Sample viewer

vx.netlux.org/Virus.DOS.VCL.Phoebe.2483

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:53.705497606Z 78 PC: 12a65 | Find first file
2018-12-17T22:58:53.713375332Z 61 PC: 12a87 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:53.721600862Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:53.728311895Z 66 PC: 12ab3 | Move file pointer
2018-12-17T22:58:53.737656488Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:53.741182665Z 66 PC: 12ac7 | Move file pointer
2018-12-17T22:58:53.742814833Z 64 PC: 12ad2 | Write file or device (Write 2483 bytes on handle 5)
2018-12-17T22:58:53.758193318Z 63 PC: 12ad9 | Read file or device (Read 2483 bytes on handle 5)
2018-12-17T22:58:53.760947494Z 79 PC: 12a7b | Find next file
2018-12-17T22:58:53.76399381Z 61 PC: 12a87 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:53.771062155Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 6)
2018-12-17T22:58:53.779096816Z 66 PC: 12ab3 | Move file pointer
2018-12-17T22:58:53.780922888Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 6)
2018-12-17T22:58:53.784040247Z 66 PC: 12ac7 | Move file pointer
2018-12-17T22:58:53.786667745Z 64 PC: 12ad2 | Write file or device (Write 2483 bytes on handle 6)
2018-12-17T22:58:53.795288137Z 63 PC: 12ad9 | Read file or device (Read 2483 bytes on handle 6)
2018-12-17T22:58:53.796886621Z 79 PC: 12a7b | Find next file
2018-12-17T22:58:53.799639716Z 61 PC: 12a87 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:58:53.805137529Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 7)
2018-12-17T22:58:53.810743395Z 66 PC: 12ab3 | Move file pointer
2018-12-17T22:58:53.812444703Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 7)
2018-12-17T22:58:53.817846856Z 66 PC: 12ac7 | Move file pointer
2018-12-17T22:58:53.820902679Z 64 PC: 12ad2 | Write file or device (Write 2483 bytes on handle 7)
2018-12-17T22:58:53.838336757Z 63 PC: 12ad9 | Read file or device (Read 2483 bytes on handle 7)
2018-12-17T22:58:53.841082647Z 79 PC: 12a7b | Find next file
2018-12-17T22:58:53.845415361Z 61 PC: 12a87 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:58:53.853057654Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 8)
2018-12-17T22:58:53.860304615Z 66 PC: 12ab3 | Move file pointer
2018-12-17T22:58:53.863101321Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 8)
2018-12-17T22:58:53.866998767Z 66 PC: 12ac7 | Move file pointer
2018-12-17T22:58:53.869952228Z 64 PC: 12ad2 | Write file or device (Write 2483 bytes on handle 8)
2018-12-17T22:58:53.880467041Z 63 PC: 12ad9 | Read file or device (Read 2483 bytes on handle 8)
2018-12-17T22:58:53.882608776Z 79 PC: 12a7b | Find next file
2018-12-17T22:58:53.88562749Z 61 PC: 12a87 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:58:53.894042246Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 9)
2018-12-17T22:58:53.901164702Z 66 PC: 12ab3 | Move file pointer
2018-12-17T22:58:53.902949597Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 9)
2018-12-17T22:58:53.9073194Z 66 PC: 12ac7 | Move file pointer
2018-12-17T22:58:53.909591721Z 64 PC: 12ad2 | Write file or device (Write 2483 bytes on handle 9)
2018-12-17T22:58:53.919723373Z 63 PC: 12ad9 | Read file or device (Read 2483 bytes on handle 9)
2018-12-17T22:58:53.922522885Z 79 PC: 12a7b | Find next file
2018-12-17T22:58:53.92646835Z 61 PC: 12a87 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:58:53.933875341Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 10)
2018-12-17T22:58:53.941461049Z 66 PC: 12ab3 | Move file pointer
2018-12-17T22:58:53.944918277Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 10)
2018-12-17T22:58:53.948025927Z 66 PC: 12ac7 | Move file pointer
2018-12-17T22:58:53.949782278Z 64 PC: 12ad2 | Write file or device (Write 2483 bytes on handle 10)
2018-12-17T22:58:53.962184919Z 63 PC: 12ad9 | Read file or device (Read 2483 bytes on handle 10)
2018-12-17T22:58:53.964403158Z 79 PC: 12a7b | Find next file
2018-12-17T22:58:53.967668576Z 61 PC: 12a87 | Open file (Filename = 'PAH.COM')
2018-12-17T22:58:53.976627363Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 11)
2018-12-17T22:58:53.983912666Z 66 PC: 12ab3 | Move file pointer
2018-12-17T22:58:53.985443403Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 11)
2018-12-17T22:58:53.989094696Z 66 PC: 12ac7 | Move file pointer
2018-12-17T22:58:53.991179614Z 64 PC: 12ad2 | Write file or device (Write 2483 bytes on handle 11)
2018-12-17T22:58:54.00083916Z 63 PC: 12ad9 | Read file or device (Read 2483 bytes on handle 11)
2018-12-17T22:58:54.003727158Z 79 PC: 12a7b | Find next file
2018-12-17T22:58:54.007321895Z 61 PC: 12a87 | Open file (Filename = 'TEST.COM')
2018-12-17T22:58:54.01556661Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 12)
2018-12-17T22:58:54.019257367Z 63 PC: 12ad9 | Read file or device (Read 3 bytes on handle 12)
2018-12-17T22:58:54.022776541Z 79 PC: 12a7b | Find next file
2018-12-17T22:58:54.025452952Z 59 PC: 12a72 | Change current directory
2018-12-17T22:58:54.030025596Z 42 PC: 12adf | Get date 0x12adf: cmp al, 1
0x12ae1: je 0x12ae6
0x12ae3: jmp 0x12b01
0x12ae6: mov ah, 9
0x12ae8: mov dx, 0x1d2
0x12aeb: int 0x21
0x12aed: mov ah, 1
0x12aef: mov dx, 0
0x12af2: int 0x17
0x12af4: mov si, 0x265
0x12af7: mov cx, 0x84e
0x12afa: mov ah, 0
0x12afc: lodsb al, byte ptr [si]
0x12afd: int 0x17
0x12aff: loop 0x12afa
0x12b01: mov di, 0x100
0x12b04: jmp di
0x12b06: jmp 0x12b23
0x12b09: sub ch, byte ptr [0x6f63]
0x12b0d: insw word ptr es:[di], dx
2018-12-17T22:58:54.033519392Z 9 PC: 12aed | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13040,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:10.92255803Z 78 PC: 12a65 | Find first file
2018-12-25T12:37:10.929908122Z 61 PC: 12a87 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:10.937295858Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:10.946275397Z 66 PC: 12ab3 | Move file pointer
2018-12-25T12:37:10.948484462Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:10.951522987Z 66 PC: 12ac7 | Move file pointer
