urlscan.io logo urlscan.io
SecurityTrails logo

documents.trendmicro.com Open in urlscan Pro
150.70.178.131  Public Scan

Back to summary
URL: https://documents.trendmicro.com/assets/txt/IoCsNzHTk7H.txt
Submission: On November 04 via api from IN — Scanned from JP

Form analysis 0 forms found in the DOM

Text Content

Indicators of Compromise
IoC						Detection				Description
bcdb721d5be41a9d61bee20a458ae748e023238f	Trojan.Win64.EDRKILLSHIFT.YXEHUT	EDRKILLSHIFTER Binary
2d3a95e91449a366ccf56177a4542cc439635768 	Trojan.Win64.EDRKILLSHIFT.YXEHUT	EDRKILLSHIFTER Binary
77daf77d9d2a08cc22981c004689b870f74544b5 	Trojan.Win64.EDRKILLSHIFT.YXEHUT	EDRKILLSHIFTER Binary
6764ddb2e5b18bf5d0c621f3078d7ac72865c1c3 	Trojan.Win64.EDRKILLSHIFT.YXEHUT	EDRKILLSHIFTER Binary
86cdb729094c013e411ac9b4c72485a55a629e5d 	Trojan.Win64.EDRKILLSHIFT.A		EDRKILLSHIFTER Binary
2e89cf3267c8724002c3c89be90874a22812efc6	Trojan.Win64.EDRKILLSHIFT.YXEHY 	EDRKILLSHIFTER Binary
3b035da6c69f9b05868ffe55d7a267d098c6f290	Normal Detection			TDSSKILLER Binary 
hxxp://82.147.85[.]52/Loader.exe 		C&C Server				IP Address where the Anti-EDR was downloaded
4c0d755f42902559d16b73ccc4511897f7bbce94	Ransom.Win64.RANSOMHUB.SMYXEHEZ.go	RansomHub Ransomware Binaries
189c638388acd0189fe164cf81e455e41d9629d6 	Ransom.Win64.RANSOMHUB.SMYXEHEZ.go	RansomHub Ransomware Binaries
de1241a592760cc1d850be8f41beebcd460b66ec 	Ransom.Win64.RANSOMHUB.SMYXEHEZ.go	RansomHub Ransomware Binaries
8de2d38d33294586b4758599fdf65f1a265e013b 	Ransom.Win64.RANSOMHUB.SMYXEHEZ.go	RansomHub Ransomware Binaries
5f2c7da181a0ef32df5b9c8a10ea5b3135489021 	Ransom.Win64.RANSOMHUB.SMYXEHEZ.go	RansomHub Ransomware Binaries
e38082ae727aeaef4f241a1920150fdf6f149106 	Normal 					NetScan Binary 
e187d58f59e0444f7ef9ddefec88d2b11b96e734 	Normal 					Rclone binary


List of applications that EDRKillShifter EDRKILLSHIFTER can terminate
 

aswidsagedpa.exe 

filebeat.exe 

SecurityHealthService.exe 

aswidsagent.exe 

fortiedr.exe 

SecurityWRSA.exe 

avastsvc.exe 

fortiedrekrn.exe 

SenseCncProxy.exe 

avastui.exe 

klwtblfs.exe 

SenseIR.exe 

avguard.exe 

LogProcessorService.exe 

SenseNdr.exe 

bdagent.exe 

macmnsvc.exe 

SenseSampleUploader.exe 

bdntwrk.exe 

mbamservice.exe 

SentinelAgent.exe 

bdredline.exe 

mbamswissarmy.sys 

SentinelAgentWorker.exe 

Btm_netagent.exe 

mbamtray.exe 

SentinelBrowserNativeHost.exe 

ccSvcHst.exe 

mcshield.exe 

SentinelHelperService.exe 

CETASvc.exe 

mfeann.exe 

SentinelServiceHost.exe 

cmsmpeng.exe 

mfemms.exe 

SentinelStaticEngine.exe 

CNTAoSMgr.exe 

msascuil.exe 

SentinelStaticEngineScanner.exe 

coreFrameworkHost.exe 

MsMpEng.exe 

shstat.exe 

coreServiceShell.exe 

msseces.exe 

sophosav.exe 

CrAmTray.exe 

MsSense.exe 

SophosClean.exe 

CrsSvc.exe 

nortonsecurity.exe 

SophosHealth.exe 

CybereasonAV.exe 

Notifier.exe 

sophossps.exe 

CylanceSvc.exe 

nsservice.exe 

sophosui.exe 

cyserver.exe 

Ntrtscan.exe 

TaniumClient.exe 

CyveraService.exe 

pavfnsvr.exe 

TaniumCX.exe 

CyveraService.exe 

pavsrv.exe 

TaniumDetectEngine.exe 

CyvrFsFlt.exe 

PccNTMon.exe 

tm_netagent.exe 

ds_monitor.exe 

psanhost.exe 

TMBMSRV.exe 

dsa-connect.exe 

PtSessionAgent.exe 

TmCCSF.exe 

EIConnector.exe 

PtWatchDog.exe 

tmntsrv.exe 

elastic-agent.exe 

QualysAgent.exe 

tmproxy.exe 

elastic-endpoint.exe 

RepMgr.exe 

TmWSCSvc.exe 

EndpointBasecamp.exe 

RepUtils.exe 

uiSeAgnt.exe 

EPConsole.exe 

RepWAV.exe 

uiUpdateTray.exe 

EPSecurityService.exe 

RepWSC.exe 

uiWinMgr.exe 

EPUpdateService.exe 

rtvscan.exe 

uiWinMgrwrsa.exe 

ExecutionPreventionSvc.exe 

savservice.exe 

updatesrv.exe 

vavgnt.exe 

WatchDog.exe 

WSCommunicator.eTmListen.exe 

VMsMpEng.exe 

windefend.exe 

WSCommunicator.exe 

vsserv.exe 

winlogbeat.exe 

Ypavfnsvr.exe 

WRSkyClient.x64.exe 

WRCoreService.x64.exe 

テ「竄ャツッ 



List of commands that LogDel.bat executes

objectCmd:
attrib  Default.rdp -s -h
reg  add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers"
reg  delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" /f
reg  delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" /va /f
wevtutil.exe  cl "muxencode"
wevtutil.exe  cl "Windows.Globalization/Analytic"
wevtutil.exe  cl "Windows PowerShell"
wevtutil.exe  cl "Windows Networking Vpn Plugin Platform/OperationalVerbose"
wevtutil.exe  cl "Windows Networking Vpn Plugin Platform/Operational"
wevtutil.exe  cl "WMPSyncEngine"
wevtutil.exe  cl "WMPSetup"
wevtutil.exe  cl "WINDOWS_wmvdecod_CHANNEL"
wevtutil.exe  cl "WINDOWS_WMPHOTO_CHANNEL"
wevtutil.exe  cl "WINDOWS_VC1ENC_CHANNEL"
wevtutil.exe  cl "WINDOWS_MSMPEG2VDEC_CHANNEL"
wevtutil.exe  cl "WINDOWS_MP4SDECD_CHANNEL"
wevtutil.exe  cl "WINDOWS_MFH264Enc_CHANNEL"
wevtutil.exe  cl "WINDOWS_KS_CHANNEL"
wevtutil.exe  cl "UIManager_Channel"
wevtutil.exe  cl "TimeBroker"
wevtutil.exe  cl "TabletPC_InputPanel_Channel/IHM"
wevtutil.exe  cl "TabletPC_InputPanel_Channel"
wevtutil.exe  cl "SystemEventsBroker"
wevtutil.exe  cl "System"
wevtutil.exe  cl "SmbWmiAnalytic"
wevtutil.exe  cl "Setup"
wevtutil.exe  cl "Security"
wevtutil.exe  cl "SMSApi"
wevtutil.exe  cl "RTWorkQueueTheading"
wevtutil.exe  cl "RTWorkQueueExtended"
wevtutil.exe  cl "Physical_Keyboard_Manager_Channel"
wevtutil.exe  cl "PICAgentLog"
wevtutil.exe  cl "OSK_SoftKeyboard_Channel"
wevtutil.exe  cl "Network Isolation Operational"
wevtutil.exe  cl "Navigator"
wevtutil.exe  cl "NIS-Driver-WFP/Diagnostic"
wevtutil.exe  cl "Microsoft-WindowsPhone-LocationServiceProvider/Debug"
wevtutil.exe  cl "Microsoft-Windows-stobject/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-osk/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-ntshrui-perf"
wevtutil.exe  cl "Microsoft-Windows-ntshrui"
wevtutil.exe  cl "Microsoft-Windows-mobsync/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-glcnd/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-glcnd/Debug"
wevtutil.exe  cl "Microsoft-Windows-glcnd/Admin"
wevtutil.exe  cl "Microsoft-Windows-XAudio2/Performance"
wevtutil.exe  cl "Microsoft-Windows-XAudio2/Debug"
wevtutil.exe  cl "Microsoft-Windows-XAML/Default"
wevtutil.exe  cl "Microsoft-Windows-XAML-Diagnostics/Default"
wevtutil.exe  cl "Microsoft-Windows-Workplace Join/Admin"
wevtutil.exe  cl "Microsoft-Windows-Wordpad/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Wordpad/Debug"
