Sample viewer

vx.netlux.org/Virus.DOS.Andromeda.642

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:02.607875969Z 60 PC: 12a92 | Create or truncate file
2018-12-17T23:07:02.614299925Z 78 PC: 12aaf | Find first file
2018-12-17T23:07:02.62018893Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:02.636069784Z 61 PC: 12b25 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:07:02.647787408Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:02.6543224Z 66 PC: 12b50 | Move file pointer
2018-12-17T23:07:02.655514257Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:02.65792615Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-17T23:07:02.661259739Z 66 PC: 12b6a | Move file pointer
2018-12-17T23:07:02.662605628Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-17T23:07:02.665419877Z 64 PC: 12b97 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T23:07:02.674471508Z 62 PC: 12b9b | Close file
2018-12-17T23:07:02.682375917Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:02.68513647Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:02.696235262Z 61 PC: 12b25 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:07:02.702761034Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:02.709314734Z 66 PC: 12b50 | Move file pointer
2018-12-17T23:07:02.711594718Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:02.715026985Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-17T23:07:02.717241701Z 66 PC: 12b6a | Move file pointer
2018-12-17T23:07:02.718959608Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-17T23:07:02.721950452Z 64 PC: 12b97 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T23:07:02.729732304Z 62 PC: 12b9b | Close file
2018-12-17T23:07:02.737752807Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:02.740558872Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:02.750440639Z 61 PC: 12b25 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:07:02.756901759Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:02.764713517Z 66 PC: 12b50 | Move file pointer
2018-12-17T23:07:02.766836163Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:02.769386012Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-17T23:07:02.772671274Z 66 PC: 12b6a | Move file pointer
2018-12-17T23:07:02.773983102Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-17T23:07:02.776825546Z 64 PC: 12b97 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T23:07:02.786049565Z 62 PC: 12b9b | Close file
2018-12-17T23:07:02.794275843Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:02.797194358Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:02.807928819Z 61 PC: 12b25 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:07:02.814909592Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:02.820631413Z 66 PC: 12b50 | Move file pointer
2018-12-17T23:07:02.822135213Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:02.824975356Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-17T23:07:02.826556782Z 66 PC: 12b6a | Move file pointer
2018-12-17T23:07:02.840081223Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-17T23:07:02.843033364Z 64 PC: 12b97 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T23:07:02.850813254Z 62 PC: 12b9b | Close file
2018-12-17T23:07:02.860190218Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:02.862741227Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:02.872292427Z 61 PC: 12b25 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:07:02.882247758Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:02.888433417Z 66 PC: 12b50 | Move file pointer
2018-12-17T23:07:02.889719321Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:02.892918172Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-17T23:07:02.895300538Z 66 PC: 12b6a | Move file pointer
2018-12-17T23:07:02.896779576Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-17T23:07:02.901485397Z 64 PC: 12b97 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T23:07:02.909457707Z 62 PC: 12b9b | Close file
2018-12-17T23:07:02.917893346Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:02.9212919Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:03.151750003Z 61 PC: 12b25 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:07:03.158430102Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:03.165817218Z 66 PC: 12b50 | Move file pointer
2018-12-17T23:07:03.167466963Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:03.170349441Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-17T23:07:03.175970803Z 66 PC: 12b6a | Move file pointer
2018-12-17T23:07:03.179814337Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-17T23:07:03.27945276Z 64 PC: 12b97 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T23:07:03.287804052Z 62 PC: 12b9b | Close file
2018-12-17T23:07:03.296711561Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:03.299716534Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:03.31160437Z 61 PC: 12b25 | Open file (Filename = 'PAH.COM')
2018-12-17T23:07:03.319228488Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:03.325746001Z 66 PC: 12b50 | Move file pointer
2018-12-17T23:07:03.327505594Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:03.330933774Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-17T23:07:03.333480169Z 66 PC: 12b6a | Move file pointer
2018-12-17T23:07:03.336437134Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-17T23:07:03.339797257Z 64 PC: 12b97 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T23:07:03.347858659Z 62 PC: 12b9b | Close file
2018-12-17T23:07:03.355931262Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:03.359958189Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:03.369715925Z 61 PC: 12b25 | Open file (Filename = 'TEST.COM')
2018-12-17T23:07:03.37773882Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:03.38515361Z 62 PC: 12b9b | Close file
2018-12-17T23:07:03.387406086Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:03.390224017Z 59 PC: 12ab9 | Change current directory
2018-12-17T23:07:03.393478946Z 60 PC: 12ac5 | Create or truncate file

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15725,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:16.237436114Z 60 PC: 12a92 | Create or truncate file
2018-12-25T12:44:16.24337936Z 78 PC: 12aaf | Find first file
2018-12-25T12:44:16.247646171Z 67 PC: 12b1d | Get or set file attributes
2018-12-25T12:44:16.264442759Z 61 PC: 12b25 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:16.272298378Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:16.279242227Z 66 PC: 12b50 | Move file pointer
2018-12-25T12:44:16.280753207Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:16.283766312Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-25T12:44:16.286181979Z 66 PC: 12b6a | Move file pointer
2018-12-25T12:44:16.287458636Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-25T12:44:16.289620981Z 64 PC: 12b97 | Write file or device (Write 599 bytes on handle 5)
2018-12-25T12:44:16.30022602Z 62 PC: 12b9b | Close file
2018-12-25T12:44:16.308981999Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:16.31084921Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:16.320880206Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:16.325220155Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:16.332284782Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:16.333962597Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:16.336855551Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:16.34017151Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:16.342105502Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:16.345429765Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:16.354872163Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:16.364941034Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:16.367827403Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:16.379274745Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:16.386937066Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:16.394186918Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:16.395411436Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:16.398198693Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:16.40095922Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:16.402297634Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:16.405445956Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:16.414282989Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:16.423978303Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:16.426833877Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:16.438165085Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:16.446142843Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:16.453171476Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:16.455281461Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:16.458075107Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:16.460784902Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:16.462780076Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:16.466006159Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:16.474997413Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:16.484450688Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:16.487256482Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:16.498057698Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:16.506781535Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:16.514102262Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:16.515931096Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:16.519963606Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:16.522280885Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:16.523747213Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:16.526880369Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:16.536428839Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:16.545941371Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:16.549228959Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:16.56110866Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:16.569368042Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:16.576514011Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:16.578718841Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:16.581932343Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:16.584696303Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:16.587609562Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:16.597174547Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:16.606702148Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:16.616105128Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:16.619262602Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:16.62985642Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:16.637794111Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:16.645715271Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:16.647146868Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:16.650757351Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:16.653768311Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:16.655235572Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:16.658444841Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:16.667861616Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:16.677038742Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:16.680112001Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:16.691115947Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:16.69935186Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:16.703121518Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:16.706892641Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:16.710785534Z 59 PC: 12ab9 | Change current directory
2018-12-25T12:44:16.713940844Z 60 PC: 12ac5 | Create or truncate file

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":31,"TimeBased":true,"OriginalID":15725,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:16.778879027Z 60 PC: 12a92 | Create or truncate file
2018-12-25T12:44:16.798538654Z 78 PC: 12aaf | Find first file
2018-12-25T12:44:16.804326936Z 67 PC: 12b1d | Get or set file attributes
2018-12-25T12:44:17.697144536Z 61 PC: 12b25 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:17.704569383Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:17.71222315Z 66 PC: 12b50 | Move file pointer
2018-12-25T12:44:17.7151049Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:17.719584473Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-25T12:44:17.72203374Z 66 PC: 12b6a | Move file pointer
2018-12-25T12:44:17.726917824Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-25T12:44:17.731108917Z 64 PC: 12b97 | Write file or device (Write 599 bytes on handle 5)
2018-12-25T12:44:17.793675912Z 62 PC: 12b9b | Close file
2018-12-25T12:44:17.850356816Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:17.852380811Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:17.932837444Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:17.938033831Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:17.94252753Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:17.944883147Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:17.947962394Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:17.950222866Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:17.951961175Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:17.955157876Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:18.029536428Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:18.119668447Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:18.124657151Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:18.223032528Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:18.230534756Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:18.237221665Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:18.238885507Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:18.24238578Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:18.245031536Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:18.246474382Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:18.250375602Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:18.313979153Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:18.325772967Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:18.329849425Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:18.339049086Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:18.343606947Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:18.348817206Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:18.350340889Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:18.352412127Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:18.354470709Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:18.356747852Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:18.358785977Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:18.364648852Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:18.370833147Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:18.373179328Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:18.380151867Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:18.38638782Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:18.390928639Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:18.392007777Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:18.394499474Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:18.396014599Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:18.397115187Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:18.39968396Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:18.40502405Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:18.410535876Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:18.412755325Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:18.41968703Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:18.424040761Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:18.428814554Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:18.429945753Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:18.432609823Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:18.435093765Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:18.436332363Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:18.441789596Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:18.44738436Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:18.453986841Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:18.455798181Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:18.462790648Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:18.467933478Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:18.472590056Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:18.474362269Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:18.476682847Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:18.478203887Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:18.479604784Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:18.482286705Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:18.48785842Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:18.494214014Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:18.497190642Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:18.506900547Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:18.519502122Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:18.526870707Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:18.528902666Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:18.531492443Z 59 PC: 12ab9 | Change current directory
2018-12-25T12:44:18.534648137Z 60 PC: 12ac5 | Create or truncate file