2018-12-25T12:37:10.953012943Z 64 PC: 12ad2 | Write file or device (Write 2483 bytes on handle 5)
2018-12-25T12:37:10.969624871Z 63 PC: 12ad9 | Read file or device (Read 2483 bytes on handle 5)
2018-12-25T12:37:10.971644548Z 79 PC: 12a7b | Find next file
2018-12-25T12:37:10.97442004Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:10.982238731Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:10.989652896Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:10.991063966Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:10.993849571Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:10.995789629Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.005325585Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.007187792Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.010578251Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.01783903Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.024751616Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.026355887Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.029379766Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.030826154Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.040975452Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.043997706Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.046763034Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.054482783Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.062025207Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.06297016Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.064904233Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.06707094Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.076787289Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.079193051Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.083295557Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.090651166Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.097813592Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.10041443Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.103586285Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.105259785Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.11566959Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.118871479Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.123063696Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.130970011Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.138747771Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.140241935Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.143174985Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.146798516Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.156451991Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.15836392Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.162123655Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.16935049Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.177315338Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.18009295Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.183140216Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.185164921Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.196419836Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.199113847Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.203023209Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.211124584Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.214407687Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.217105621Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.219715345Z 59 PC: 12a72 | Change current directory
2018-12-25T12:37:11.224736676Z 42 PC: 12adf | Get date 0x12adf: cmp al, 1
0x12ae1: je 0x12ae6
0x12ae3: jmp 0x12b01
0x12ae6: mov ah, 9
0x12ae8: mov dx, 0x1d2
0x12aeb: int 0x21
0x12aed: mov ah, 1
0x12aef: mov dx, 0
0x12af2: int 0x17
0x12af4: mov si, 0x265
0x12af7: mov cx, 0x84e
0x12afa: mov ah, 0
0x12afc: lodsb al, byte ptr [si]
0x12afd: int 0x17
0x12aff: loop 0x12afa
0x12b01: mov di, 0x100
0x12b04: jmp di
0x12b06: jmp 0x12b23
0x12b09: sub ch, byte ptr [0x6f63]
0x12b0d: insw word ptr es:[di], dx

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13040,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:11.168691628Z 78 PC: 12a65 | Find first file
2018-12-25T12:37:11.175316692Z 61 PC: 12a87 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:11.184173918Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:11.191109597Z 66 PC: 12ab3 | Move file pointer
2018-12-25T12:37:11.193567316Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:11.196556226Z 66 PC: 12ac7 | Move file pointer
2018-12-25T12:37:11.19787442Z 64 PC: 12ad2 | Write file or device (Write 2483 bytes on handle 5)
2018-12-25T12:37:11.217296723Z 63 PC: 12ad9 | Read file or device (Read 2483 bytes on handle 5)
2018-12-25T12:37:11.222343627Z 79 PC: 12a7b | Find next file
2018-12-25T12:37:11.228854609Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.235832946Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.242569709Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.244296356Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.247234222Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.249430525Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.258689288Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.260754184Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.264277108Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.271068589Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.277625716Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.279824205Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.282656389Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.284264563Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.293981625Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.296071403Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.298930999Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.306510194Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.313422739Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.315121602Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.318395679Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.32002256Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.328638262Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.330564867Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.332778344Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.336953146Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.341367328Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.344161126Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.346348482Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.347407976Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.353511527Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.354796563Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.356475968Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.360844997Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.364792293Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.365839676Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.367959686Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.369206696Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.374931265Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.37675377Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.378489351Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.38272939Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.387414906Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.388494422Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.390381409Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.392024043Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.398290605Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.399619405Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.402437518Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.406437182Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.408130349Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.411186018Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.413780319Z 59 PC: 12a72 | Change current directory
2018-12-25T12:37:11.418099101Z 42 PC: 12adf | Get date 0x12adf: cmp al, 1
0x12ae1: je 0x12ae6
0x12ae3: jmp 0x12b01
0x12ae6: mov ah, 9
0x12ae8: mov dx, 0x1d2
0x12aeb: int 0x21
0x12aed: mov ah, 1
0x12aef: mov dx, 0
0x12af2: int 0x17
0x12af4: mov si, 0x265
0x12af7: mov cx, 0x84e
0x12afa: mov ah, 0
0x12afc: lodsb al, byte ptr [si]
0x12afd: int 0x17
0x12aff: loop 0x12afa
0x12b01: mov di, 0x100
0x12b04: jmp di
0x12b06: jmp 0x12b23
0x12b09: sub ch, byte ptr [0x6f63]
0x12b0d: insw word ptr es:[di], dx
2018-12-25T12:37:11.421051396Z 9 PC: 12aed | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13040,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:11.193267716Z 78 PC: 12a65 | Find first file
2018-12-25T12:37:11.200272645Z 61 PC: 12a87 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:11.210793905Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:11.217086407Z 66 PC: 12ab3 | Move file pointer
2018-12-25T12:37:11.219575175Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:11.222404828Z 66 PC: 12ac7 | Move file pointer
2018-12-25T12:37:11.224012665Z 64 PC: 12ad2 | Write file or device (Write 2483 bytes on handle 5)
2018-12-25T12:37:11.237349318Z 63 PC: 12ad9 | Read file or device (Read 2483 bytes on handle 5)
2018-12-25T12:37:11.244594105Z 79 PC: 12a7b | Find next file
2018-12-25T12:37:11.250466797Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.257872355Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.26420253Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.265528782Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.268546759Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.274695838Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.283282022Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.28527587Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.296190978Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.311084436Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.318190035Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.320518644Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.32312828Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.324676772Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.333611892Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.335305706Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.337891868Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.345316341Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.351805357Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.35345521Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.357484453Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.359361832Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.368052379Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.37578308Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.378399474Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.385556273Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.393137882Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.394831851Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.397703635Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.399979554Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.40850705Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.410296234Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.413431467Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.419993509Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.426791954Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.428775674Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.431503666Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.433001849Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.442083928Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.444108659Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.446623636Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.454485585Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.461107737Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.462636278Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.465641355Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.467742464Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.476381174Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.478577317Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.481672826Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.488302693Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.491046157Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.494639059Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.497198123Z 59 PC: 12a72 | Change current directory
