pid	Process
3984	schtasks.exe
168	schtasks.exe
4536	schtasks.exe
3404	schtasks.exe
2536	schtasks.exe
4540	schtasks.exe
1820	schtasks.exe
4544	schtasks.exe
4116	schtasks.exe
5012	schtasks.exe
1976	schtasks.exe
4960	schtasks.exe
3880	schtasks.exe
4536	schtasks.exe
3336	schtasks.exe
2368	schtasks.exe
3920	schtasks.exe
3008	schtasks.exe
1160	schtasks.exe
4736	schtasks.exe
1612	schtasks.exe
1408	schtasks.exe
5112	schtasks.exe
4372	schtasks.exe
1968	schtasks.exe
1688	schtasks.exe
4940	schtasks.exe
5032	schtasks.exe
2812	schtasks.exe
1476	schtasks.exe
1784	schtasks.exe
2352	schtasks.exe
3472	schtasks.exe
4460	schtasks.exe
4724	schtasks.exe
3560	schtasks.exe
1564	schtasks.exe
2368	schtasks.exe
4048	schtasks.exe
2052	schtasks.exe
3148	schtasks.exe
4076	schtasks.exe
2716	schtasks.exe

pid	Process
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
984	WmiApSrv.exe
984	WmiApSrv.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe
1912	Nursultan 3.0.exe

description	pid	Process	procid_target
PID 1912 wrote to memory of 3408	1912	Nursultan 3.0.exe	74
PID 1912 wrote to memory of 3408	1912	Nursultan 3.0.exe	74
PID 3408 wrote to memory of 2052	3408	CMD.exe	76
PID 3408 wrote to memory of 2052	3408	CMD.exe	76
PID 1912 wrote to memory of 3596	1912	Nursultan 3.0.exe	77
PID 1912 wrote to memory of 3596	1912	Nursultan 3.0.exe	77
PID 3596 wrote to memory of 168	3596	CMD.exe	79
PID 3596 wrote to memory of 168	3596	CMD.exe	79
PID 1912 wrote to memory of 4720	1912	Nursultan 3.0.exe	80
PID 1912 wrote to memory of 4720	1912	Nursultan 3.0.exe	80
PID 4720 wrote to memory of 1688	4720	CMD.exe	82
PID 4720 wrote to memory of 1688	4720	CMD.exe	82
PID 1912 wrote to memory of 8	1912	Nursultan 3.0.exe	83
PID 1912 wrote to memory of 8	1912	Nursultan 3.0.exe	83
PID 8 wrote to memory of 5012	8	CMD.exe	85
PID 8 wrote to memory of 5012	8	CMD.exe	85
PID 1912 wrote to memory of 2276	1912	Nursultan 3.0.exe	88
PID 1912 wrote to memory of 2276	1912	Nursultan 3.0.exe	88
PID 2276 wrote to memory of 3560	2276	CMD.exe	90
PID 2276 wrote to memory of 3560	2276	CMD.exe	90
PID 1912 wrote to memory of 4428	1912	Nursultan 3.0.exe	91
PID 1912 wrote to memory of 4428	1912	Nursultan 3.0.exe	91
PID 4428 wrote to memory of 1160	4428	CMD.exe	93
PID 4428 wrote to memory of 1160	4428	CMD.exe	93
PID 1912 wrote to memory of 5076	1912	Nursultan 3.0.exe	94
PID 1912 wrote to memory of 5076	1912	Nursultan 3.0.exe	94
PID 5076 wrote to memory of 1564	5076	CMD.exe	96
PID 5076 wrote to memory of 1564	5076	CMD.exe	96
PID 1912 wrote to memory of 3008	1912	Nursultan 3.0.exe	97
PID 1912 wrote to memory of 3008	1912	Nursultan 3.0.exe	97
PID 3008 wrote to memory of 1976	3008	CMD.exe	99
PID 3008 wrote to memory of 1976	3008	CMD.exe	99
PID 1912 wrote to memory of 4956	1912	Nursultan 3.0.exe	100
PID 1912 wrote to memory of 4956	1912	Nursultan 3.0.exe	100
PID 4956 wrote to memory of 4940	4956	CMD.exe	102
PID 4956 wrote to memory of 4940	4956	CMD.exe	102
PID 1912 wrote to memory of 168	1912	Nursultan 3.0.exe	103
PID 1912 wrote to memory of 168	1912	Nursultan 3.0.exe	103
PID 168 wrote to memory of 4536	168	CMD.exe	105
PID 168 wrote to memory of 4536	168	CMD.exe	105
PID 1912 wrote to memory of 4224	1912	Nursultan 3.0.exe	106
PID 1912 wrote to memory of 4224	1912	Nursultan 3.0.exe	106
PID 4224 wrote to memory of 1476	4224	CMD.exe	108
PID 4224 wrote to memory of 1476	4224	CMD.exe	108
PID 1912 wrote to memory of 3404	1912	Nursultan 3.0.exe	109
PID 1912 wrote to memory of 3404	1912	Nursultan 3.0.exe	109
PID 3404 wrote to memory of 5032	3404	CMD.exe	111
PID 3404 wrote to memory of 5032	3404	CMD.exe	111
PID 1912 wrote to memory of 4228	1912	Nursultan 3.0.exe	112
PID 1912 wrote to memory of 4228	1912	Nursultan 3.0.exe	112
PID 4228 wrote to memory of 4960	4228	CMD.exe	114
PID 4228 wrote to memory of 4960	4228	CMD.exe	114
PID 1912 wrote to memory of 4568	1912	Nursultan 3.0.exe	115
PID 1912 wrote to memory of 4568	1912	Nursultan 3.0.exe	115
PID 4568 wrote to memory of 3148	4568	CMD.exe	117
PID 4568 wrote to memory of 3148	4568	CMD.exe	117
PID 1912 wrote to memory of 1016	1912	Nursultan 3.0.exe	118
PID 1912 wrote to memory of 1016	1912	Nursultan 3.0.exe	118
PID 1016 wrote to memory of 3880	1016	CMD.exe	120
PID 1016 wrote to memory of 3880	1016	CMD.exe	120
PID 1912 wrote to memory of 2528	1912	Nursultan 3.0.exe	121
PID 1912 wrote to memory of 2528	1912	Nursultan 3.0.exe	121
PID 2528 wrote to memory of 4076	2528	CMD.exe	123
PID 2528 wrote to memory of 4076	2528	CMD.exe	123

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads