Sample viewer

vx.netlux.org/Virus.DOS.Lokjaw.877

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:44.762187114Z	74	PC: 12a4e \| Reallocate memory
2018-12-17T22:55:44.764913933Z	75	PC: 12a6c \| Execute program
2018-12-17T22:55:44.768469478Z	26	PC: 12a81 \| Set disk transfer address
2018-12-17T22:55:44.770448905Z	78	PC: 12ac1 \| Find first file
2018-12-17T22:55:44.778064631Z	86	PC: 12aec \| Rename file
2018-12-17T22:55:44.798844935Z	60	PC: 12af5 \| Create or truncate file
2018-12-17T22:55:44.811584616Z	64	PC: 12b01 \| Write file or device (Write 877 bytes on handle 5)
2018-12-17T22:55:44.820763114Z	62	PC: 12b05 \| Close file
2018-12-17T22:55:44.830645613Z	79	PC: 12ac1 \| Find next file
2018-12-17T22:55:44.833885276Z	86	PC: 12aec \| Rename file
2018-12-17T22:55:44.847139092Z	60	PC: 12af5 \| Create or truncate file
2018-12-17T22:55:44.860004674Z	64	PC: 12b01 \| Write file or device (Write 877 bytes on handle 5)
2018-12-17T22:55:44.86926527Z	62	PC: 12b05 \| Close file
2018-12-17T22:55:44.878828331Z	79	PC: 12ac1 \| Find next file
2018-12-17T22:55:44.883250654Z	86	PC: 12aec \| Rename file
2018-12-17T22:55:44.896070255Z	60	PC: 12af5 \| Create or truncate file
2018-12-17T22:55:44.908088757Z	64	PC: 12b01 \| Write file or device (Write 877 bytes on handle 5)
2018-12-17T22:55:44.917130198Z	62	PC: 12b05 \| Close file
2018-12-17T22:55:44.927068252Z	79	PC: 12ac1 \| Find next file
2018-12-17T22:55:44.930321598Z	86	PC: 12aec \| Rename file
2018-12-17T22:55:44.943889705Z	60	PC: 12af5 \| Create or truncate file
2018-12-17T22:55:44.956675202Z	64	PC: 12b01 \| Write file or device (Write 877 bytes on handle 5)
2018-12-17T22:55:44.966147221Z	62	PC: 12b05 \| Close file
2018-12-17T22:55:44.975840926Z	79	PC: 12ac1 \| Find next file
2018-12-17T22:55:44.980753647Z	86	PC: 12aec \| Rename file
2018-12-17T22:55:44.993586273Z	60	PC: 12af5 \| Create or truncate file
2018-12-17T22:55:45.006873198Z	64	PC: 12b01 \| Write file or device (Write 877 bytes on handle 5)
2018-12-17T22:55:45.01712236Z	62	PC: 12b05 \| Close file
2018-12-17T22:55:45.026384429Z	79	PC: 12ac1 \| Find next file
2018-12-17T22:55:45.029454041Z	86	PC: 12aec \| Rename file
2018-12-17T22:55:45.043605842Z	60	PC: 12af5 \| Create or truncate file
2018-12-17T22:55:45.056117691Z	64	PC: 12b01 \| Write file or device (Write 877 bytes on handle 5)
2018-12-17T22:55:45.066125561Z	62	PC: 12b05 \| Close file
2018-12-17T22:55:45.076352931Z	79	PC: 12ac1 \| Find next file
2018-12-17T22:55:45.079573763Z	86	PC: 12aec \| Rename file
2018-12-17T22:55:45.092384138Z	60	PC: 12af5 \| Create or truncate file
2018-12-17T22:55:45.105129894Z	64	PC: 12b01 \| Write file or device (Write 877 bytes on handle 5)
2018-12-17T22:55:45.114938953Z	62	PC: 12b05 \| Close file
2018-12-17T22:55:45.124799487Z	79	PC: 12ac1 \| Find next file
2018-12-17T22:55:45.128294755Z	86	PC: 12aec \| Rename file
2018-12-17T22:55:45.141694456Z	60	PC: 12af5 \| Create or truncate file
2018-12-17T22:55:45.154356673Z	64	PC: 12b01 \| Write file or device (Write 877 bytes on handle 5)
2018-12-17T22:55:45.164448518Z	62	PC: 12b05 \| Close file
2018-12-17T22:55:45.174371469Z	79	PC: 12ac1 \| Find next file
2018-12-17T22:55:45.177987006Z	42	PC: 12b32 \| Get date 0x12b32: cmp dl, 0x18 0x12b35: jne 0x12b39 0x12b37: je 0x12b47 0x12b39: mov ah, 0x2c 0x12b3b: int 0x21 0x12b3d: cmp ch, 0xd 0x12b40: jne 0x12b4a 0x12b42: cmp cl, 0x1e 0x12b45: je 0x12b47 0x12b47: call 0x12b4b 0x12b4a: ret 0x12b4b: push cs 0x12b4c: pop ds 0x12b4d: mov ah, 3 0x12b4f: int 0x10 0x12b51: mov byte ptr [0x3da], bh 0x12b55: mov byte ptr [0x3db], dh 0x12b59: mov byte ptr [0x3dc], dl 0x12b5d: mov byte ptr [0x3dd], ch 0x12b61: mov byte ptr [0x3de], cl
2018-12-17T22:55:45.180544072Z	44	PC: 12b3d \| Get time 0x12b3d: cmp ch, 0xd 0x12b40: jne 0x12b4a 0x12b42: cmp cl, 0x1e 0x12b45: je 0x12b47 0x12b47: call 0x12b4b 0x12b4a: ret 0x12b4b: push cs 0x12b4c: pop ds 0x12b4d: mov ah, 3 0x12b4f: int 0x10 0x12b51: mov byte ptr [0x3da], bh 0x12b55: mov byte ptr [0x3db], dh 0x12b59: mov byte ptr [0x3dc], dl 0x12b5d: mov byte ptr [0x3dd], ch 0x12b61: mov byte ptr [0x3de], cl 0x12b65: mov ah, 1 0x12b67: mov cl, 0 0x12b69: mov ch, 0x40 0x12b6b: int 0x10 0x12b6d: mov cl, 0
2018-12-17T22:55:45.183787666Z	60	PC: 12d36 \| Create or truncate file
2018-12-17T22:55:45.536830272Z	60	PC: 12d3d \| Create or truncate file
2018-12-17T22:55:45.545473596Z	60	PC: 12d44 \| Create or truncate file
2018-12-17T22:55:45.558887896Z	65	PC: 12d4b \| Delete file (Filename = 'C:\dos\vsafe.com')
2018-12-17T22:55:45.570641163Z	65	PC: 12d52 \| Delete file (Filename = 'C:\dos\mwav.exe')
2018-12-17T22:55:45.582726139Z	65	PC: 12d59 \| Delete file (Filename = 'C:\dos\msav.exe')
2018-12-17T22:55:45.596445813Z	64	PC: 12ac1 \| Write file or device (Write 0 bytes on handle 1384)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11989,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:48.97461163Z	74	PC: 12a4e \| Reallocate memory
2018-12-25T12:31:48.976834914Z	75	PC: 12a6c \| Execute program
2018-12-25T12:31:48.979465491Z	26	PC: 12a81 \| Set disk transfer address
2018-12-25T12:31:48.980706913Z	78	PC: 12ac1 \| Find first file
2018-12-25T12:31:48.987914739Z	86	PC: 12aec \| Rename file
2018-12-25T12:31:49.009591767Z	60	PC: 12af5 \| Create or truncate file
2018-12-25T12:31:49.021356024Z	64	PC: 12b01 \| Write file or device (Write 877 bytes on handle 5)
2018-12-25T12:31:49.030073312Z	62	PC: 12b05 \| Close file
2018-12-25T12:31:49.039218113Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.042070031Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.057662689Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.082703351Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.092288949Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.101959393Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.106133668Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.119757453Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.131127183Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.14148328Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.151283915Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.154799912Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.172164373Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.184598554Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.193714808Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.203625759Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.207035459Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.219720678Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.232027693Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.241116691Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.249985467Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.253047744Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.269754832Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.281591321Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.290535183Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.300118653Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.302993671Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.315275991Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.331135554Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.340080609Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.349043647Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.352419641Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.36474575Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.37668364Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.386262876Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.394989987Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.398071637Z	42	PC: 12b32 \| Get date 0x12b32: cmp dl, 0x18 0x12b35: jne 0x12b39 0x12b37: je 0x12b47 0x12b39: mov ah, 0x2c 0x12b3b: int 0x21 0x12b3d: cmp ch, 0xd 0x12b40: jne 0x12b4a 0x12b42: cmp cl, 0x1e 0x12b45: je 0x12b47 0x12b47: call 0x12b4b 0x12b4a: ret 0x12b4b: push cs 0x12b4c: pop ds 0x12b4d: mov ah, 3 0x12b4f: int 0x10 0x12b51: mov byte ptr [0x3da], bh 0x12b55: mov byte ptr [0x3db], dh 0x12b59: mov byte ptr [0x3dc], dl 0x12b5d: mov byte ptr [0x3dd], ch 0x12b61: mov byte ptr [0x3de], cl
2018-12-25T12:31:49.400732767Z	44	PC: 12b3d \| Get time 0x12b3d: cmp ch, 0xd 0x12b40: jne 0x12b4a 0x12b42: cmp cl, 0x1e 0x12b45: je 0x12b47 0x12b47: call 0x12b4b 0x12b4a: ret 0x12b4b: push cs 0x12b4c: pop ds 0x12b4d: mov ah, 3 0x12b4f: int 0x10 0x12b51: mov byte ptr [0x3da], bh 0x12b55: mov byte ptr [0x3db], dh 0x12b59: mov byte ptr [0x3dc], dl 0x12b5d: mov byte ptr [0x3dd], ch 0x12b61: mov byte ptr [0x3de], cl 0x12b65: mov ah, 1 0x12b67: mov cl, 0 0x12b69: mov ch, 0x40 0x12b6b: int 0x10 0x12b6d: mov cl, 0
2018-12-25T12:31:49.402389134Z	60	PC: 12d36 \| Create or truncate file
2018-12-25T12:31:49.750286251Z	60	PC: 12d3d \| Create or truncate file
2018-12-25T12:31:49.757962933Z	60	PC: 12d44 \| Create or truncate file
2018-12-25T12:31:49.765170569Z	65	PC: 12d4b \| Delete file (Filename = 'C:\dos\vsafe.com')
2018-12-25T12:31:49.771522524Z	65	PC: 12d52 \| Delete file (Filename = 'C:\dos\mwav.exe')
2018-12-25T12:31:49.782754756Z	65	PC: 12d59 \| Delete file (Filename = 'C:\dos\msav.exe')
2018-12-25T12:31:49.795841272Z	64	PC: 12ac1 \| Write file or device (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11989,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:49.242931401Z	74	PC: 12a4e \| Reallocate memory
2018-12-25T12:31:49.244968007Z	75	PC: 12a6c \| Execute program
2018-12-25T12:31:49.247432605Z	26	PC: 12a81 \| Set disk transfer address
2018-12-25T12:31:49.248810375Z	78	PC: 12ac1 \| Find first file
2018-12-25T12:31:49.255286675Z	86	PC: 12aec \| Rename file
2018-12-25T12:31:49.272878984Z	60	PC: 12af5 \| Create or truncate file
2018-12-25T12:31:49.284129407Z	64	PC: 12b01 \| Write file or device (Write 877 bytes on handle 5)
2018-12-25T12:31:49.294154185Z	62	PC: 12b05 \| Close file
2018-12-25T12:31:49.302523929Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.305461536Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.315059668Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.326263785Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.331741847Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.343421525Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.348513935Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.365519589Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.378189045Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.38767672Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.396056259Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.399082787Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.411440535Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.426872534Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.435256646Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.44397855Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.446923247Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.458579479Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.470114286Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.48082947Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.4892336Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.492230075Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.504047684Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.514964688Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.524631503Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.53318892Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.536074848Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.563447632Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.574652514Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.582863009Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.591216846Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.594673146Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.608767591Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.619904189Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.628280709Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.636084672Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.639033186Z	42	PC: 12b32 \| Get date 0x12b32: cmp dl, 0x18 0x12b35: jne 0x12b39 0x12b37: je 0x12b47 0x12b39: mov ah, 0x2c 0x12b3b: int 0x21 0x12b3d: cmp ch, 0xd 0x12b40: jne 0x12b4a 0x12b42: cmp cl, 0x1e 0x12b45: je 0x12b47 0x12b47: call 0x12b4b 0x12b4a: ret 0x12b4b: push cs 0x12b4c: pop ds 0x12b4d: mov ah, 3 0x12b4f: int 0x10 0x12b51: mov byte ptr [0x3da], bh 0x12b55: mov byte ptr [0x3db], dh 0x12b59: mov byte ptr [0x3dc], dl 0x12b5d: mov byte ptr [0x3dd], ch 0x12b61: mov byte ptr [0x3de], cl
2018-12-25T12:31:49.64142192Z	44	PC: 12b3d \| Get time 0x12b3d: cmp ch, 0xd 0x12b40: jne 0x12b4a 0x12b42: cmp cl, 0x1e 0x12b45: je 0x12b47 0x12b47: call 0x12b4b 0x12b4a: ret 0x12b4b: push cs 0x12b4c: pop ds 0x12b4d: mov ah, 3 0x12b4f: int 0x10 0x12b51: mov byte ptr [0x3da], bh 0x12b55: mov byte ptr [0x3db], dh 0x12b59: mov byte ptr [0x3dc], dl 0x12b5d: mov byte ptr [0x3dd], ch 0x12b61: mov byte ptr [0x3de], cl 0x12b65: mov ah, 1 0x12b67: mov cl, 0 0x12b69: mov ch, 0x40 0x12b6b: int 0x10 0x12b6d: mov cl, 0
2018-12-25T12:31:49.643543103Z	60	PC: 12d36 \| Create or truncate file
2018-12-25T12:31:49.997351095Z	60	PC: 12d3d \| Create or truncate file
2018-12-25T12:31:50.010832452Z	60	PC: 12d44 \| Create or truncate file
2018-12-25T12:31:50.022794068Z	65	PC: 12d4b \| Delete file (Filename = 'C:\dos\vsafe.com')
2018-12-25T12:31:50.032522528Z	65	PC: 12d52 \| Delete file (Filename = 'C:\dos\mwav.exe')
2018-12-25T12:31:50.043203635Z	65	PC: 12d59 \| Delete file (Filename = 'C:\dos\msav.exe')
2018-12-25T12:31:50.054026134Z	64	PC: 12ac1 \| Write file or device (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11989,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:49.578647338Z	74	PC: 12a4e \| Reallocate memory
2018-12-25T12:31:49.580342256Z	75	PC: 12a6c \| Execute program
2018-12-25T12:31:49.582033931Z	26	PC: 12a81 \| Set disk transfer address
2018-12-25T12:31:49.582871857Z	78	PC: 12ac1 \| Find first file
2018-12-25T12:31:49.589831683Z	86	PC: 12aec \| Rename file
2018-12-25T12:31:49.748786955Z	60	PC: 12af5 \| Create or truncate file
2018-12-25T12:31:49.761317676Z	64	PC: 12b01 \| Write file or device (Write 877 bytes on handle 5)
2018-12-25T12:31:49.770319635Z	62	PC: 12b05 \| Close file
2018-12-25T12:31:49.779697677Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.78267249Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.795879632Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.808718637Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.817573782Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.827412055Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.831595834Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.843847251Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.855393326Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.864533943Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.873320171Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.876257645Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.892602704Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.906093868Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.915289473Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.924163438Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