Phant0m | Windows Event Log Killer
On Windows operating systems, svchost.exe manages the services and services are actually running under
svchost.exe’s as threads. Phant0m targets theEvent Logservice and finding the process responsible for theEvent Logservice, it detects and kills the threads responsible for the Event Log service. Thus, while the Event Log service appears to be running in the system (because Phant0m didn’t kill process), it does not actually run (because Phant0m killed threads) and the system does not collect logs. Phant0m | Windows Event Log Killer
