Windows

Eventvwr.exeEventvwr.exe

Platform
Windows
Abuse functions
2
Mapped techniques
1

Description

Eventvwr.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: UAC Bypass. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1548.002. Defenders should monitor execution of Eventvwr.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 2

UAC BypassT1548.002

Execute a binary or script as a high-integrity process without a UAC prompt.

UAC BypassT1548.002

Execute a command to bypass security restrictions that limit the use of command-line interpreters.

MITRE ATT&CK techniques· 1

T1548.002

Uses1

TypeTargetConfidenceTier
SubTechniqueBypass User Account Controlt1548.002100%live

Abuses1

TypeTargetConfidenceTier
SubTechniqueBypass User Account Controlt1548.00290%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
Appvlp.exe
LOLbin
Regsvr32.exe
LOLbin
VisualUiaVerifyNative.exe
LOLbin
Regsvcs.exe
LOLbin
Pcwrun.exe
LOLbin
Wlrmdr.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.