Analysis
-
max time kernel
149s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
20-11-2024 00:24
General
-
Target
encoder.exe
-
Size
10KB
-
MD5
f1927e7f90416bf39fc7991bbc57e1b3
-
SHA1
2367249568ca4a34f8824a9313b03d16d1d7c0bc
-
SHA256
539b0b5d54757e8a2b754ecdc2939eb7cf9db0ed1728e0eca407500222668505
-
SHA512
a0ac1811c8944165ba1939e40fe965bba3f7473819cb6f5d1cd4b4e7c203685baec055a6c73359dd1b3ddc79cb05b42d8c7541c29ea466120233423c5a5fcc60
-
SSDEEP
192:yrj2/2OzcYKNEmkmTjtiIKZIF/2oQlLkMBBm4C:j/2OzcJNEmkmTjkI/92oQjBU7
Score
10/10
Malware Config
Extracted
Path
C:\Program Files\How To Restore Files.txt
Ransom Note
Important !!!
Your personal id - h0ztyx-5W+Wz7ph7
Warning: all your files are infected with an unknown virus.
To decrypt your files, you need to contact at [email protected].
The decoder card is received by bitcoin.
You can buy bitcoins from the following links://blockchain.info/wallet
Do not try to restore files your self, this will lead to the loss of files forever
GUARANTEES!!!
You can send us 2-3 encoded files.
And attach for testing, we will return them to you for FREE
Emails
Signatures
-
UAC bypass 3 TTPs 3 IoCs
-
Clears Windows event logs 1 TTPs 64 IoCs
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (9715) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Power Settings 1 TTPs 2 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Interacts with shadow copies 3 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: RenamesItself 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\encoder.exe"C:\Users\Admin\AppData\Local\Temp\encoder.exe"1⤵
- UAC bypass
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c vssadmin delete shadows /all2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\vssadmin.exevssadmin delete shadows /all3⤵
- Interacts with shadow copies
-
-
-
C:\Windows\SysWOW64\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\How To Restore Files.txt2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\windows\cllog.bat" "2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c wevtutil.exe el3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe el4⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Analytic"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Application"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "DebugChannel"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "DirectShowFilterGraph"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "DirectShowPluginControl"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Els_Hyphenation/Analytic"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "EndpointMapper"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "ForwardedEvents"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "HardwareEvents"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Internet Explorer"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Key Management Service"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "MF_MediaFoundationDeviceProxy"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Media Center"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "MediaFoundationDeviceProxy"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "MediaFoundationPerformance"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "MediaFoundationPipeline"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "MediaFoundationPlatform"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-IE/Diagnostic"3⤵
- Clears Windows event logs
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-IEDVTOOL/Diagnostic"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-IEFRAME/Diagnostic"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-JSDumpHeap/Diagnostic"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-PerfTrack-IEFRAME/Diagnostic"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-PerfTrack-MSHTML/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ADSI/Debug"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-API-Tracing/Operational"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ATAPort/General"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ATAPort/SATA-LPM"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ActionQueue/Analytic"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AltTab/Diagnostic"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppID/Operational"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/EXE and DLL"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/MSI and Script"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Debug"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Problem-Steps-Recorder"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Inventory"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Inventory/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Telemetry"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/CaptureMonitor"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/Performance"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audit/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication User Interface/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AxInstallService/Log"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Backup"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Biometrics/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bits-Client/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bits-Client/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bluetooth-MTPEnum/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCache/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheEventProvider/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CAPI2/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CDROM/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COMRuntime/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Calculator/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Calculator/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertPoleEng/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ClearTypeTextTuner/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CmiSetup/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Verbose"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ComDlg32/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ComDlg32/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Client/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Server/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CredUI/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-RNG/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-D3D10Level9/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-D3D10Level9/PerfTiming"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DCLocator/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DNS-Client/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DUI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DUSER/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXGI/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXGI/Logging"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXP/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deplorch/Analytic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSync/Analytic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSync/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceUx/Informational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceUx/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DhcpNap/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DhcpNap/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiagCpl/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-MSDE/Debug"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Perfhost/Analytic"3⤵
- Clears Windows event logs
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scheduled/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-TaskManager/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-WDC/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-WDI/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D10/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D10_1/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/Logging"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/PerfTiming"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectShow-KernelSupport/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectSound/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectWrite-FontCache/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectWrite/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Disk/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnostic/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnosticDataCollector/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnosticResolver/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplaySwitch/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Documents/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DriverFrameworks-UserMode/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxpTaskRingtone/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxpTaskSyncProvider/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EFS/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Debug"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EaseOfAccess/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventCollector/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventCollector/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog-WMIProvider/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FailoverClustering-Client/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Fault-Tolerant-Heap/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Feedback-Service-TriggerProvider"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileInfoMinifilter/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Firewall-CPL/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Folder Redirection/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Forwarding/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Forwarding/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-GettingStarted/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-GroupPolicy/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HAL/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenter/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenter/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenterCPL/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Help/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Listener Service/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup-ListenerService"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HotStart/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HttpService/Trace"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IKE/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IKEDBG/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPBusEnum/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPSEC-SRV/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-International-RegionalOptionsControlPanel/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-International/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Trace"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Acpi/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Boot/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Disk/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Analytic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-File/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Memory/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Network/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Prefetch/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Process/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Processor-Power/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Registry/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Errors"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Known Folders API Service"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-L2NA/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LDAP-Client/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LUA-ConsentUI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MCT/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-CLNT/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-DRV/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-SRV/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Admin"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/Transform"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-PlayAPI/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MemoryDiagnostics-Results/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MobilityCenter/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NCSI/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NCSI/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDF-HelperClassDiscovery/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS-PacketCapture/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NTLM/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NWiFi/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Narrator/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetShell/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Network-and-Sharing-Center/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkAccessProtection/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkAccessProtection/WHC"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkLocationWizard/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProfile/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProfile/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Networking-Correlation/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NlaSvc/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NlaSvc/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OLEACC/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OLEACC/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-Machine/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Debug"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/SyncLog"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OneX/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OobeLdr/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PCI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ParentalControls/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PeopleNearMe/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PortableDeviceStatusProvider/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PortableDeviceSyncProvider/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerCfg/Diagnostic"3⤵
- Power Settings
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerCpl/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrimaryNetworkIcon/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Program-Compatibility-Assistant/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-QoS-Pacer/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-QoS-qWAVE/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC-Proxy/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC/EEInfo"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoost/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoost/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Recovery/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReliabilityAnalysisComponent/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Remotefs-UTProvider/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Detector/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Resource-Leak-Diagnostic/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ResourcePublication/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RestartManager/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Search-Core/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Search-ProtocolHandlers/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-IdentityListener/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP/Perf"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sens/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ServiceReportingApi/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Services-Svchost/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Services/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Setup/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupCl/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupQueue/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupUGC/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Shwebsvc"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-ZipFolder/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shsvcs/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sidebar/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Speech-UserExperience/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Spell-Checking/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SpellChecker/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StickyNotes/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StickyNotes/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StickyNotes/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorDiag/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorPort/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Subsys-Csr/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Subsys-SMSS/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Superfetch/Main"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Superfetch/StoreLog"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sysprep/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SystemHealthAgent/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TCPIP/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msctf/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msctf/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msutb/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msutb/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TZUtil/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskbarCPL/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-MediaRedirection/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ThemeCPL/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ThemeUI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TunnelDriver"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UAC-FileVirtualization/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UAC/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAnimation/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Perf"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIRibbon/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-USBHUB/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-USBPORT/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Profile Service/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Profile Service/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User-Loader/Analytic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserModePowerService/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/DeviceMetadata/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/DeviceNotifications"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/SchedulerOperations"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UxTheme/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VAN/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VDRVROOT/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VHDMP/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VWiFi/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VolumeControl/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VolumeSnapshot-Driver/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WABSyncProvider/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WCN-Config-Registrar/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WER-Diag/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WFP/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WFP/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLAN-AutoConfig/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLAN-Autoconfig/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLANConnectionFlow/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMI-Activity/Trace"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPDMCCore/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPDMCUI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPNSS-Service/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPNSSUI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-ClassInstaller/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-ClassInstaller/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-CompositeClassDriver/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-CompositeClassDriver/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-MTPClassDriver/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WSC-SRV/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WUSA/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WWAN-MM-Events/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WWAN-SVC-Events/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WWAN-UI-Events/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WebIO-NDF/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WebIO/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WebServices/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Win32k/Concurrency"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Win32k/Power"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Win32k/Render"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Win32k/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Win32k/UIPI"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WinHTTP-NDF/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WinHttp/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WinINet/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WinRM/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WinRM/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WinRM/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Windeploy/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Windows Defender/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Windows Defender/WHC"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WindowsBackup/ActionCenter"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WindowsColorSystem/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WindowsColorSystem/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WindowsSystemAssessmentTool/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WindowsSystemAssessmentTool/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WindowsUpdateClient/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Wininit/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Winlogon/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Winlogon/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Winsock-AFD/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Winsock-WS2HELP/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Winsrv/Analytic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Wired-AutoConfig/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Wired-AutoConfig/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Wordpad/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Wordpad/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Wordpad/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-mobsync/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ntshrui"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-osk/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-stobject/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "OAlerts"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Security"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Setup"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "System"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "TabletPC_InputPanel_Channel"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "WINDOWS_MP4SDECD_CHANNEL"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "WINDOWS_MSMPEG2VDEC_CHANNEL"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "WINDOWS_WMPHOTO_CHANNEL"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "WMPSetup"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "WMPSyncEngine"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Windows PowerShell"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager/Admin"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "muxencode"3⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\windows\cllog.bat" "2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c wevtutil.exe el3⤵
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe el4⤵
-
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Application"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "DebugChannel"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "DirectShowFilterGraph"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "DirectShowPluginControl"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Els_Hyphenation/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "EndpointMapper"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "ForwardedEvents"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "HardwareEvents"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Internet Explorer"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Key Management Service"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "MF_MediaFoundationDeviceProxy"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Media Center"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "MediaFoundationDeviceProxy"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "MediaFoundationPerformance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "MediaFoundationPipeline"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "MediaFoundationPlatform"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-IE/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-IEDVTOOL/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-IEFRAME/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-JSDumpHeap/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-PerfTrack-IEFRAME/Diagnostic"3⤵
- Clears Windows event logs
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-PerfTrack-MSHTML/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ADSI/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-API-Tracing/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ATAPort/General"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ATAPort/SATA-LPM"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ActionQueue/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AltTab/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppID/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/EXE and DLL"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/MSI and Script"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Problem-Steps-Recorder"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Inventory"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Inventory/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Telemetry"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/CaptureMonitor"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audit/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication User Interface/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AxInstallService/Log"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Backup"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Biometrics/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bits-Client/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bits-Client/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bluetooth-MTPEnum/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCache/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheEventProvider/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CAPI2/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CDROM/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COMRuntime/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Calculator/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Calculator/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertPoleEng/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ClearTypeTextTuner/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CmiSetup/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Verbose"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ComDlg32/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ComDlg32/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Client/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Server/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CredUI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-RNG/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-D3D10Level9/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-D3D10Level9/PerfTiming"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DCLocator/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DNS-Client/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DUI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DUSER/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXGI/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXGI/Logging"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXP/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deplorch/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSync/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSync/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceUx/Informational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceUx/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DhcpNap/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DhcpNap/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