SHA512 | 7a36bcf3ef2c41b5084c36404ce692466934931428f2dcaabb86c2a666cf39b53467161a6d13045eb7a68f31461163d869135aca4c744b9215fbb8891b36fc0d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BD3F924E-55FB-A1BA-9DE6-B50F9F2460AC}
| MD5 | e799eff0b7816a5587d146f9bb951f1f |
| SHA1 | 28f99125424d8e0647ed01a21c378362de181cdb |
| SHA256 | daee10eef8cdad237bee08e5429e529bca3b7a10c1bd76578588108a3a6b272b |
| SHA512 | 02ad638295b2a21c3b4367e7f3ef345b81e3ba8c62c61a97ef51b1f102c28b2fd6863f3ca1b3b87051ec95da92c42a8bfcd4e0adf18cebd3de0a2c27a388d563 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C1C6F8AC-40A3-0F5C-146F-65A9DC70BBB4}
| MD5 | 2e455b88290024ba91a90deb1f194a19 |
| SHA1 | d17027449bffef8c398ff1ffd8fbf078171805ea |
| SHA256 | 65afc3f47f89f404bb847eca3c445bcbb15af5fe0905fc050fcb6b6d2f6d00cc |
| SHA512 | 1cea9d5922894fe900df5b186af735997cdc2132ccdce5690681f4e55608c5c9dbfd5b072c81453ac7456df7fe6577f55e5f86900363fd3acfafa78dbcd6ac5f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BB044BFD-25B7-2FAA-22A8-6371A93E0456}
| MD5 | 6ba483c92ecc054466753e522db97936 |
| SHA1 | f46a0ed2d9d68a979241974f1588d076f64f68aa |
| SHA256 | 25b4c976977835c431d466db710ff3d5861cacc4e77683ec6fd4d5c9d5ae0afd |
| SHA512 | ba9fcc6b649ba53bbead16cc9e47741fbf4abb3d115212b15931d7e759b07a3ddd926042ebc93dc1887dd25dd33044c44bae4fcaf2452217d7d1180b1b269f0b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{DAA168DE-4306-C8BC-8C11-B596240BDDED}
| MD5 | 855718d0bd86e35b1d42ceabdcfc61b3 |
| SHA1 | 2a6698c8231e2fa27f93fd5141a252a4b06251b1 |
| SHA256 | 78c940de004462f42d6bd01aaa33cd73f2c3b06652730c385f1f9c4760ac9537 |
| SHA512 | bea1a7ac95e76b120c65bce325d87c27d385f992c6b95def100ba50fc4e7eaf13c61c10bd95231046885a17afa1aba3fc4158d095360caa46412ae8b136288b8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_EXCEL_EXE_15
| MD5 | 2c3d8b38f4706d2bd623310de468a21b |
| SHA1 | 43aa3a23be9e599c8df874b631e2291fa0fd5e25 |
| SHA256 | eb7c131073394f7824cd2152e9ef1f87bfa7feb09097af42d7a882b3ad7b7ac3 |
| SHA512 | 45fa14f771adb80eaac8d0bc02e70d9e9e453d27238698c7953de7434c4a182eadad6e7fc908de4e5babd487f9dc917fa3ba67ca599c5889804d948da7fd1fd8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_ONENOTE_EXE_15
| MD5 | 47c378bdc07ccd57b6e51d03085d0a09 |
| SHA1 | 5e0bcae2ef2a557ef7b7feb11c032e567347c9e9 |
| SHA256 | c8306e51b61f5b4d819bee37f60258378b9605c6787f55cbed76c676bed66322 |
| SHA512 | 1425b348c230aa7818d08049b57228a27bc591fbbb1a107f153eefc3e313ad12cd3ec3efab0b314795ddf00586a821e98eb042db68d3862ea2cf800a0cadb77a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
| MD5 | 0e2a09c8b94747fa78ec836b5711c0c0 |
| SHA1 | 92495421ad887f27f53784c470884802797025ad |
| SHA256 | 0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36 |
| SHA512 | 61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_MediaPlayer32