2018-12-25T12:37:11.501430436Z 42 PC: 12adf | Get date 0x12adf: cmp al, 1
0x12ae1: je 0x12ae6
0x12ae3: jmp 0x12b01
0x12ae6: mov ah, 9
0x12ae8: mov dx, 0x1d2
0x12aeb: int 0x21
0x12aed: mov ah, 1
0x12aef: mov dx, 0
0x12af2: int 0x17
0x12af4: mov si, 0x265
0x12af7: mov cx, 0x84e
0x12afa: mov ah, 0
0x12afc: lodsb al, byte ptr [si]
0x12afd: int 0x17
0x12aff: loop 0x12afa
0x12b01: mov di, 0x100
0x12b04: jmp di
0x12b06: jmp 0x12b23
0x12b09: sub ch, byte ptr [0x6f63]
0x12b0d: insw word ptr es:[di], dx

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13040,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:11.522036403Z 78 PC: 12a65 | Find first file
2018-12-25T12:37:11.528944403Z 61 PC: 12a87 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:11.542665377Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:11.548786437Z 66 PC: 12ab3 | Move file pointer
2018-12-25T12:37:11.550190469Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:11.554001184Z 66 PC: 12ac7 | Move file pointer
2018-12-25T12:37:11.555811563Z 64 PC: 12ad2 | Write file or device (Write 2483 bytes on handle 5)
2018-12-25T12:37:11.568729561Z 63 PC: 12ad9 | Read file or device (Read 2483 bytes on handle 5)
2018-12-25T12:37:11.570681256Z 79 PC: 12a7b | Find next file
2018-12-25T12:37:11.57314531Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.579454973Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.586497702Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.587698349Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.590176403Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.596877913Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.605570093Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.607251491Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.610301955Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.617017172Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.623050843Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.625156462Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.627772674Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.629087363Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.637744337Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.640643254Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.643459568Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.65006952Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.657183276Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.658389186Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.660867592Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.662672547Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.671124915Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.672783814Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.675844562Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.682125383Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.688292546Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.689884225Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.692329617Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.693428547Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.702154281Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.703888001Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.706310305Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.713026117Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.719143228Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.72034338Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.724126601Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.725298752Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.733706227Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.73576843Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.738132685Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.74418862Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.750825399Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:37:11.752008997Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:37:11.75447667Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:37:11.755920477Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:37:11.764424913Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.766013667Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.768449349Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:37:11.774939469Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:37:11.777298023Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:37:11.779681654Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:37:11.782158058Z 59 PC: 12a72 | Change current directory
2018-12-25T12:37:11.786628855Z 42 PC: 12adf | Get date 0x12adf: cmp al, 1
0x12ae1: je 0x12ae6
0x12ae3: jmp 0x12b01
0x12ae6: mov ah, 9
0x12ae8: mov dx, 0x1d2
0x12aeb: int 0x21
0x12aed: mov ah, 1
0x12aef: mov dx, 0
0x12af2: int 0x17
0x12af4: mov si, 0x265
0x12af7: mov cx, 0x84e
0x12afa: mov ah, 0
0x12afc: lodsb al, byte ptr [si]
0x12afd: int 0x17
0x12aff: loop 0x12afa
0x12b01: mov di, 0x100
0x12b04: jmp di
0x12b06: jmp 0x12b23
0x12b09: sub ch, byte ptr [0x6f63]
0x12b0d: insw word ptr es:[di], dx
2018-12-25T12:37:11.788706991Z 9 PC: 12aed | Display string (Could not find end pointer)