EvtMute: Pwning Windows Event Logging with YARA rules