| MD5 | e1aa86a6110404c34e05c063601112ad |
| SHA1 | 0680868aee468fce12215d90684c4c7cf7769b34 |
| SHA256 | af63b4e541130d09289a3c6852de203f2723792bab7464559459a732d553f8bd |
| SHA512 | fce875b8ab57ae028c3bdd3adc645075babb7244a9c3338abf2ce871e56722c895610ed2001c1c84de34c2837616ba3664839e0985f42ff164b1549e909c07c0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WFS_exe
| MD5 | 0d19bea6f0b22383fff2d13e0e6ff0a2 |
| SHA1 | 416f9bd9d2f0deacc06490fbefe77a6ffc2064a9 |
| SHA256 | da3cc596513ca5729f367af635df99081509cf5dcf9f5744090c7cd9fa8e0243 |
| SHA512 | e9ee700a8b17396239bc5ea79f384c80e34c7412f5877e4b6214e6748ea291341599880aa5338a9e68a3ab86f2f5263b08193a543be72372eb01da0432ae3308 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_iscsicpl_exe
| MD5 | a89988784e4640ac2ec71f90ce85b825 |
| SHA1 | 9e22ce33b9c1fbe81690d7d7b315ce815e72994b |
| SHA256 | 679f4056018986fc3f9329155cd3a826ef7bc664bd7cb6dec0ae07a7818ce57a |
| SHA512 | 9b82109d2fe226f99d2919672734ca8dfca74b3bc2032b406519ae96e37d33a6ef77be655ae0ba5c54036e3ae3510efe767e5881b17e85b04292b1558387a919 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe
| MD5 | 6f0d8710c462b5955d9d16745bdb1bfd |
| SHA1 | ed0545934a28799ef27dddcc0439d05dc40c47ac |
| SHA256 | 342f29784a85f25ec119d85e39267ec57a4c803fbc099f6c5ceb7761f8896cfd |
| SHA512 | 404085314a3cf37e8e66aecd314d63ea9711d05c1ecb714d531126e61b7bb9929e59e4a42cb736ddade1ac416d76477881d18b428bfd603fede3e9eeb7b6f8cb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7-zip_chm
| MD5 | a62d519be58c4ec079cd825e04c1f4bf |
| SHA1 | 91c59ff74e1911d942cdb7a68ebba42f10dc3510 |
| SHA256 | 9af30e079cc36bdf17fb5fffebbe68b2275616f9513b07e99f15f7065a2d99c6 |
| SHA512 | 637a0dced1a940af17c47abcdf30dc1a2ab2c1a1f70b9199789670398e87d2c9ad445f82e05fd1ea84cccfb62d25c8253218426c1fd9784b14dd5c7bae881b69 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_NEWS_txt
| MD5 | 968e7d1aa993ef1052b35a95c51946d5 |
| SHA1 | c67817521eb4f70d692d3d29b32676b1871e3d40 |
| SHA256 | 719fb4e7016e1c4fff64166a8809a6ffe5d16ba0a40e4e8593ba7f664337e239 |
| SHA512 | 3382a01b518c38859c1ffc8799aacb941fd7bedd2cecaab4fc8e7fe8e44aeb6acf3997b844b9b5d8ddf4e72331e33972606cab1e9d8b527bf80ef7a9a0136022 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_Documentation_url
| MD5 | bad093419be1135cfe9694ea77088c78 |
| SHA1 | 76204c7ca72cf666add9c9931389d635c82e8af0 |
| SHA256 | 136808af50ee73df9befd76f7aca21765782565b0095227c5a287f3be0b5ef3c |
| SHA512 | 3b5cb7f80d7cbc557b5a32a995cd607257ac8e56af935ce6f64c54ba1f311a65ef00c69c69047b6eb7bb678c2b1bc0a3c37548aef417ea49e414e1a34bcf651d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Common Files_Microsoft Shared_Ink_mip_exe
| MD5 | 988d8f7a55d7a70d764dfa515a4ec6cd |
| SHA1 | 0935b33593ae55a70833624fbb1edd7208391ff7 |
| SHA256 | db1ddddf683c53435b987f49f5f5b3262899451c634298bafb3a0b122ceaa62a |
