pid	Process
4504	Process not Found
3912	Process not Found
3896	Process not Found
2084	Process not Found
4360	Process not Found
4716	Process not Found
3200	WmiApSrv.exe
3228	Process not Found
4888	Process not Found
2344	Process not Found
3636	Process not Found
1220	Process not Found
3544	Process not Found
4456	Process not Found
4396	Process not Found
1500	Process not Found
3060	Process not Found
2228	Process not Found
4060	Process not Found
3164	Process not Found
4144	Process not Found
640	Process not Found
1692	Process not Found
464	Process not Found
3420	Process not Found
3012	Process not Found
2228	Process not Found
3112	Process not Found
4164	Process not Found
4396	Process not Found
3600	Process not Found
4180	Process not Found
2372	Process not Found
2720	Process not Found
4000	Process not Found
1188	Process not Found
3660	Process not Found
1536	Process not Found
5012	Process not Found
2484	Process not Found
4364	Process not Found
4164	Process not Found
1196	Process not Found
3956	Process not Found
4012	Process not Found
3052	Process not Found
3984	Process not Found
2488	Process not Found

pid	Process
3600	schtasks.exe
3740	schtasks.exe
2428	schtasks.exe
1692	schtasks.exe
5084	schtasks.exe
3916	schtasks.exe
3988	schtasks.exe
972	schtasks.exe
4220	schtasks.exe
2960	schtasks.exe
3252	schtasks.exe
4724	schtasks.exe
2904	schtasks.exe
2912	schtasks.exe
2228	schtasks.exe
3876	schtasks.exe
2640	schtasks.exe
3252	schtasks.exe
1424	schtasks.exe
2768	schtasks.exe
2620	schtasks.exe
3840	schtasks.exe
772	schtasks.exe
1696	schtasks.exe
3980	schtasks.exe
3848	schtasks.exe
4764	schtasks.exe
3696	schtasks.exe
1216	schtasks.exe
4812	schtasks.exe
4024	schtasks.exe
3268	schtasks.exe
3224	schtasks.exe
1424	schtasks.exe
2952	schtasks.exe
368	schtasks.exe
4988	schtasks.exe
4832	schtasks.exe
3268	schtasks.exe
4724	schtasks.exe
4504	schtasks.exe
4396	schtasks.exe
2288	schtasks.exe
1140	schtasks.exe

pid	Process
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
2972	Nursultan 3.0.exe
3200	WmiApSrv.exe

description	pid	Process	procid_target
PID 2972 wrote to memory of 2304	2972	Nursultan 3.0.exe	93
PID 2972 wrote to memory of 2304	2972	Nursultan 3.0.exe	93
PID 2304 wrote to memory of 3848	2304	CMD.exe	95
PID 2304 wrote to memory of 3848	2304	CMD.exe	95
PID 2972 wrote to memory of 3560	2972	Nursultan 3.0.exe	96
PID 2972 wrote to memory of 3560	2972	Nursultan 3.0.exe	96
PID 3560 wrote to memory of 4396	3560	CMD.exe	98
PID 3560 wrote to memory of 4396	3560	CMD.exe	98
PID 2972 wrote to memory of 3112	2972	Nursultan 3.0.exe	99
PID 2972 wrote to memory of 3112	2972	Nursultan 3.0.exe	99
PID 3112 wrote to memory of 2960	3112	CMD.exe	101
PID 3112 wrote to memory of 2960	3112	CMD.exe	101
PID 2972 wrote to memory of 1692	2972	Nursultan 3.0.exe	102
PID 2972 wrote to memory of 1692	2972	Nursultan 3.0.exe	102
PID 1692 wrote to memory of 4764	1692	CMD.exe	104
PID 1692 wrote to memory of 4764	1692	CMD.exe	104
PID 2972 wrote to memory of 4124	2972	Nursultan 3.0.exe	108
PID 2972 wrote to memory of 4124	2972	Nursultan 3.0.exe	108
PID 4124 wrote to memory of 3696	4124	CMD.exe	110
PID 4124 wrote to memory of 3696	4124	CMD.exe	110
PID 2972 wrote to memory of 2768	2972	Nursultan 3.0.exe	113
PID 2972 wrote to memory of 2768	2972	Nursultan 3.0.exe	113
PID 2768 wrote to memory of 2428	2768	CMD.exe	115
PID 2768 wrote to memory of 2428	2768	CMD.exe	115
PID 2972 wrote to memory of 4808	2972	Nursultan 3.0.exe	116
PID 2972 wrote to memory of 4808	2972	Nursultan 3.0.exe	116
PID 4808 wrote to memory of 3252	4808	CMD.exe	118
PID 4808 wrote to memory of 3252	4808	CMD.exe	118
PID 2972 wrote to memory of 336	2972	Nursultan 3.0.exe	119
PID 2972 wrote to memory of 336	2972	Nursultan 3.0.exe	119
PID 336 wrote to memory of 1692	336	CMD.exe	121
PID 336 wrote to memory of 1692	336	CMD.exe	121
PID 2972 wrote to memory of 2288	2972	Nursultan 3.0.exe	123
PID 2972 wrote to memory of 2288	2972	Nursultan 3.0.exe	123
PID 2288 wrote to memory of 5084	2288	CMD.exe	125
PID 2288 wrote to memory of 5084	2288	CMD.exe	125
PID 2972 wrote to memory of 5080	2972	Nursultan 3.0.exe	127
PID 2972 wrote to memory of 5080	2972	Nursultan 3.0.exe	127
PID 5080 wrote to memory of 3600	5080	CMD.exe	129
PID 5080 wrote to memory of 3600	5080	CMD.exe	129
PID 2972 wrote to memory of 2840	2972	Nursultan 3.0.exe	130
PID 2972 wrote to memory of 2840	2972	Nursultan 3.0.exe	130
PID 2840 wrote to memory of 2620	2840	CMD.exe	132
PID 2840 wrote to memory of 2620	2840	CMD.exe	132
PID 2972 wrote to memory of 1080	2972	Nursultan 3.0.exe	136
PID 2972 wrote to memory of 1080	2972	Nursultan 3.0.exe	136
PID 1080 wrote to memory of 3876	1080	CMD.exe	138
PID 1080 wrote to memory of 3876	1080	CMD.exe	138
PID 2972 wrote to memory of 852	2972	Nursultan 3.0.exe	139
PID 2972 wrote to memory of 852	2972	Nursultan 3.0.exe	139
PID 852 wrote to memory of 1424	852	CMD.exe	141
PID 852 wrote to memory of 1424	852	CMD.exe	141
PID 2972 wrote to memory of 2464	2972	Nursultan 3.0.exe	142
PID 2972 wrote to memory of 2464	2972	Nursultan 3.0.exe	142
PID 2464 wrote to memory of 3916	2464	CMD.exe	144
PID 2464 wrote to memory of 3916	2464	CMD.exe	144
PID 2972 wrote to memory of 1536	2972	Nursultan 3.0.exe	145
PID 2972 wrote to memory of 1536	2972	Nursultan 3.0.exe	145
PID 1536 wrote to memory of 4988	1536	CMD.exe	147
PID 1536 wrote to memory of 4988	1536	CMD.exe	147
PID 2972 wrote to memory of 1384	2972	Nursultan 3.0.exe	148
PID 2972 wrote to memory of 1384	2972	Nursultan 3.0.exe	148
PID 1384 wrote to memory of 3840	1384	CMD.exe	150
PID 1384 wrote to memory of 3840	1384	CMD.exe	150

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads