Event ID 7045: A service was installed in the system (System)
What this Event ID actually records on disk, the EventData fields worth reading first, and where it sits in a DFIR triage workflow.
- Channel
- System
- Provider
- Windows\System
- Triage notes
- MITRE T1543.003. PsExec signature when ImagePath is %SystemRoot%\PSEXESVC.exe.