none
Windows Event Logs RRS feed

  • Question

  • Looking at Windows Event 4688 Process Command Line -

    I see items that I typed in the command line like this

    C:\WINDOWS\system32\cmd.exe /c netstat -anp tcp | findstr LISTEN

    and this

    cmd.exe /c del C:\Windows\System32\backdoor.bat

    but then I see things like this

    C:\WINDOWS\system32\cmd.exe /c ""C:\Program Files\blahblah\blahblah\blahblah.exe""

    What do the quotes mean?
    (end goal here is to find maliciousness in the event logs)

    Thanks!

    Wednesday, November 29, 2017 11:19 PM