pid	Process
4564	Process not Found
3712	Process not Found
4588	Process not Found
2128	Process not Found
4924	WmiApSrv.exe
2708	Process not Found
1508	Process not Found
3408	Process not Found
1680	Process not Found
4192	Process not Found
4920	Process not Found
1868	Process not Found
1224	Process not Found
1604	Process not Found
1924	Process not Found
3988	Process not Found
1680	Process not Found
1804	Process not Found
2376	Process not Found
3276	Process not Found
4128	Process not Found
944	Process not Found
1120	Process not Found
536	Process not Found
1724	Process not Found
5092	Process not Found
4784	Process not Found
5108	Process not Found
1616	Process not Found
2948	Process not Found
4320	Process not Found
3940	Process not Found
1060	Process not Found
3160	Process not Found
3500	Process not Found
4488	Process not Found
1084	Process not Found
4468	Process not Found
5020	Process not Found
3904	Process not Found
3200	Process not Found
184	Process not Found
4340	Process not Found
312	Process not Found
4408	Process not Found

pid	Process
2688	schtasks.exe
384	schtasks.exe
1460	schtasks.exe
4432	schtasks.exe
3584	schtasks.exe
5056	schtasks.exe
2836	schtasks.exe
5056	schtasks.exe
412	schtasks.exe
2296	schtasks.exe
1152	schtasks.exe
3576	schtasks.exe
2960	schtasks.exe
4104	schtasks.exe
3824	schtasks.exe
1588	schtasks.exe
1248	schtasks.exe
3844	schtasks.exe
4148	schtasks.exe
4740	schtasks.exe
3612	schtasks.exe
4592	schtasks.exe
3968	schtasks.exe
3060	schtasks.exe
3712	schtasks.exe
3480	schtasks.exe
3160	schtasks.exe
1152	schtasks.exe
4020	schtasks.exe
3612	schtasks.exe
2684	schtasks.exe
2640	schtasks.exe
2412	schtasks.exe
4368	schtasks.exe
4860	schtasks.exe
4000	schtasks.exe
2040	schtasks.exe
2744	schtasks.exe
3480	schtasks.exe
2376	schtasks.exe
2736	schtasks.exe
1400	schtasks.exe
4944	schtasks.exe

pid	Process
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe
4032	Nursultan 3.0.exe

description	pid	Process	procid_target
PID 4032 wrote to memory of 748	4032	Nursultan 3.0.exe	94
PID 4032 wrote to memory of 748	4032	Nursultan 3.0.exe	94
PID 748 wrote to memory of 3824	748	CMD.exe	96
PID 748 wrote to memory of 3824	748	CMD.exe	96
PID 4032 wrote to memory of 452	4032	Nursultan 3.0.exe	97
PID 4032 wrote to memory of 452	4032	Nursultan 3.0.exe	97
PID 452 wrote to memory of 2688	452	CMD.exe	99
PID 452 wrote to memory of 2688	452	CMD.exe	99
PID 4032 wrote to memory of 3192	4032	Nursultan 3.0.exe	100
PID 4032 wrote to memory of 3192	4032	Nursultan 3.0.exe	100
PID 3192 wrote to memory of 3060	3192	CMD.exe	102
PID 3192 wrote to memory of 3060	3192	CMD.exe	102
PID 4032 wrote to memory of 4116	4032	Nursultan 3.0.exe	103
PID 4032 wrote to memory of 4116	4032	Nursultan 3.0.exe	103
PID 4116 wrote to memory of 5056	4116	CMD.exe	105
PID 4116 wrote to memory of 5056	4116	CMD.exe	105
PID 4032 wrote to memory of 3480	4032	Nursultan 3.0.exe	107
PID 4032 wrote to memory of 3480	4032	Nursultan 3.0.exe	107
PID 3480 wrote to memory of 2640	3480	CMD.exe	109
PID 3480 wrote to memory of 2640	3480	CMD.exe	109
PID 4032 wrote to memory of 3360	4032	Nursultan 3.0.exe	112
PID 4032 wrote to memory of 3360	4032	Nursultan 3.0.exe	112
PID 3360 wrote to memory of 2040	3360	CMD.exe	114
PID 3360 wrote to memory of 2040	3360	CMD.exe	114
PID 4032 wrote to memory of 3456	4032	Nursultan 3.0.exe	115
PID 4032 wrote to memory of 3456	4032	Nursultan 3.0.exe	115
PID 3456 wrote to memory of 412	3456	CMD.exe	117
PID 3456 wrote to memory of 412	3456	CMD.exe	117
PID 4032 wrote to memory of 4844	4032	Nursultan 3.0.exe	119
PID 4032 wrote to memory of 4844	4032	Nursultan 3.0.exe	119
PID 4844 wrote to memory of 1588	4844	CMD.exe	121
PID 4844 wrote to memory of 1588	4844	CMD.exe	121
PID 4032 wrote to memory of 1944	4032	Nursultan 3.0.exe	122
PID 4032 wrote to memory of 1944	4032	Nursultan 3.0.exe	122
PID 1944 wrote to memory of 2744	1944	CMD.exe	124
PID 1944 wrote to memory of 2744	1944	CMD.exe	124
PID 4032 wrote to memory of 1808	4032	Nursultan 3.0.exe	127
PID 4032 wrote to memory of 1808	4032	Nursultan 3.0.exe	127
PID 1808 wrote to memory of 384	1808	CMD.exe	129
PID 1808 wrote to memory of 384	1808	CMD.exe	129
PID 4032 wrote to memory of 4148	4032	Nursultan 3.0.exe	132
PID 4032 wrote to memory of 4148	4032	Nursultan 3.0.exe	132
PID 4148 wrote to memory of 3712	4148	CMD.exe	134
PID 4148 wrote to memory of 3712	4148	CMD.exe	134
PID 4032 wrote to memory of 5036	4032	Nursultan 3.0.exe	135
PID 4032 wrote to memory of 5036	4032	Nursultan 3.0.exe	135
PID 5036 wrote to memory of 1248	5036	CMD.exe	137
PID 5036 wrote to memory of 1248	5036	CMD.exe	137
PID 4032 wrote to memory of 2168	4032	Nursultan 3.0.exe	138
PID 4032 wrote to memory of 2168	4032	Nursultan 3.0.exe	138
PID 2168 wrote to memory of 2412	2168	CMD.exe	140
PID 2168 wrote to memory of 2412	2168	CMD.exe	140
PID 4032 wrote to memory of 2856	4032	Nursultan 3.0.exe	141
PID 4032 wrote to memory of 2856	4032	Nursultan 3.0.exe	141
PID 2856 wrote to memory of 3480	2856	CMD.exe	143
PID 2856 wrote to memory of 3480	2856	CMD.exe	143
PID 4032 wrote to memory of 4564	4032	Nursultan 3.0.exe	144
PID 4032 wrote to memory of 4564	4032	Nursultan 3.0.exe	144
PID 4564 wrote to memory of 2736	4564	CMD.exe	146
PID 4564 wrote to memory of 2736	4564	CMD.exe	146
PID 4032 wrote to memory of 3540	4032	Nursultan 3.0.exe	147
PID 4032 wrote to memory of 3540	4032	Nursultan 3.0.exe	147
PID 3540 wrote to memory of 4368	3540	CMD.exe	149
PID 3540 wrote to memory of 4368	3540	CMD.exe	149

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads