Suspicious Eventlog Clear or Configuration Change (cc36992a-4671-4f21-a91d-6c2b72a2edf5)
Detects clearing or configuration of eventlogs using wevtutil, powershell and wmic. Might be used by ransomwares during the attack (seen by NotPetya and others).