Sample viewer

vx.netlux.org/Virus.DOS.Vanq.688

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:09.117478932Z 60 PC: 12a92 | Create or truncate file
2018-12-17T23:07:09.124538011Z 78 PC: 12aaf | Find first file
2018-12-17T23:07:09.130883478Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:09.148040612Z 61 PC: 12b25 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:07:09.155181286Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:09.162678558Z 66 PC: 12b50 | Move file pointer
2018-12-17T23:07:09.164156427Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:09.166982985Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-17T23:07:09.170012491Z 66 PC: 12b6a | Move file pointer
2018-12-17T23:07:09.171759804Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-17T23:07:09.175104727Z 64 PC: 12b97 | Write file or device (Write 645 bytes on handle 5)
2018-12-17T23:07:09.185708284Z 62 PC: 12b9b | Close file
2018-12-17T23:07:09.193948743Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:09.196800252Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:09.208238492Z 61 PC: 12b25 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:07:09.214987568Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:09.221848834Z 66 PC: 12b50 | Move file pointer
2018-12-17T23:07:09.224946314Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:09.228041893Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-17T23:07:09.230454942Z 66 PC: 12b6a | Move file pointer
2018-12-17T23:07:09.232137089Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-17T23:07:09.235859108Z 64 PC: 12b97 | Write file or device (Write 645 bytes on handle 5)
2018-12-17T23:07:09.243804852Z 62 PC: 12b9b | Close file
2018-12-17T23:07:09.251748921Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:09.255292262Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:09.264906208Z 61 PC: 12b25 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:07:09.271903627Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:09.279945416Z 66 PC: 12b50 | Move file pointer
2018-12-17T23:07:09.281730108Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:09.285318773Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-17T23:07:09.288753056Z 66 PC: 12b6a | Move file pointer
2018-12-17T23:07:09.29058936Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-17T23:07:09.293832516Z 64 PC: 12b97 | Write file or device (Write 645 bytes on handle 5)
2018-12-17T23:07:09.3027639Z 62 PC: 12b9b | Close file
2018-12-17T23:07:09.311586829Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:09.314561309Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:09.324994421Z 61 PC: 12b25 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:07:09.332056093Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:09.338767178Z 66 PC: 12b50 | Move file pointer
2018-12-17T23:07:09.340642878Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:09.344349305Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-17T23:07:09.346758228Z 66 PC: 12b6a | Move file pointer
2018-12-17T23:07:09.348938884Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-17T23:07:09.353134408Z 64 PC: 12b97 | Write file or device (Write 645 bytes on handle 5)
2018-12-17T23:07:09.365506426Z 62 PC: 12b9b | Close file
2018-12-17T23:07:09.381179708Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:09.384828345Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:09.395133736Z 61 PC: 12b25 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:07:09.401772708Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:09.408946709Z 66 PC: 12b50 | Move file pointer
2018-12-17T23:07:09.411721876Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:09.415008122Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-17T23:07:09.418346344Z 66 PC: 12b6a | Move file pointer
2018-12-17T23:07:09.419851641Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-17T23:07:09.423156776Z 64 PC: 12b97 | Write file or device (Write 645 bytes on handle 5)
2018-12-17T23:07:09.433308965Z 62 PC: 12b9b | Close file
2018-12-17T23:07:09.443516691Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:09.446155573Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:09.457091002Z 61 PC: 12b25 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:07:09.465117102Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:09.471513404Z 66 PC: 12b50 | Move file pointer
2018-12-17T23:07:09.473221939Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:09.476965441Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-17T23:07:09.479206367Z 66 PC: 12b6a | Move file pointer
2018-12-17T23:07:09.480676194Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-17T23:07:09.489906056Z 64 PC: 12b97 | Write file or device (Write 645 bytes on handle 5)
2018-12-17T23:07:09.498430284Z 62 PC: 12b9b | Close file
2018-12-17T23:07:09.506625807Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:09.510149321Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:07:09.519556083Z 61 PC: 12b25 | Open file (Filename = 'PAH.COM')
2018-12-17T23:07:09.523742255Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:09.528228909Z 66 PC: 12b50 | Move file pointer
2018-12-17T23:07:09.530680393Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:09.532855551Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-17T23:07:09.53468335Z 66 PC: 12b6a | Move file pointer
2018-12-17T23:07:09.536332341Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-17T23:07:09.538375324Z 64 PC: 12b97 | Write file or device (Write 645 bytes on handle 5)
2018-12-17T23:07:09.543573228Z 62 PC: 12b9b | Close file
2018-12-17T23:07:09.548901595Z 79 PC: 12aaf | Find next file
2018-12-17T23:07:09.550551504Z 59 PC: 12ab9 | Change current directory
2018-12-17T23:07:09.556073796Z 60 PC: 12ac5 | Create or truncate file

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15776,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:30.681690259Z 60 PC: 12a92 | Create or truncate file