wevtutil.exe  cl "Microsoft-Windows-Wordpad/Admin"
wevtutil.exe  cl "Microsoft-Windows-Wired-AutoConfig/Operational"
wevtutil.exe  cl "Microsoft-Windows-Wired-AutoConfig/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Winsrv/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Winsock-WS2HELP/Operational"
wevtutil.exe  cl "Microsoft-Windows-Winsock-NameResolution/Operational"
wevtutil.exe  cl "Microsoft-Windows-Winsock-AFD/Operational"
wevtutil.exe  cl "Microsoft-Windows-Winlogon/Operational"
wevtutil.exe  cl "Microsoft-Windows-Winlogon/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Wininit/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-WindowsUpdateClient/Operational"
wevtutil.exe  cl "Microsoft-Windows-WindowsUpdateClient/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WindowsUIImmersive/Operational"
wevtutil.exe  cl "Microsoft-Windows-WindowsUIImmersive/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-WindowsSystemAssessmentTool/Tracing"
wevtutil.exe  cl "Microsoft-Windows-WindowsSystemAssessmentTool/Operational"
wevtutil.exe  cl "Microsoft-Windows-WindowsColorSystem/Operational"
wevtutil.exe  cl "Microsoft-Windows-WindowsColorSystem/Debug"
wevtutil.exe  cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"
wevtutil.exe  cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
wevtutil.exe  cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"
wevtutil.exe  cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"
wevtutil.exe  cl "Microsoft-Windows-Windows Defender/WHC"
wevtutil.exe  cl "Microsoft-Windows-Windows Defender/Operational"
wevtutil.exe  cl "Microsoft-Windows-Windeploy/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WinURLMon/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WinRM/Operational"
wevtutil.exe  cl "Microsoft-Windows-WinRM/Debug"
wevtutil.exe  cl "Microsoft-Windows-WinRM/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WinNat/Trace"
wevtutil.exe  cl "Microsoft-Windows-WinNat/Oper"
wevtutil.exe  cl "Microsoft-Windows-WinMDE/MDE"
wevtutil.exe  cl "Microsoft-Windows-WinINet/WebSocket"
wevtutil.exe  cl "Microsoft-Windows-WinINet/UsageLog"
wevtutil.exe  cl "Microsoft-Windows-WinINet/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WinINet-Config/ProxyConfigChanged"
wevtutil.exe  cl "Microsoft-Windows-WinINet-Capture/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WinHttp/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-WinHTTP-NDF/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Win32k/UIPI"
wevtutil.exe  cl "Microsoft-Windows-Win32k/Tracing"
wevtutil.exe  cl "Microsoft-Windows-Win32k/Render"
wevtutil.exe  cl "Microsoft-Windows-Win32k/Power"
wevtutil.exe  cl "Microsoft-Windows-Win32k/Operational"
wevtutil.exe  cl "Microsoft-Windows-Win32k/Messages"
wevtutil.exe  cl "Microsoft-Windows-Win32k/Contention"
wevtutil.exe  cl "Microsoft-Windows-Win32k/Concurrency"
wevtutil.exe  cl "Microsoft-Windows-Websocket-Protocol-Component/Tracing"
wevtutil.exe  cl "Microsoft-Windows-WebcamProvider/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WebServices/Tracing"
wevtutil.exe  cl "Microsoft-Windows-WebIO/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-WebIO-NDF/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-WebAuth/Operational"
wevtutil.exe  cl "Microsoft-Windows-Wcmsvc/Operational"
wevtutil.exe  cl "Microsoft-Windows-Wcmsvc/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-WUSA/Debug"
wevtutil.exe  cl "Microsoft-Windows-WPD-MTPUS/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WPD-MTPIP/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WPD-MTPClassDriver/Operational"
wevtutil.exe  cl "Microsoft-Windows-WPD-MTPClassDriver/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WPD-MTPBT/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WPD-CompositeClassDriver/Operational"
wevtutil.exe  cl "Microsoft-Windows-WPD-CompositeClassDriver/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WPD-ClassInstaller/Operational"
wevtutil.exe  cl "Microsoft-Windows-WPD-ClassInstaller/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WPD-API/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WMPDMCUI/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-WMI-Activity/Trace"
wevtutil.exe  cl "Microsoft-Windows-WMI-Activity/Operational"
wevtutil.exe  cl "Microsoft-Windows-WMI-Activity/Debug"
