The attack chain involves the PAExec remote administration tool, an alternative to PsExec that's used as a launchpad to create a scheduled task that masquerades as 'MicrosoftsUpdate' which subsequently is configured to execute a Windows batch script.
/https://cyware-ent.s3.amazonaws.com/image_bank/3ab3_shutterstock_257574442.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/9a76_shutterstock_2215483689.jpg)
