pid	Process
3780	Process not Found
228	Process not Found
4216	Process not Found
3928	Process not Found
1684	WmiApSrv.exe
1888	Process not Found
2860	Process not Found
3980	Process not Found
784	Process not Found
872	Process not Found
3452	Process not Found
2484	Process not Found
4076	Process not Found
1876	Process not Found
2860	Process not Found
2244	Process not Found
4584	Process not Found
3100	Process not Found
1780	Process not Found
248	Process not Found
716	Process not Found
4612	Process not Found
2052	Process not Found
2692	Process not Found
5088	Process not Found
4596	Process not Found
4828	Process not Found
1336	Process not Found
2484	Process not Found
796	Process not Found
4208	Process not Found
2476	Process not Found
2448	Process not Found
564	Process not Found
3136	Process not Found
2964	Process not Found
4728	Process not Found
2324	Process not Found
4632	Process not Found
3012	Process not Found
3308	Process not Found
444	Process not Found
1516	Process not Found
4764	Process not Found
4928	Process not Found

pid	Process
1336	schtasks.exe
3016	schtasks.exe
3368	schtasks.exe
5084	schtasks.exe
672	schtasks.exe
2520	schtasks.exe
3560	schtasks.exe
2300	schtasks.exe
2072	schtasks.exe
2324	schtasks.exe
2520	schtasks.exe
3684	schtasks.exe
4376	schtasks.exe
3476	schtasks.exe
2720	schtasks.exe
4288	schtasks.exe
1956	schtasks.exe
2992	schtasks.exe
988	schtasks.exe
2972	schtasks.exe
684	schtasks.exe
3560	schtasks.exe
2312	schtasks.exe
4760	schtasks.exe
988	schtasks.exe
1092	schtasks.exe
3332	schtasks.exe
3564	schtasks.exe
4760	schtasks.exe
1592	schtasks.exe
988	schtasks.exe
3820	schtasks.exe
328	schtasks.exe
1160	schtasks.exe
2052	schtasks.exe
944	schtasks.exe
1336	schtasks.exe
2204	schtasks.exe
3216	schtasks.exe
1280	schtasks.exe
3276	schtasks.exe
1764	schtasks.exe
5080	schtasks.exe
2268	schtasks.exe

pid	Process
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
5032	Nursultan 3.0.exe
1684	WmiApSrv.exe
1684	WmiApSrv.exe
5032	Nursultan 3.0.exe

description	pid	Process	procid_target
PID 5032 wrote to memory of 4068	5032	Nursultan 3.0.exe	79
PID 5032 wrote to memory of 4068	5032	Nursultan 3.0.exe	79
PID 4068 wrote to memory of 1336	4068	CMD.exe	81
PID 4068 wrote to memory of 1336	4068	CMD.exe	81
PID 5032 wrote to memory of 3820	5032	Nursultan 3.0.exe	82
PID 5032 wrote to memory of 3820	5032	Nursultan 3.0.exe	82
PID 3820 wrote to memory of 1592	3820	CMD.exe	84
PID 3820 wrote to memory of 1592	3820	CMD.exe	84
PID 5032 wrote to memory of 2648	5032	Nursultan 3.0.exe	85
PID 5032 wrote to memory of 2648	5032	Nursultan 3.0.exe	85
PID 2648 wrote to memory of 1764	2648	CMD.exe	87
PID 2648 wrote to memory of 1764	2648	CMD.exe	87
PID 5032 wrote to memory of 1660	5032	Nursultan 3.0.exe	88
PID 5032 wrote to memory of 1660	5032	Nursultan 3.0.exe	88
PID 1660 wrote to memory of 2204	1660	CMD.exe	90
PID 1660 wrote to memory of 2204	1660	CMD.exe	90
PID 5032 wrote to memory of 568	5032	Nursultan 3.0.exe	92
PID 5032 wrote to memory of 568	5032	Nursultan 3.0.exe	92
PID 568 wrote to memory of 3332	568	CMD.exe	94
PID 568 wrote to memory of 3332	568	CMD.exe	94
PID 5032 wrote to memory of 5012	5032	Nursultan 3.0.exe	97
PID 5032 wrote to memory of 5012	5032	Nursultan 3.0.exe	97
PID 5012 wrote to memory of 2992	5012	CMD.exe	99
PID 5012 wrote to memory of 2992	5012	CMD.exe	99
PID 5032 wrote to memory of 848	5032	Nursultan 3.0.exe	100
PID 5032 wrote to memory of 848	5032	Nursultan 3.0.exe	100
PID 848 wrote to memory of 3016	848	CMD.exe	102
PID 848 wrote to memory of 3016	848	CMD.exe	102
PID 5032 wrote to memory of 1360	5032	Nursultan 3.0.exe	103
PID 5032 wrote to memory of 1360	5032	Nursultan 3.0.exe	103
PID 1360 wrote to memory of 988	1360	CMD.exe	105
PID 1360 wrote to memory of 988	1360	CMD.exe	105
PID 5032 wrote to memory of 2036	5032	Nursultan 3.0.exe	106
PID 5032 wrote to memory of 2036	5032	Nursultan 3.0.exe	106
PID 2036 wrote to memory of 2972	2036	CMD.exe	108
PID 2036 wrote to memory of 2972	2036	CMD.exe	108
PID 5032 wrote to memory of 1276	5032	Nursultan 3.0.exe	109
PID 5032 wrote to memory of 1276	5032	Nursultan 3.0.exe	109
PID 1276 wrote to memory of 3216	1276	CMD.exe	111
PID 1276 wrote to memory of 3216	1276	CMD.exe	111
PID 5032 wrote to memory of 2488	5032	Nursultan 3.0.exe	112
PID 5032 wrote to memory of 2488	5032	Nursultan 3.0.exe	112
PID 2488 wrote to memory of 2324	2488	CMD.exe	114
PID 2488 wrote to memory of 2324	2488	CMD.exe	114
PID 5032 wrote to memory of 3572	5032	Nursultan 3.0.exe	115
PID 5032 wrote to memory of 3572	5032	Nursultan 3.0.exe	115
PID 3572 wrote to memory of 3564	3572	CMD.exe	117
PID 3572 wrote to memory of 3564	3572	CMD.exe	117
PID 5032 wrote to memory of 3588	5032	Nursultan 3.0.exe	118
PID 5032 wrote to memory of 3588	5032	Nursultan 3.0.exe	118
PID 3588 wrote to memory of 3368	3588	CMD.exe	120
PID 3588 wrote to memory of 3368	3588	CMD.exe	120
PID 5032 wrote to memory of 3488	5032	Nursultan 3.0.exe	121
PID 5032 wrote to memory of 3488	5032	Nursultan 3.0.exe	121
PID 3488 wrote to memory of 5080	3488	CMD.exe	123
PID 3488 wrote to memory of 5080	3488	CMD.exe	123
PID 5032 wrote to memory of 1892	5032	Nursultan 3.0.exe	124
PID 5032 wrote to memory of 1892	5032	Nursultan 3.0.exe	124
PID 1892 wrote to memory of 4760	1892	CMD.exe	126
PID 1892 wrote to memory of 4760	1892	CMD.exe	126
PID 5032 wrote to memory of 3908	5032	Nursultan 3.0.exe	127
PID 5032 wrote to memory of 3908	5032	Nursultan 3.0.exe	127
PID 3908 wrote to memory of 328	3908	CMD.exe	129
PID 3908 wrote to memory of 328	3908	CMD.exe	129

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads