The attack chain involves the PAExec remote administration tool, an alternative to PsExec that’s used as a launchpad to create a scheduled task that masquerades as ‘MicrosoftsUpdate’ which subsequently is configured to execute a Windows batch script.