Admin"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiagCpl/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Debug"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-MSDE/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Perfhost/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scheduled/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-TaskManager/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-WDC/Analytic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-WDI/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D10/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D10_1/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/Logging"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/PerfTiming"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectShow-KernelSupport/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectSound/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectWrite-FontCache/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectWrite/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Disk/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnostic/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnosticDataCollector/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnosticResolver/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Debug"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplaySwitch/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Documents/Performance"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DriverFrameworks-UserMode/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxpTaskRingtone/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxpTaskSyncProvider/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EFS/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Debug"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EaseOfAccess/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventCollector/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventCollector/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog-WMIProvider/Debug"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FailoverClustering-Client/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Fault-Tolerant-Heap/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Feedback-Service-TriggerProvider"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileInfoMinifilter/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Firewall-CPL/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Folder Redirection/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Forwarding/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Forwarding/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-GettingStarted/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-GroupPolicy/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HAL/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenter/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenter/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenterCPL/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Help/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Listener Service/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup-ListenerService"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HotStart/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HttpService/Trace"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IKE/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IKEDBG/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPBusEnum/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPSEC-SRV/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-International-RegionalOptionsControlPanel/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-International/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Trace"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Acpi/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Boot/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Disk/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-File/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Memory/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Network/Analytic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Prefetch/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Process/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Processor-Power/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Registry/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Errors"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Known Folders API Service"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-L2NA/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LDAP-Client/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LUA-ConsentUI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MCT/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-CLNT/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-DRV/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-SRV/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Debug"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/Transform"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-PlayAPI/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MemoryDiagnostics-Results/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MobilityCenter/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NCSI/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NCSI/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDF-HelperClassDiscovery/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS-PacketCapture/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NTLM/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NWiFi/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Narrator/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetShell/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Network-and-Sharing-Center/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkAccessProtection/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkAccessProtection/WHC"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkLocationWizard/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProfile/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProfile/Operational"3⤵
- Clears Windows event logs
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Networking-Correlation/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NlaSvc/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NlaSvc/Operational"3⤵
- Clears Windows event logs
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OLEACC/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OLEACC/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-Machine/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/SyncLog"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OneX/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OobeLdr/Analytic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PCI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ParentalControls/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PeopleNearMe/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PortableDeviceStatusProvider/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PortableDeviceSyncProvider/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerCfg/Diagnostic"3⤵
- Power Settings
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerCpl/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrimaryNetworkIcon/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Program-Compatibility-Assistant/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-QoS-Pacer/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-QoS-qWAVE/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC-Proxy/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC/EEInfo"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoost/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoost/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Recovery/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReliabilityAnalysisComponent/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Remotefs-UTProvider/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Detector/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Resource-Leak-Diagnostic/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ResourcePublication/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RestartManager/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Search-Core/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Search-ProtocolHandlers/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-IdentityListener/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP/Perf"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sens/Debug"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ServiceReportingApi/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Services-Svchost/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Services/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Setup/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupCl/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupQueue/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupUGC/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Shwebsvc"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-ZipFolder/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shsvcs/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sidebar/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Speech-UserExperience/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Spell-Checking/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SpellChecker/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StickyNotes/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StickyNotes/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StickyNotes/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorDiag/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorPort/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