2018-12-25T12:44:30.687860726Z 78 PC: 12aaf | Find first file
2018-12-25T12:44:30.693803679Z 67 PC: 12b1d | Get or set file attributes
2018-12-25T12:44:30.709984912Z 61 PC: 12b25 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:30.722566288Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:30.72887995Z 66 PC: 12b50 | Move file pointer
2018-12-25T12:44:30.730210695Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:30.732767451Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-25T12:44:30.735114813Z 66 PC: 12b6a | Move file pointer
2018-12-25T12:44:30.736377118Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-25T12:44:30.739285648Z 64 PC: 12b97 | Write file or device (Write 645 bytes on handle 5)
2018-12-25T12:44:30.751744727Z 62 PC: 12b9b | Close file
2018-12-25T12:44:30.759573574Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:30.762173628Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:30.772526257Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:30.779088524Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:30.788033996Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:30.802323397Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:30.805289223Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:30.807947302Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:30.810832053Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:30.814503518Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:30.822762666Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:30.829188691Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:30.831490196Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:30.841379066Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:30.84862399Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:30.855384156Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:30.856975625Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:30.859298524Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:30.861874969Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:30.864058536Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:30.867866635Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:30.875857553Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:30.883752013Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:30.8867163Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:30.903879344Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:30.910678786Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:30.917084335Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:30.919208104Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:30.921935524Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:30.925009138Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:30.927313029Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:30.930974603Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:30.938751887Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:30.947510548Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:30.950755192Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:30.962322349Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:30.96973654Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:30.976529978Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:30.977899292Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:30.980761916Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:30.983434191Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:30.984813238Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:30.987985036Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:30.997183678Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:31.005285696Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:31.00815149Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:31.01911035Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:31.025812291Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:31.032692941Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:31.037568171Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:31.042463941Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:31.045193201Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:31.048201741Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:31.057061351Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:31.065559076Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:31.075019473Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:31.080229881Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T12:44:31.090287569Z 61 PC: 12b25 | Open file (See above)
2018-12-25T12:44:31.102597613Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T12:44:31.110477857Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T12:44:31.111905651Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T12:44:31.114716695Z 44 PC: 12bae | Get time (See above)
2018-12-25T12:44:31.117431791Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:44:31.118892484Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T12:44:31.121821698Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:44:31.133866533Z 62 PC: 12b9b | Close file (See above)
2018-12-25T12:44:31.141802911Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:44:31.144303901Z 59 PC: 12ab9 | Change current directory
2018-12-25T12:44:31.149168265Z 60 PC: 12ac5 | Create or truncate file

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":31,"TimeBased":true,"OriginalID":15776,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:28.341486617Z 60 PC: 12a92 | Create or truncate file
2018-12-25T13:07:28.347244291Z 78 PC: 12aaf | Find first file
2018-12-25T13:07:28.352806142Z 67 PC: 12b1d | Get or set file attributes
2018-12-25T13:07:28.368259771Z 61 PC: 12b25 | Open file (Filename = 'SLEEP.COM')
2018-12-25T13:07:28.380130554Z 63 PC: 12b31 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T13:07:28.388383571Z 66 PC: 12b50 | Move file pointer
2018-12-25T13:07:28.389709556Z 64 PC: 12b5e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T13:07:28.392631357Z 44 PC: 12bae | Get time 0x12bae: cmp dh, 0x1e
0x12bb1: ja 0x12bd3
0x12bb3: push word ptr [bp + 0x35e]
0x12bb7: pop word ptr [bp + 0x350]
0x12bbb: push word ptr [bp + 0x35d]
0x12bbf: pop word ptr [bp + 0x353]
0x12bc3: mov byte ptr [bp + 0x35e], 0
0x12bc8: mov byte ptr [bp + 0x35d], 0
0x12bcd: mov byte ptr [bp + 0x35c], 2
0x12bd2: ret
0x12bd3: push word ptr [bp + 0x35d]
0x12bd7: pop word ptr [bp + 0x350]
0x12bdb: push word ptr [bp + 0x35e]
0x12bdf: pop word ptr [bp + 0x353]
0x12be3: mov byte ptr [bp + 0x35e], 0
0x12be8: mov byte ptr [bp + 0x35d], 0
0x12bed: mov byte ptr [bp + 0x35c], 1
0x12bf2: ret
0x12bf3: pop bx
0x12bf4: jae 0x12c59
2018-12-25T13:07:28.394857821Z 66 PC: 12b6a | Move file pointer
2018-12-25T13:07:28.396147949Z 64 PC: 12b7b | Write file or device (Write 43 bytes on handle 5)
2018-12-25T13:07:28.399256696Z 64 PC: 12b97 | Write file or device (Write 645 bytes on handle 5)
2018-12-25T13:07:28.40746479Z 62 PC: 12b9b | Close file
2018-12-25T13:07:28.415186343Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T13:07:28.418412903Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T13:07:28.428808564Z 61 PC: 12b25 | Open file (See above)
2018-12-25T13:07:28.435137841Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T13:07:28.440387765Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T13:07:28.441628619Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T13:07:28.443321511Z 44 PC: 12bae | Get time (See above)
2018-12-25T13:07:28.445224884Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T13:07:28.447685246Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T13:07:28.450557368Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T13:07:28.458880849Z 62 PC: 12b9b | Close file (See above)
2018-12-25T13:07:28.466266126Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T13:07:28.468120619Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T13:07:28.475305436Z 61 PC: 12b25 | Open file (See above)
2018-12-25T13:07:28.48064112Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T13:07:28.486565172Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T13:07:28.487921759Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T13:07:28.490880603Z 44 PC: 12bae | Get time (See above)
2018-12-25T13:07:28.493451677Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T13:07:28.495259813Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T13:07:28.497917375Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T13:07:28.503433756Z 62 PC: 12b9b | Close file (See above)
2018-12-25T13:07:28.508746712Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T13:07:28.512081704Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T13:07:28.525098581Z 61 PC: 12b25 | Open file (See above)
2018-12-25T13:07:28.531758515Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T13:07:28.54666267Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T13:07:28.54796515Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T13:07:28.55041631Z 44 PC: 12bae | Get time (See above)
2018-12-25T13:07:28.553300531Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T13:07:28.55475137Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T13:07:28.557695431Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T13:07:28.566494423Z 62 PC: 12b9b | Close file (See above)
2018-12-25T13:07:28.574643138Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T13:07:28.577530315Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T13:07:28.588971661Z 61 PC: 12b25 | Open file (See above)
2018-12-25T13:07:28.59317626Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T13:07:28.598681818Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T13:07:28.602988748Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T13:07:28.605566059Z 44 PC: 12bae | Get time (See above)
2018-12-25T13:07:28.607665368Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T13:07:28.609365213Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T13:07:28.612316089Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T13:07:28.619730735Z 62 PC: 12b9b | Close file (See above)
2018-12-25T13:07:28.62811304Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T13:07:28.630720244Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T13:07:28.640171257Z 61 PC: 12b25 | Open file (See above)
2018-12-25T13:07:28.648125012Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T13:07:28.654304681Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T13:07:28.655817627Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T13:07:28.65890079Z 44 PC: 12bae | Get time (See above)
2018-12-25T13:07:28.661270279Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T13:07:28.662612657Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T13:07:28.671619144Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T13:07:28.679412056Z 62 PC: 12b9b | Close file (See above)
2018-12-25T13:07:28.68731049Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T13:07:28.691555311Z 67 PC: 12b1d | Get or set file attributes (See above)
2018-12-25T13:07:28.700977668Z 61 PC: 12b25 | Open file (See above)
2018-12-25T13:07:28.707367272Z 63 PC: 12b31 | Read file or device (See above)
2018-12-25T13:07:28.713777978Z 66 PC: 12b50 | Move file pointer (See above)
2018-12-25T13:07:28.715559728Z 64 PC: 12b5e | Write file or device (See above)
2018-12-25T13:07:28.718359377Z 44 PC: 12bae | Get time (See above)
2018-12-25T13:07:28.721157926Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T13:07:28.722489019Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T13:07:28.72526362Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T13:07:28.733688716Z 62 PC: 12b9b | Close file (See above)
2018-12-25T13:07:28.74179703Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T13:07:28.744216438Z 59 PC: 12ab9 | Change current directory
2018-12-25T13:07:28.748457164Z 60 PC: 12ac5 | Create or truncate file