| SHA512 | 3ea0e33b836e1cd0b8d034f1e4d31cfbccad59332cdfd0cfbf08005c32204ff930c5578350fd1ac111f109b1ae38d3621394227cbb1da11d64af4e46735789c8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7zFM_exe
| MD5 | 0e6ef93d5933046a62bc747ea00e24fe |
| SHA1 | dd78782d47f49c2d8bb903a87596b84cf1299601 |
| SHA256 | 5086deb58d1ef6e262c226c1c9f590280ba09484995da092ee1c9e0e5bcdc6c5 |
| SHA512 | e7db0b2a9f8d1c3dc26ea5360a34959de95449cc6575ec199c4d01e487af627b7c9e2eb60166905011eb53a96d4e7076530ac5e429b3a3c47eb610b63fb089bd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_services_msc
| MD5 | 5e2da008f38c7ad813d9fe8e669dddd6 |
| SHA1 | 3f4ed852167cfb251cce13be4906a0cbea58f021 |
| SHA256 | 0cf904a532ac487f6b4c080fd01406529ad26ae559128b0aff170f389c278c28 |
| SHA512 | 8d295af13fa38384923e0db043ef7196ae3cdddc9dc1e765217494461c6c6f24704eb984985c45159cae06e81ca857c4f406b1ec80bc9c8fbccad535a1f77d72 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe
| MD5 | 53397b08309ff534a07d24635ba224ca |
| SHA1 | acb7765998078026e0b6ffbe57e72d8d454bc54c |
| SHA256 | 5c62803659067e9c56afca377104d8f187d0393f629ecd6863fb165cff588ad0 |
| SHA512 | bdfd047f5678f72e612875b69f1944b9afd94cc6b61740ff32380a22e37b9b86ca59efe52b7a58358c15f75ae7c04221a48060d1c0f338cf40c156f9187501d1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_psr_exe
| MD5 | 7794df1f7ea502f8b5a7afe7458dcbd4 |
| SHA1 | 179f413597c837600e87609de63ae9112e3e7199 |
| SHA256 | 75f6713e1ae6f0caa52d0b3957114d7653e2e002b33e1c6b173f6a584ead94e4 |
| SHA512 | 2a77656d9201c8684315c1fe8693fee206b13d072fd4164491b7a4c5fc46a3ba78216200c48b044bad221c27423394529173f8d84a5a38da7343231d0f7d9fbc |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_printmanagement_msc
| MD5 | 7279e4431c96c1030f6ccefb5fce7cf3 |
| SHA1 | e6d0c93d63c00d14e2f40f5fdbf6c3fdc3487442 |
| SHA256 | 64472af7e48d716d113b1c8a8241eaa67737b21e29abd62b4a0bfb485363ae3a |
| SHA512 | db7febd66f65a486b1b77f13d8b32787c9d04e2b07003cd0dc90f4531afe70132ed9f165ab55c012b60857bd4e6f8fe2e78f7ff132bf64a95159d7138e5df53d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_notepad_exe
| MD5 | 7689c30d53af0dc638a76cdac2b6755c |
| SHA1 | ee74ae57c6c4867783c282b46cce4aaee6fcd5c3 |
| SHA256 | a05bcdcfa0fdc148fc7eadaa891e11d3646b84b04f793782b7257edd77015e35 |
| SHA512 | 6840a48e5725501b37455f650cabffc17086453b6d70f943ff379f2b5b1ff9d1a72da8dd27083c082c3abcaaca3cbcb36da2c7005d08811cf94b45e88392f38b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_mspaint_exe
| MD5 | 4f0414c4ef966619b5cf9b740c9f1096 |
| SHA1 | d136f140bb9aa3d3d9b5aa5dcb413d78b93c71fe |
| SHA256 | bfedb922c2dd20626051ac2dea4f06021eb0a51ed53d901bb7fdc3c27b0c9cc2 |
| SHA512 | bb094fd2695d2ad8f0e1f5ea5652dcf1e377adeb597cc84836aed75685689aa14f622632575bfb59a37ab86610f0595b3897adc6db7278dc141e4ef9495deb38 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe
| MD5 | 5e8789e07e5c0545251da36bd0c8e4a5 |
| SHA1 | 75a00b8758ec1b080c47dae3452977e4a61f0167 |
| SHA256 | 5682a3ff1985edd22549e7821899c00286687562c768c262de1d2a542b1884ff |
| SHA512 | 3a415a469a0c2f833f93a64c5025388bc83513502cdaa46f0091d11006e48eb67215fac01953bb02c5f304d21e0f487db1085260f0f603c554c4b19434e137ce |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | 8f1510c256b21f883351f534f2ea81eb |
| SHA1 | fc82742237e8d9ccb6efc33de0270ab8e0999aaf |
| SHA256 | 3bdd3b8092d66364f92ec818f5cf443c49262bc58e8d4237a71cc8882d0871cf |
| SHA512 | 00b9a432ff19b52998e436fb5a5396b904e9cb45ebf303e25565ef816157981d1acd42040fd4efe7e7a78de1792dd1f396226c8954aae3af7bc539a346d6d702 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe
| MD5 | f29ba4c9e82e3ba6f79cb3383cb96f79 |
| SHA1 | f8082d87ac238c237627b132889c9cb223fbb262 |
| SHA256 | 9e228359b717ec1507aaecfa380c6e8e24a810133f8e5bd11171e5f9cc905c84 |
| SHA512 | a33b9c6e094ba20e7085e42ced2de54bd74461575d581b859a36481ff8c65f7737d0ac52429bc9ead3ca67f197755c49f0ea0771d8606c7af8bab55d061f6f84 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_dfrgui_exe
| MD5 | f4ebff482100da28a335dd2ee22e4a32 |
| SHA1 | bbe5f2c752b40641d02cbb43d5c0fb9c53889414 |
| SHA256 | 802308e769a49d907538c5fa0e974313fb6e3bf29cfc8c6d1d69dddd8cd124af |
| SHA512 | 86147c1a98cde8389145059666a7d241035f69558183d21f2d069a2f973de96125d5b3f3985732d47e556c09dd0d0acb75447293700e9b45feb798e145c5add1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe
| MD5 | 33cf1a9ad7e502fd7c2de69a7da48801 |
| SHA1 | a71f1a144616eda1ca60886843fae98703417a0b |
| SHA256 | f160948153cf32d47d35bea85eccd51929566e662c6eca6f838515b0860704c0 |
| SHA512 | edbee4a88c5e5f049ec86a4b8beadeac89f4eec81f1176ea35f2f689fb40f335ee1f85df856d02d224f5fb95e4ac1e9a85cf6d54b4c436a50e478859ec9fc517 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe
| MD5 | 406347732c383e23c3b1af590a47bccd |
| SHA1 | fae764f62a396f2503dd81eefd3c7f06a5fb8e5f |
| SHA256 | e0a9f5c75706dc79a44d0c890c841b2b0b25af4ee60d0a16a7356b067210038e |
| SHA512 | 18905eaad8184bb3a7b0fe21ff37ed2ee72a3bd24bb90cbfcad222cf09e2fa74e886d5c687b21d81cd3aec1e6c05891c24f67a8f82bafd2aceb0e0dcb7672ce7 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_PowerShell_ISE_exe
| MD5 | 3ccc6610ecf9eb036fc50fda1f781d21 |
| SHA1 | de7db115b3bd1b926ae0b2a795e7d0feac621851 |
| SHA256 | 2192613bbcf96dd824a813b59c598c486ea713a05c82fb1184eb955bc3b84839 |
| SHA512 | aa3a6d68415fc17695a8dc35271617834a84b3485af974cf34f2ff2a065ab6217db4a19e08abd22330dea9d9a44963e0aa70feda061db2ca6c0c29b2f4c6ca42 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WF_msc
| MD5 | 92e39e4bd3e216cf76a2cf3d93c53fdb |
| SHA1 | 6b3315770d169c632712e5bfa002610c3917d99c |
| SHA256 | be2529bc70fad82f5a753a3c4083d9ae5361c1e95a2c5fce51df6feb442de615 |