Subsys-Csr/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Subsys-SMSS/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Superfetch/Main"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Superfetch/StoreLog"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sysprep/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SystemHealthAgent/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TCPIP/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msctf/Debug"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msctf/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msutb/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msutb/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TZUtil/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskbarCPL/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-MediaRedirection/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ThemeCPL/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ThemeUI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TunnelDriver"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UAC-FileVirtualization/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UAC/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAnimation/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Perf"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UIRibbon/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-USBHUB/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-USB-USBPORT/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Profile Service/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User Profile Service/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-User-Loader/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserModePowerService/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/DeviceMetadata/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/DeviceNotifications"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UserPnp/SchedulerOperations"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-UxTheme/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VAN/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VDRVROOT/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VHDMP/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VWiFi/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VolumeControl/Performance"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-VolumeSnapshot-Driver/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WABSyncProvider/Analytic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WCN-Config-Registrar/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WER-Diag/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WFP/Analytic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WFP/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLAN-AutoConfig/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLAN-Autoconfig/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WLANConnectionFlow/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMI-Activity/Trace"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPDMCCore/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPDMCUI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPNSS-Service/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WMPNSSUI/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-ClassInstaller/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-ClassInstaller/Operational"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-CompositeClassDriver/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-CompositeClassDriver/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WPD-MTPClassDriver/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WSC-SRV/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WUSA/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WWAN-MM-Events/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WWAN-SVC-Events/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WWAN-UI-Events/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WebIO-NDF/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WebIO/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WebServices/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Win32k/Concurrency"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Win32k/Power"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Win32k/Render"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Win32k/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Win32k/UIPI"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WinHTTP-NDF/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WinHttp/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WinINet/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WinRM/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WinRM/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WinRM/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Windeploy/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Windows Defender/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Windows Defender/WHC"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WindowsBackup/ActionCenter"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WindowsColorSystem/Debug"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WindowsColorSystem/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WindowsSystemAssessmentTool/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WindowsSystemAssessmentTool/Tracing"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-WindowsUpdateClient/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Wininit/Diagnostic"3⤵
- Clears Windows event logs
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Winlogon/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Winlogon/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Winsock-AFD/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Winsock-WS2HELP/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Winsrv/Analytic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Wired-AutoConfig/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Wired-AutoConfig/Operational"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Wordpad/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Wordpad/Debug"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Wordpad/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-mobsync/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ntshrui"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-osk/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Microsoft-Windows-stobject/Diagnostic"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "OAlerts"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Security"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Setup"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "System"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "TabletPC_InputPanel_Channel"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "WINDOWS_MP4SDECD_CHANNEL"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "WINDOWS_MSMPEG2VDEC_CHANNEL"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "WINDOWS_WMPHOTO_CHANNEL"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "WMPSetup"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "WMPSyncEngine"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "Windows PowerShell"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager/Admin"3⤵
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl "muxencode"3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\windows\cllog.bat" "2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c wevtutil.exe el3⤵
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe el4⤵
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Power Settings
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
3Clear Windows Event Logs
1File Deletion
2Modify Registry
3Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD526af444883434d917ef3fc6104fbac20
SHA11e068894eaca91825727f62f90226e8684a233a8
SHA256a527c0f1ce2280ecdd5bb78b1e3534cc562abcbf4a063448fb7d2f44f460e659
SHA5120200ab5a668ec63dc7d1e65d43cbcd5d3ec9be6a91fb5d3ee88e893f5e84bdab17e14638ee3359d46eb631888044c2ec42db391281915791e663f438ce0b689c
-
Filesize
493B
MD53afb87d6262b657a6f33c85d7b110cc5
SHA1b5463cfad00bce53801afec9804aee7a5d01db7b
SHA2569f6569d151d0464ba21c350d451294138db38792c15e4ead4bf12070718bdf36
SHA51251cfe22e353d4cfbbacf6e46e7d010b4ef879f9a1e7a020d6030a0e6463aaa740724595cf1cbc8fcaca7d70694b008f4a49f48809435fe96c0e3bc087f0fb13a
-
Filesize
8KB
MD5c8e39debc40df196d1f8e5fb0052e53d
SHA16f59058fccb7d3a1eeb31e93b1348596d9501479
SHA2566a85e5215a5e2201a811928e6757b9e30ecf128d30a027cc5a012c1eb920240a
SHA5122c29df2f855a4acf03c5d6257dbed3b92b67a21fa9e8be52eef3898f327ef41109152663b728fa948ae56e673697c08fcc910476dbf995cf38650748f1e8f528
-
Filesize
448KB
MD5881841919dfab1354b4b4d456b7c512c
SHA166c690fd50d03d41abf63f52b2601eb9391ebf9c
SHA256c3d80b7343509f7fe6934dc40307072141968ce7f093a157c52478342564d2e3
SHA512d6632b6af88778192c2b9ff88ed64e6b5ce6ea0a7ae78006c48d9e8b3a53c14e2d3ce687aa36b646de4574b458a2a1fb5dd6fc205756c52115d535817d0328ad
-
Filesize
2KB
MD5ed5c6844d10e3abbd9e64cc5aa5c11b4
SHA16442b9345e90902127762e204250000333519bb6
SHA25640372dc55e05e8a2cdb9f0f0d28e1986c35fde6c4ad46da69a9addb7276784f4
SHA5123982de3c16409225cc282574d9db5080f35afcecc755c1aaf3aaa33a803ced548302afc056054e9503e68f7c65215f34092d8c0a53195b3770a1c96ecbf0a109
-
Filesize
3KB
MD59feb7308a216d9afbcd6f617d37057f4
SHA198019b42c004a9e7bc7274a9b734f54464c592e5
SHA2569810bcdf23b138df8984fbda58fe81c20c272a4f300f466292beb668987b3ce8
SHA512517f62bfbdef74adea62ff2ba9dc582378a4ffb083027460958e8e6db1f134128bd2f3c186a05d8ff76906c431da01062c092e66eedb17aae766aa93ec8f4535
-
Filesize
166B
MD5c3322041ca54a67a1f3108f5c558ada5
SHA14a15fd1570ca2adf8c478f8a6baed5444d6c7d9d
SHA2560c632d77298ee5c0dfd96ead16883ffb16c4efc36b2ba5bd5a72d1e7c6cefb5f
SHA512614d1be590b15314c8e076215b5c0307f969ffbae56933cd1fb738b8517e6e4986c99d6a247b3373cabce5314468b5ae36c2d80c2991a1d03a90ea2b3a0efce6