wevtutil.exe  cl "Microsoft-Windows-WLANConnectionFlow/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-WLAN-MediaManager/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-WFP/Operational"
wevtutil.exe  cl "Microsoft-Windows-WFP/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WEPHOSTSVC/Operational"
wevtutil.exe  cl "Microsoft-Windows-WCNWiz/Analytic"
wevtutil.exe  cl "Microsoft-Windows-WCN-Config-Registrar/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-WABSyncProvider/Analytic"
wevtutil.exe  cl "Microsoft-Windows-VolumeSnapshot-Driver/Operational"
wevtutil.exe  cl "Microsoft-Windows-VolumeSnapshot-Driver/Analytic"
wevtutil.exe  cl "Microsoft-Windows-VolumeControl/Performance"
wevtutil.exe  cl "Microsoft-Windows-Volume/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-VerifyHardwareSecurity/Operational"
wevtutil.exe  cl "Microsoft-Windows-VerifyHardwareSecurity/Admin"
wevtutil.exe  cl "Microsoft-Windows-VPN/Operational"
wevtutil.exe  cl "Microsoft-Windows-VPN-Client/Operational"
wevtutil.exe  cl "Microsoft-Windows-VHDMP-Operational"
wevtutil.exe  cl "Microsoft-Windows-VHDMP-Analytic"
wevtutil.exe  cl "Microsoft-Windows-VDRVROOT/Operational"
wevtutil.exe  cl "Microsoft-Windows-VAN/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-UxTheme/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-UxInit/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-UserPnp/SchedulerOperations"
wevtutil.exe  cl "Microsoft-Windows-UserPnp/Performance"
wevtutil.exe  cl "Microsoft-Windows-UserPnp/DeviceMetadata/Debug"
wevtutil.exe  cl "Microsoft-Windows-UserPnp/DeviceInstall"
wevtutil.exe  cl "Microsoft-Windows-UserPnp/ActionCenter"
wevtutil.exe  cl "Microsoft-Windows-UserModePowerService/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-UserAccountControl/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-User-Loader/Operational"
wevtutil.exe  cl "Microsoft-Windows-User-Loader/Analytic"
wevtutil.exe  cl "Microsoft-Windows-User Profile Service/Operational"
wevtutil.exe  cl "Microsoft-Windows-User Profile Service/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-User Device Registration/Debug"
wevtutil.exe  cl "Microsoft-Windows-User Device Registration/Admin"
wevtutil.exe  cl "Microsoft-Windows-User Control Panel/Operational"
wevtutil.exe  cl "Microsoft-Windows-User Control Panel/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-User Control Panel Usage/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Usbstor/Analytic"
wevtutil.exe  cl "Microsoft-Windows-UniversalTelemetryClient/Operational"
wevtutil.exe  cl "Microsoft-Windows-USB-USBXHCI-Analytic"
wevtutil.exe  cl "Microsoft-Windows-USB-USBPORT/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-USB-USBHUB3-Analytic"
wevtutil.exe  cl "Microsoft-Windows-USB-USBHUB/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-USB-UCX-Analytic"
wevtutil.exe  cl "Microsoft-Windows-UIRibbon/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-UIAutomationCore/Perf"
wevtutil.exe  cl "Microsoft-Windows-UIAutomationCore/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-UIAutomationCore/Debug"
wevtutil.exe  cl "Microsoft-Windows-UIAnimation/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-UI-Shell/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-UAC/Operational"
wevtutil.exe  cl "Microsoft-Windows-UAC-FileVirtualization/Operational"
wevtutil.exe  cl "Microsoft-Windows-TunnelDriver"
wevtutil.exe  cl "Microsoft-Windows-Threat-Intelligence/Analytic"
wevtutil.exe  cl "Microsoft-Windows-ThemeUI/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-ThemeCPL/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Tethering-Manager/Analytic"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-SessionBroker-Client/Operational"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-SessionBroker-Client/Debug"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-SessionBroker-Client/Analytic"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-SessionBroker-Client/Admin"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-RDPClient/Operational"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-RDPClient/Debug"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-RDPClient/Analytic"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-Printers/Operational"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-Printers/Debug"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-Printers/Analytic"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-Printers/Admin"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-PnPDevices/Operational"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-PnPDevices/Debug"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-PnPDevices/Analytic"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-PnPDevices/Admin"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-MediaRedirection/Analytic"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Debug"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic"