.927325526Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.942840543Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.955571421Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.964966691Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.973862991Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.976817461Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.989875708Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:50.001997844Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:50.011357583Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:50.021245473Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:50.024223369Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:50.036404926Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:50.049514936Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:50.057962161Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:50.063392428Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:50.065766637Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:50.075540259Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:50.08245823Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:50.088090962Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:50.094068271Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:50.09604853Z	42	PC: 12b32 \| Get date 0x12b32: cmp dl, 0x18 0x12b35: jne 0x12b39 0x12b37: je 0x12b47 0x12b39: mov ah, 0x2c 0x12b3b: int 0x21 0x12b3d: cmp ch, 0xd 0x12b40: jne 0x12b4a 0x12b42: cmp cl, 0x1e 0x12b45: je 0x12b47 0x12b47: call 0x12b4b 0x12b4a: ret 0x12b4b: push cs 0x12b4c: pop ds 0x12b4d: mov ah, 3 0x12b4f: int 0x10 0x12b51: mov byte ptr [0x3da], bh 0x12b55: mov byte ptr [0x3db], dh 0x12b59: mov byte ptr [0x3dc], dl 0x12b5d: mov byte ptr [0x3dd], ch 0x12b61: mov byte ptr [0x3de], cl
2018-12-25T12:31:50.097883244Z	44	PC: 12b3d \| Get time 0x12b3d: cmp ch, 0xd 0x12b40: jne 0x12b4a 0x12b42: cmp cl, 0x1e 0x12b45: je 0x12b47 0x12b47: call 0x12b4b 0x12b4a: ret 0x12b4b: push cs 0x12b4c: pop ds 0x12b4d: mov ah, 3 0x12b4f: int 0x10 0x12b51: mov byte ptr [0x3da], bh 0x12b55: mov byte ptr [0x3db], dh 0x12b59: mov byte ptr [0x3dc], dl 0x12b5d: mov byte ptr [0x3dd], ch 0x12b61: mov byte ptr [0x3de], cl 0x12b65: mov ah, 1 0x12b67: mov cl, 0 0x12b69: mov ch, 0x40 0x12b6b: int 0x10 0x12b6d: mov cl, 0
2018-12-25T12:31:50.100320014Z	9	PC: 12b94 \| Display string (String= '(o) (o)')
2018-12-25T12:31:50.214610239Z	60	PC: 12d36 \| Create or truncate file
2018-12-25T12:31:50.573221652Z	60	PC: 12d3d \| Create or truncate file
2018-12-25T12:31:50.597052818Z	60	PC: 12d44 \| Create or truncate file
2018-12-25T12:31:50.613334227Z	65	PC: 12d4b \| Delete file (Filename = 'C:\dos\vsafe.com')
2018-12-25T12:31:50.629196313Z	65	PC: 12d52 \| Delete file (Filename = 'C:\dos\mwav.exe')
2018-12-25T12:31:50.680094709Z	65	PC: 12d59 \| Delete file (Filename = 'C:\dos\msav.exe')
2018-12-25T12:31:50.696019484Z	64	PC: 12ac1 \| Write file or device (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11989,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:49.874524336Z	74	PC: 12a4e \| Reallocate memory
2018-12-25T12:31:49.876074574Z	75	PC: 12a6c \| Execute program
2018-12-25T12:31:49.879077843Z	26	PC: 12a81 \| Set disk transfer address
2018-12-25T12:31:49.880832699Z	78	PC: 12ac1 \| Find first file
2018-12-25T12:31:49.888002615Z	86	PC: 12aec \| Rename file
2018-12-25T12:31:49.907643758Z	60	PC: 12af5 \| Create or truncate file
2018-12-25T12:31:49.919416799Z	64	PC: 12b01 \| Write file or device (Write 877 bytes on handle 5)
2018-12-25T12:31:49.928554215Z	62	PC: 12b05 \| Close file
2018-12-25T12:31:49.945783534Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.948718642Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:49.962090419Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:49.974637203Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:49.98354292Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:49.992448968Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:49.996049366Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:50.012185824Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:50.024609279Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:50.033995418Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:50.044247718Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:50.047641309Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:50.063278066Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:50.076119644Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:50.08507661Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:50.094256473Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:50.09847307Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:50.110849262Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:50.12258628Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:50.132199197Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:50.141125665Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:50.144112268Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:50.156867017Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:50.168746637Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:50.177559501Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:50.187373895Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:50.190374915Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:50.202310788Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:50.21404837Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:50.222876123Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:50.34906968Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:50.351917554Z	86	PC: 12aec \| Rename file (See above)
2018-12-25T12:31:50.566340514Z	60	PC: 12af5 \| Create or truncate file (See above)
2018-12-25T12:31:50.587159568Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T12:31:50.603024653Z	62	PC: 12b05 \| Close file (See above)
2018-12-25T12:31:50.62890875Z	79	PC: 12ac1 \| Find next file (See above)
2018-12-25T12:31:50.633114092Z	42	PC: 12b32 \| Get date 0x12b32: cmp dl, 0x18 0x12b35: jne 0x12b39 0x12b37: je 0x12b47 0x12b39: mov ah, 0x2c 0x12b3b: int 0x21 0x12b3d: cmp ch, 0xd 0x12b40: jne 0x12b4a 0x12b42: cmp cl, 0x1e 0x12b45: je 0x12b47 0x12b47: call 0x12b4b 0x12b4a: ret 0x12b4b: push cs 0x12b4c: pop ds 0x12b4d: mov ah, 3 0x12b4f: int 0x10 0x12b51: mov byte ptr [0x3da], bh 0x12b55: mov byte ptr [0x3db], dh 0x12b59: mov byte ptr [0x3dc], dl 0x12b5d: mov byte ptr [0x3dd], ch 0x12b61: mov byte ptr [0x3de], cl
2018-12-25T12:31:50.635531366Z	44	PC: 12b3d \| Get time 0x12b3d: cmp ch, 0xd 0x12b40: jne 0x12b4a 0x12b42: cmp cl, 0x1e 0x12b45: je 0x12b47 0x12b47: call 0x12b4b 0x12b4a: ret 0x12b4b: push cs 0x12b4c: pop ds 0x12b4d: mov ah, 3 0x12b4f: int 0x10 0x12b51: mov byte ptr [0x3da], bh 0x12b55: mov byte ptr [0x3db], dh 0x12b59: mov byte ptr [0x3dc], dl 0x12b5d: mov byte ptr [0x3dd], ch 0x12b61: mov byte ptr [0x3de], cl 0x12b65: mov ah, 1 0x12b67: mov cl, 0 0x12b69: mov ch, 0x40 0x12b6b: int 0x10 0x12b6d: mov cl, 0
2018-12-25T12:31:50.640176275Z	9	PC: 12b94 \| Display string (String= '(o) (o)')
2018-12-25T12:31:50.74779832Z	60	PC: 12d36 \| Create or truncate file
2018-12-25T12:31:51.271760183Z	60	PC: 12d3d \| Create or truncate file
2018-12-25T12:31:51.29545169Z	60	PC: 12d44 \| Create or truncate file
2018-12-25T12:31:51.304709181Z	65	PC: 12d4b \| Delete file (Filename = 'C:\dos\vsafe.com')
2018-12-25T12:31:51.315762259Z	65	PC: 12d52 \| Delete file (Filename = 'C:\dos\mwav.exe')
2018-12-25T12:31:51.328896005Z	65	PC: 12d59 \| Delete file (Filename = 'C:\dos\msav.exe')
2018-12-25T12:31:51.34078606Z	64	PC: 12ac1 \| Write file or device (See above)