(((Image:\\wevtutil.exe OR OriginalFileName:wevtutil.exe) (CommandLine:clear\-log\ * OR CommandLine:\ cl\ * OR CommandLine:set\-log\ * OR CommandLine:\ sl\ * OR CommandLine:lfn\:*)) OR ((Image:\\powershell.exe OR Image:\\powershell_ise.exe OR Image:\\pwsh.exe) ((CommandLine:Clear\-EventLog\ * OR CommandLine:Remove\-EventLog\ * OR CommandLine:Limit\-EventLog\ * OR CommandLine:Clear\-WinEvent\ *) OR (CommandLine:Eventing.Reader.EventLogSession* CommandLine:ClearLog*) OR (CommandLine:Diagnostics.EventLog* CommandLine:Clear*))) OR ((Image:\\powershell.exe OR Image:\\powershell_ise.exe OR Image:\\pwsh.exe OR Image:\\wmic.exe) CommandLine:ClearEventLog*)) (-((ParentImage:C\:\\Windows\\SysWOW64\\msiexec.exe OR ParentImage:C\:\\Windows\\System32\\msiexec.exe) CommandLine:\ sl\ *))