wevtutil.exe  cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin"
wevtutil.exe  cl "Microsoft-Windows-TaskbarCPL/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-TaskScheduler/Operational"
wevtutil.exe  cl "Microsoft-Windows-TaskScheduler/Maintenance"
wevtutil.exe  cl "Microsoft-Windows-TaskScheduler/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-TaskScheduler/Debug"
wevtutil.exe  cl "Microsoft-Windows-TZUtil/Operational"
wevtutil.exe  cl "Microsoft-Windows-TZSync/Operational"
wevtutil.exe  cl "Microsoft-Windows-TZSync/Analytic"
wevtutil.exe  cl "Microsoft-Windows-TWinUI/Operational"
wevtutil.exe  cl "Microsoft-Windows-TWinUI/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-TWinAPI/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-TTS/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-TSF-msutb/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-TSF-msutb/Debug"
wevtutil.exe  cl "Microsoft-Windows-TSF-msctf/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-TSF-msctf/Debug"
wevtutil.exe  cl "Microsoft-Windows-TCPIP/Operational"
wevtutil.exe  cl "Microsoft-Windows-TCPIP/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-SystemSettingsThreshold/Operational"
wevtutil.exe  cl "Microsoft-Windows-SystemSettingsThreshold/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-SystemSettingsThreshold/Debug"
wevtutil.exe  cl "Microsoft-Windows-System-Profile-HardwareId/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Sysprep/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Superfetch/StoreLog"
wevtutil.exe  cl "Microsoft-Windows-Superfetch/PfApLog"
wevtutil.exe  cl "Microsoft-Windows-Superfetch/Main"
wevtutil.exe  cl "Microsoft-Windows-Subsys-SMSS/Operational"
wevtutil.exe  cl "Microsoft-Windows-Subsys-Csr/Operational"
wevtutil.exe  cl "Microsoft-Windows-Store/Operational"
wevtutil.exe  cl "Microsoft-Windows-StorageSpaces-SpaceManager/Operational"
wevtutil.exe  cl "Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-StorageSpaces-ManagementAgent/WHC"
wevtutil.exe  cl "Microsoft-Windows-StorageSpaces-Driver/Performance"
wevtutil.exe  cl "Microsoft-Windows-StorageSpaces-Driver/Operational"
wevtutil.exe  cl "Microsoft-Windows-StorageSpaces-Driver/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-StorageManagement/Operational"
wevtutil.exe  cl "Microsoft-Windows-StorageManagement/Debug"
wevtutil.exe  cl "Microsoft-Windows-Storage-Tiering/Admin"
wevtutil.exe  cl "Microsoft-Windows-Storage-Tiering-IoHeat/Heat"
wevtutil.exe  cl "Microsoft-Windows-Storage-Storport/Operational"
wevtutil.exe  cl "Microsoft-Windows-Storage-Storport/Diagnose"
wevtutil.exe  cl "Microsoft-Windows-Storage-Storport/Debug"
wevtutil.exe  cl "Microsoft-Windows-Storage-Storport/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Storage-Storport/Admin"
wevtutil.exe  cl "Microsoft-Windows-Storage-Disk/Operational"
wevtutil.exe  cl "Microsoft-Windows-Storage-Disk/Diagnose"
wevtutil.exe  cl "Microsoft-Windows-Storage-Disk/Debug"
wevtutil.exe  cl "Microsoft-Windows-Storage-Disk/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Storage-Disk/Admin"
wevtutil.exe  cl "Microsoft-Windows-Storage-ClassPnP/Operational"
wevtutil.exe  cl "Microsoft-Windows-Storage-ClassPnP/Diagnose"
wevtutil.exe  cl "Microsoft-Windows-Storage-ClassPnP/Debug"
wevtutil.exe  cl "Microsoft-Windows-Storage-ClassPnP/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Storage-ClassPnP/Admin"
wevtutil.exe  cl "Microsoft-Windows-Storage-ATAPort/Operational"
wevtutil.exe  cl "Microsoft-Windows-Storage-ATAPort/Diagnose"
wevtutil.exe  cl "Microsoft-Windows-Storage-ATAPort/Debug"
wevtutil.exe  cl "Microsoft-Windows-Storage-ATAPort/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Storage-ATAPort/Admin"
wevtutil.exe  cl "Microsoft-Windows-StorPort/Operational"
wevtutil.exe  cl "Microsoft-Windows-StorDiag/Operational"
wevtutil.exe  cl "Microsoft-Windows-StateRepository/Restricted"
wevtutil.exe  cl "Microsoft-Windows-StateRepository/Operational"
wevtutil.exe  cl "Microsoft-Windows-StateRepository/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-StateRepository/Debug"
wevtutil.exe  cl "Microsoft-Windows-SrumTelemetry"
wevtutil.exe  cl "Microsoft-Windows-Spellchecking-Host/Analytic"
wevtutil.exe  cl "Microsoft-Windows-SpellChecker/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Spell-Checking/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Speech-UserExperience/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-SmbClient/Security"
wevtutil.exe  cl "Microsoft-Windows-SmbClient/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-SmbClient/Connectivity"
wevtutil.exe  cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational"
wevtutil.exe  cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin"
wevtutil.exe  cl "Microsoft-Windows-SmartCard-DeviceEnum/Operational"
wevtutil.exe  cl "Microsoft-Windows-SmartCard-Audit/Authentication"
wevtutil.exe  cl "Microsoft-Windows-SleepStudy/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-SilProvider/Operational"
wevtutil.exe  cl "Microsoft-Windows-SilProvider/Debug"
wevtutil.exe  cl "Microsoft-Windows-Shsvcs/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Shell-ZipFolder/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Shell-Shwebsvc"
wevtutil.exe  cl "Microsoft-Windows-Shell-Search-UriHandler"
wevtutil.exe  cl "Microsoft-Windows-Shell-OpenWith/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Shell-LockScreenContent/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Shell-Core/Operational"
wevtutil.exe  cl "Microsoft-Windows-Shell-Core/LogonTasksChannel"
wevtutil.exe  cl "Microsoft-Windows-Shell-Core/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Shell-Core/AppDefaults"
wevtutil.exe  cl "Microsoft-Windows-Shell-Core/ActionCenter"
wevtutil.exe  cl "Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter"
wevtutil.exe  cl "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Shell-AppWizCpl/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-SetupUGC/Analytic"
wevtutil.exe  cl "Microsoft-Windows-SetupQueue/Analytic"
wevtutil.exe  cl "Microsoft-Windows-SetupPlatform/Analytic"
wevtutil.exe  cl "Microsoft-Windows-SetupCl/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Setup/Analytic"
wevtutil.exe  cl "Microsoft-Windows-SettingSync/VerboseDebug"
wevtutil.exe  cl "Microsoft-Windows-SettingSync/Operational"
wevtutil.exe  cl "Microsoft-Windows-SettingSync/Debug"
wevtutil.exe  cl "Microsoft-Windows-SettingSync/Analytic"
wevtutil.exe  cl "Microsoft-Windows-SettingSync-Azure/Operational"
wevtutil.exe  cl "Microsoft-Windows-SettingSync-Azure/Debug"
wevtutil.exe  cl "Microsoft-Windows-Servicing/Debug"
wevtutil.exe  cl "Microsoft-Windows-Services/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Services-Svchost/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-ServiceReportingApi/Debug"
wevtutil.exe  cl "Microsoft-Windows-ServerManager-MultiMachine/Operational"
wevtutil.exe  cl "Microsoft-Windows-ServerManager-MultiMachine/Debug"
wevtutil.exe  cl "Microsoft-Windows-ServerManager-MultiMachine/Admin"
wevtutil.exe  cl "Microsoft-Windows-ServerManager-MgmtProvider/Operational"
wevtutil.exe  cl "Microsoft-Windows-ServerManager-MgmtProvider/Debug"
wevtutil.exe  cl "Microsoft-Windows-ServerManager-DeploymentProvider/Operational"
wevtutil.exe  cl "Microsoft-Windows-ServerManager-DeploymentProvider/Debug"
wevtutil.exe  cl "Microsoft-Windows-ServerManager-ConfigureSMRemoting/Operational"
wevtutil.exe  cl "Microsoft-Windows-ServerManager-ConfigureSMRemoting/Debug"
wevtutil.exe  cl "Microsoft-Windows-ServerEssentials-Deployment/Deploy"
wevtutil.exe  cl "Microsoft-Windows-Serial-ClassExtension/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Serial-ClassExtension-V2/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Sensors/Performance"
wevtutil.exe  cl "Microsoft-Windows-Sensors/Debug"
wevtutil.exe  cl "Microsoft-Windows-Sens/Debug"
wevtutil.exe  cl "Microsoft-Windows-SendTo/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Security-Vault/Performance"
wevtutil.exe  cl "Microsoft-Windows-Security-UserConsentVerifier/Audit"
wevtutil.exe  cl "Microsoft-Windows-Security-SPP/Perf"
wevtutil.exe  cl "Microsoft-Windows-Security-SPP-UX/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter"
wevtutil.exe  cl "Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational"
wevtutil.exe  cl "Microsoft-Windows-Security-SPP-UX-GC/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Security-Netlogon/Operational"
wevtutil.exe  cl "Microsoft-Windows-Security-Mitigations/UserMode"
wevtutil.exe  cl "Microsoft-Windows-Security-Mitigations/KernelMode"
wevtutil.exe  cl "Microsoft-Windows-Security-IdentityStore/Performance"
wevtutil.exe  cl "Microsoft-Windows-Security-IdentityListener/Operational"
wevtutil.exe  cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance"
wevtutil.exe  cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational"
wevtutil.exe  cl "Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational"
wevtutil.exe  cl "Microsoft-Windows-Security-Audit-Configuration-Client/Operational"
wevtutil.exe  cl "Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-SearchUI/Operational"
wevtutil.exe  cl "Microsoft-Windows-SearchUI/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Search-ProtocolHandlers/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Search-Core/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Sdstor/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Sdbus/Debug"
wevtutil.exe  cl "Microsoft-Windows-Sdbus/Analytic"
wevtutil.exe  cl "Microsoft-Windows-ScmDisk0101/Operational"
wevtutil.exe  cl "Microsoft-Windows-ScmDisk0101/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-ScmDisk0101/Analytic"
wevtutil.exe  cl "Microsoft-Windows-ScmBus/Operational"
wevtutil.exe  cl "Microsoft-Windows-ScmBus/Diagnose"
wevtutil.exe  cl "Microsoft-Windows-ScmBus/Certification"
wevtutil.exe  cl "Microsoft-Windows-ScmBus/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Schannel-Events/Perf"
wevtutil.exe  cl "Microsoft-Windows-SPB-HIDI2C/Analytic"
wevtutil.exe  cl "Microsoft-Windows-SPB-ClassExtension/Analytic"
wevtutil.exe  cl "Microsoft-Windows-SMBWitnessClient/Informational"
wevtutil.exe  cl "Microsoft-Windows-SMBWitnessClient/Admin"
wevtutil.exe  cl "Microsoft-Windows-SMBServer/Security"
wevtutil.exe  cl "Microsoft-Windows-SMBServer/Performance"
wevtutil.exe  cl "Microsoft-Windows-SMBServer/Operational"
wevtutil.exe  cl "Microsoft-Windows-SMBServer/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-SMBServer/Connectivity"
wevtutil.exe  cl "Microsoft-Windows-SMBServer/Audit"
wevtutil.exe  cl "Microsoft-Windows-SMBServer/Analytic"
wevtutil.exe  cl "Microsoft-Windows-SMBDirect/Netmon"
wevtutil.exe  cl "Microsoft-Windows-SMBDirect/Debug"
wevtutil.exe  cl "Microsoft-Windows-SMBDirect/Admin"
wevtutil.exe  cl "Microsoft-Windows-SMBClient/Operational"
wevtutil.exe  cl "Microsoft-Windows-SMBClient/ObjectStateDiagnostic"
wevtutil.exe  cl "Microsoft-Windows-SMBClient/HelperClassDiagnostic"
wevtutil.exe  cl "Microsoft-Windows-SMBClient/Analytic"
wevtutil.exe  cl "Microsoft-Windows-SDDC-Management/Operational"
wevtutil.exe  cl "Microsoft-Windows-SDDC-Management/Admin"
wevtutil.exe  cl "Microsoft-Windows-Runtime/Error"
wevtutil.exe  cl "Microsoft-Windows-Runtime/CreateInstance"
wevtutil.exe  cl "Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode"
wevtutil.exe  cl "Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource"
wevtutil.exe  cl "Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine"
wevtutil.exe  cl "Microsoft-Windows-Runtime-WebAPI/Tracing"
wevtutil.exe  cl "Microsoft-Windows-Runtime-Web-Http/Tracing"
wevtutil.exe  cl "Microsoft-Windows-Runtime-Networking/Tracing"
wevtutil.exe  cl "Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing"
wevtutil.exe  cl "Microsoft-Windows-Runtime-Graphics/Analytic"
wevtutil.exe  cl "Microsoft-Windows-RestartManager/Operational"
wevtutil.exe  cl "Microsoft-Windows-ResourcePublication/Tracing"
wevtutil.exe  cl "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational"
wevtutil.exe  cl "Microsoft-Windows-Resource-Exhaustion-Detector/Operational"
wevtutil.exe  cl "Microsoft-Windows-ResetEng-Trace/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Remotefs-Rdbss/Operational"
wevtutil.exe  cl "Microsoft-Windows-Remotefs-Rdbss/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational"
wevtutil.exe  cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug"
wevtutil.exe  cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug"
wevtutil.exe  cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin"
wevtutil.exe  cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational"
wevtutil.exe  cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug"
wevtutil.exe  cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin"
wevtutil.exe  cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational"
wevtutil.exe  cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"