| SHA512 | ed9c3732a6f54efba8313ca533eaf6e9a5eac80977ac8028452fbfcb1429e46de192ab2afcf7f1d3bb1f0a1a8f31f00782424059d82022f660bc44fe133e3b6c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe
| MD5 | 9b55b8a492df2ce8fb6e9b0565dbcdcc |
| SHA1 | b52570ebb2a3c3aa8cc3ffc6ad0955078abd5235 |
| SHA256 | e73573d120f91a45563e277015e3ca72f05ff1b18976df5c81bd490805020f25 |
| SHA512 | a8fb3c061f4b6fd17167cd8ed9f92b34b90e826b6dfc036db33c72f960052e20c4cc0fbef3988032ebc30449aa310149e81187bb7e6ff87f6249202f2652cc5e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_RecoveryDrive_exe
| MD5 | 295e1773200faaaf90fde45e9756fadd |
| SHA1 | 8a2c49076f59739c7e69f19852d4ea0a772af2a3 |
| SHA256 | f795251afd7834282ad149d10bebf7dceea04ba56a960b7b9e3899e4287f1385 |
| SHA512 | f0cd5d2e0b82d40c7256b4560e461b3eefa73fe51ac6679f29928faab673276ba12190dcaa404b89664bdb38e4da04c968e1db694410c9fb68d5234b58278d14 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_MdSched_exe
| MD5 | 2bd136eb4cb4539c66599b66221dbbba |
| SHA1 | 22532c9b312cce5d6e593955b795cb2ba2857124 |
| SHA256 | aec7c44a6c41813e7a0df059f38d60c3a4fbe51683d3f9d17e8daf67c0a5c8e6 |
| SHA512 | 22ef6a2565c30912f65e7b6f5e53981d514f3881e457dd7761bb4e7e286f22bba5e3ce6d0a2f7c02971d801a4e999e0d6ca4aa6b7bb935249cc947e2b3d2766a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\windows_immersivecontrolpanel_cw5n1h2txyewy!microsoft_windows_immersivecontrolpanel
| MD5 | 744a0320026eb91c3f475b4ceb3a39a9 |
| SHA1 | 65f61bf6a7e5094f68656494a59553c1c64123da |
| SHA256 | b003c371a0dc78f40822f9959e084ad23cbb605dc362f04fff880459bde1b63e |
| SHA512 | 1e961b5c1d77c81ec0f326608a1e12511a4a0041a458b4551c17859b3afb83d98ca3c84cd8ff771684a6747f6df2ac82fe5851132034c1c42c8bd1029f4734ba |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_RemoteDesktop
| MD5 | c29ef40b14d06595314ab1f6634ee474 |
| SHA1 | faf7420e380424794dae3192186f4e5263d1ec1c |
| SHA256 | 4121ec51b50f6b8d459c56d92058af3ac611b00d7245d7b39145d47445e7273f |
| SHA512 | 60a472a5867d3fc79e5023ec260fd00dd48d207423b336a9c7393fd8a7303e88b2aecb005f652f2a983d522ec878011dbe797ff56bcf9079a43a4e971f8f4531 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msotd_exe_15
| MD5 | f35b45b5028b3b64375cbb3fafb44044 |
| SHA1 | 24ed8611db1e76ee699152e10be6c96c60e8a7fe |
| SHA256 | 848a25007192b687231de4053ef7ba80b6df0e70d52342b4b1fd4abb14ec4c25 |
| SHA512 | 0d7ddae93245cea32af0bd89bfe9f841bf905b97464fb87aeb5158190e0a166b69a88babc7498b88eefd41838696db2c6245ea63a3d5c5d8b78e702972f765c5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msoev_exe_15
| MD5 | 7b4b9fd2b81ce798f3b31e585fefbd06 |
| SHA1 | 9b10727f132e741089047841df048fcadddcd9e0 |
| SHA256 | 3eaa9bcb1be1f9fb075bb3b37a54646e72b506fcbe1a3614ad01a4d98d8689f7 |
