Is it possible that a malware can edit the Windows Event Log to hide System Event Log entries (specifically 6005 and 6006, which indicate startup and shutdown respectively)?
If it is not possible, can you please explain the technical reason why even sophisticated malware may not be able to modify this record?