wevtutil.exe  cl "Microsoft-Windows-Regsvr32/Operational"
wevtutil.exe  cl "Microsoft-Windows-ReadyBoost/Operational"
wevtutil.exe  cl "Microsoft-Windows-ReadyBoost/Analytic"
wevtutil.exe  cl "Microsoft-Windows-ReFS/Operational"
wevtutil.exe  cl "Microsoft-Windows-RasAgileVpn/Operational"
wevtutil.exe  cl "Microsoft-Windows-RasAgileVpn/Debug"
wevtutil.exe  cl "Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-RadioManager/Analytic"
wevtutil.exe  cl "Microsoft-Windows-RRAS/Operational"
wevtutil.exe  cl "Microsoft-Windows-RRAS/Debug"
wevtutil.exe  cl "Microsoft-Windows-RPC/EEInfo"
wevtutil.exe  cl "Microsoft-Windows-RPC/Debug"
wevtutil.exe  cl "Microsoft-Windows-RPC-Proxy/Debug"
wevtutil.exe  cl "Microsoft-Windows-QoS-qWAVE/Debug"
wevtutil.exe  cl "Microsoft-Windows-QoS-Pacer/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-PushNotification-Platform/Operational"
wevtutil.exe  cl "Microsoft-Windows-PushNotification-Platform/Debug"
wevtutil.exe  cl "Microsoft-Windows-PushNotification-Platform/Admin"
wevtutil.exe  cl "Microsoft-Windows-PushNotification-InProc/Debug"
wevtutil.exe  cl "Microsoft-Windows-PushNotification-Developer/Debug"
wevtutil.exe  cl "Microsoft-Windows-Proximity-Common/Performance"
wevtutil.exe  cl "Microsoft-Windows-Proximity-Common/Informational"
wevtutil.exe  cl "Microsoft-Windows-Proximity-Common/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade"
wevtutil.exe  cl "Microsoft-Windows-Program-Compatibility-Assistant/Analytic"
wevtutil.exe  cl "Microsoft-Windows-ProcessStateManager/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-PrintService/Operational"
wevtutil.exe  cl "Microsoft-Windows-PrintService/Debug"
wevtutil.exe  cl "Microsoft-Windows-PrintService/Admin"
wevtutil.exe  cl "Microsoft-Windows-PrintService-USBMon/Debug"
wevtutil.exe  cl "Microsoft-Windows-PrintDialogs3D/Analytic"
wevtutil.exe  cl "Microsoft-Windows-PrintDialogs/Analytic"
wevtutil.exe  cl "Microsoft-Windows-PrintBRM/Admin"
wevtutil.exe  cl "Microsoft-Windows-PrimaryNetworkIcon/Performance"
wevtutil.exe  cl "Microsoft-Windows-PowerShell/Operational"
wevtutil.exe  cl "Microsoft-Windows-PowerShell/Debug"
wevtutil.exe  cl "Microsoft-Windows-PowerShell/Analytic"
wevtutil.exe  cl "Microsoft-Windows-PowerShell/Admin"
wevtutil.exe  cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational"
wevtutil.exe  cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug"
wevtutil.exe  cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic"
wevtutil.exe  cl "Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-PowerCpl/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-PowerCfg/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Power-Meter-Polling/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-PortableDeviceSyncProvider/Analytic"
wevtutil.exe  cl "Microsoft-Windows-PortableDeviceStatusProvider/Analytic"
wevtutil.exe  cl "Microsoft-Windows-Policy/Operational"
wevtutil.exe  cl "Microsoft-Windows-Policy/Analytic"
wevtutil.exe  cl "Microsoft-Windows-PlayToManager/Analytic"
wevtutil.exe  cl "Microsoft-Windows-PhotoAcq/Analytic"
wevtutil.exe  cl "Microsoft-Windows-PerceptionSensorDataService/Operational"
wevtutil.exe  cl "Microsoft-Windows-PerceptionRuntime/Operational"
wevtutil.exe  cl "Microsoft-Windows-Partition/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-Partition/Analytic"
wevtutil.exe  cl "Microsoft-Windows-PackageStateRoaming/Operational"
wevtutil.exe  cl "Microsoft-Windows-PackageStateRoaming/Debug"
wevtutil.exe  cl "Microsoft-Windows-PackageStateRoaming/Analytic"
wevtutil.exe  cl "Microsoft-Windows-PCI/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-OtpCredentialProvider/Operational"
wevtutil.exe  cl "Microsoft-Windows-OobeLdr/Analytic"
wevtutil.exe  cl "Microsoft-Windows-OneX/Operational"
wevtutil.exe  cl "Microsoft-Windows-OneX/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-OneBackup/Debug"
wevtutil.exe  cl "Microsoft-Windows-OfflineFiles/SyncLog"
wevtutil.exe  cl "Microsoft-Windows-OfflineFiles/Operational"
wevtutil.exe  cl "Microsoft-Windows-OfflineFiles/Debug"
wevtutil.exe  cl "Microsoft-Windows-OfflineFiles/Analytic"
wevtutil.exe  cl "Microsoft-Windows-OOBE-Machine-Plugins/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-OOBE-Machine-DUI/Operational"
wevtutil.exe  cl "Microsoft-Windows-OOBE-Machine-DUI/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-OOBE-Machine-Core/Diagnostic"
wevtutil.exe  cl "Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic"