The service control command
was executed on an endpoint to create a new service or configure
an existing one. This is suspicious, as the executable set to be
run as a service is an often-abused (though legitimate) one, and
the same command line was seen on only a handful of endpoints in
the last 14 days, if at all.
Evading security controls
and possibly persisting malware.
Check whether the
service created, or the configuration change to an existing service,
is benign or normal for the host and/or user performing it.