| SHA512 | 2e58940bdca873a6dd6056b6cde2b7d687498a12bc50649385f58727b43b7d7bf7bab7c530bf3c4e539b559c13c422172512a246e0edea392c021bc40b2a3d15 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_WINWORD_EXE_15
| MD5 | a03a0988894c00b0079df02367d9825b |
| SHA1 | e7c6203741bc7b729f4ea6b7aa0afac1fcaec277 |
| SHA256 | 6f37c8f98b70b89c2cc380d0aa38b0262921202d0ee63561f57a3304575236bd |
| SHA512 | 692a6dd4619f7e05c06480d7a65fbec407a31d30087ee89efe8eda8e8a578e7a285f51af58ddd9e2c1629b9b9b32c57c8031457587b3c9a7088e21b03ece1b35 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SPREADSHEETCOMPARE_EXE_15.key-KKBPYCPYOPYS.0xc5ffa1f0ccc01
| MD5 | a3bdad157c3c9c755b20d92c7f90021b |
| SHA1 | e4ce34a1f445369a490f14e545df7156af088f8d |
| SHA256 | 2660e3eb37b749153133738dc32757b44b020951428b6efbb9be0cb515210b4d |
| SHA512 | 55e89b1539f3e8b7ac209aa1083840c2a1e38f228ed160cf2556e3be0e0791e3ec757db4c42415020c8f3c90585917d920b057dfcfab213e6e89bc218e4042c2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SPREADSHEETCOMPARE_EXE_15
| MD5 | d73810507446e10f35cef691a91cc5f3 |
| SHA1 | f871fc76285b469eaf3f77697acb489438671a31 |
| SHA256 | bb2ac675156df74f88f154e0b586c759ad50b5c57dcd8a98005d5597ed7ad1a3 |
| SHA512 | c9d458e899fcec6eb5ce5eae2371ab7f20e741b6cd3e82b052041e33fd8bc5c77fdcb4ee239bfd07913074eb810082a0c9753c25571aeb8aa6cf04f072e1f764 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_POWERPNT_EXE_15
| MD5 | c314b7443a535d4b39b28c6a2d246ef5 |
| SHA1 | b7688df267a8304d3f1f6afdbcddbf96a5e86fcd |
| SHA256 | 288834f082fb5ca0868a7b8fd3f645c883841d612731771df1c9490d99af76ad |
| SHA512 | ca3ac5def4b819cbc0cb770a2e0b482e3ad5753f167b2741e7e31c20ab7236559695297b9dd5d8088ac2f1b3886a7e644166c4fab29dd63c60a906abc547f422 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_MSOUC_EXE_15
| MD5 | 943dc823b68d13170c037022cf94d95c |
| SHA1 | 0e39464d007f8c35667277d3fa42f297a5d75820 |
| SHA256 | ee75215cb2025b29a28bd6ba4d363924ea305eceee5cb9c9afe68dd97c7b0415 |
| SHA512 | 4ae351553521d41e844f6de549f1c7a6dd3eb544b50976913cdea58edd3e3b8cb81d21b2461258c3af1c65815ccdad407ae193d220656a44c6f4d4f21200eaa1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_DATABASECOMPARE_EXE_15
| MD5 | 1d3c4e80c24cd236fa76a27435926362 |
| SHA1 | 7dbb5cdcac2ba68296501209c9fe98edcca2d35f |
| SHA256 | dbcdcb3b5da2fff40a182288466d41e376b9c578ffcae1c40e53e6b2b1162b2e |
| SHA512 | b871c72d59f3422ef443502bdd0c955be46f34f599efb063dd5d8701902c390f8397df4d4d04699a03cc3326f4761a4d463df7ee8f7a32559ae0b0e39af41acf |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133758891502102316.txt
| MD5 | 190a3a38fbbecff68c090688e6c8ba20 |
| SHA1 | 9afb677325a0456575b4fc3327daaca9ca392d32 |
| SHA256 | cf0665cb7354dbf9b6ac678bfd496e4de678aad8e90c34549c2a6c9b5e63ef5b |
| SHA512 | 5957ff1e49cf3b12474dd457e1e0a953eec5fa6e3f28989ce6338ab724684e7b1fd0423adbed1ae2f15ab18fc9918a15f81657cf1a41bd7dc02435b2e479ecb7 |