I have noticed that a CMD script seems to randomly run while doing things but cannot seem to capture what or where it's coming from. Is there a way to use some sort of logging app to see what comes and goes in terms of apps and scripts?
1
-
While reverse engineering "back in the day" I replaced cmd.exe with my own cmd.exe I wrote. after logging whatever I wanted, I then called the REAL cmd.exe with the same arguments. This should work for just about anything to include powershell. Windows will complain about the file and you might need to change some permissions but it should still work.. if you can program or know someone who does this is easy-peasy.– Señor CMasMasCommented Aug 8, 2020 at 4:03
Add a comment
|
2 Answers
You could start a screen capture with a program like Open Broadcaster Studio, or many other alternatives. In OBS, add a new scene, and add a DisplayCapture source, and start recording. The screen capture video file will be saved to your user videos folder by default. If you see the popup, stop recording and review your footage. The running program should be in the title bar of the CMD window.
You could review your Resource Manager and look for disk usage by applications, which can help you see which apps are currently changing files.
There could possibly be something logged in Event Viewer.
I'd look closely at task scheduler & services. I used to like looking at msconfig, services tab, & checking 'hide system services' so you only see services that were installed from programs or drivers that aren't part of windows. Not sure if you can with Win10 now since i know it points you to services. Try to narrow down when it's happening: every 10min, every time you open a new chrome tab, etc.
