Sample viewer

vx.netlux.org/Virus.DOS.Nuke.Jak.991

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:28.201771829Z 71 PC: 12f0f | Get current directory
2018-12-17T23:01:28.205177161Z 59 PC: 12f1a | Change current directory
2018-12-17T23:01:28.210774401Z 26 PC: 12fce | Set disk transfer address
2018-12-17T23:01:28.212098602Z 78 PC: 12fdc | Find first file
2018-12-17T23:01:28.219012576Z 61 PC: 13008 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:28.227026731Z 63 PC: 1301a | Read file or device (Read 8 bytes on handle 5)
2018-12-17T23:01:28.234855637Z 44 PC: 13054 | Get time 0x13054: add dl, dh
0x13056: je 0x13050
0x13058: mov si, 0x115
0x1305b: add si, word ptr [0x106]
0x1305f: mov byte ptr [si], dl
0x13061: mov ax, 0x4301
0x13064: xor cx, cx
0x13066: mov dx, si
0x13068: add dx, 0xb6
0x1306c: int 0x21
0x1306e: mov ah, 0x3e
0x13070: int 0x21
0x13072: mov ax, 0x3d02
0x13075: int 0x21
0x13077: jb 0x13029
0x13079: mov di, dx
0x1307b: add di, 0x5d
0x1307e: stosw word ptr es:[di], ax
0x1307f: xchg ax, bx
0x13080: mov ah, 0x40
2018-12-17T23:01:28.2371951Z 67 PC: 1306e | Get or set file attributes
2018-12-17T23:01:28.25774115Z 62 PC: 13072 | Close file
2018-12-17T23:01:28.260119793Z 61 PC: 13077 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:28.273129534Z 64 PC: 1308a | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:01:28.282275351Z 64 PC: 1309c | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:01:28.285778805Z 64 PC: 130b1 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:01:28.2889513Z 66 PC: 130ba | Move file pointer
2018-12-17T23:01:28.29149378Z 64 PC: 12e64 | Write file or device (Write 991 bytes on handle 5)
2018-12-17T23:01:28.302092783Z 87 PC: 130d3 | Get or set file date and time
2018-12-17T23:01:28.304125558Z 62 PC: 130d7 | Close file
2018-12-17T23:01:28.312811566Z 67 PC: 130e8 | Get or set file attributes
2018-12-17T23:01:28.32489057Z 79 PC: 12ff0 | Find next file
2018-12-17T23:01:28.327779812Z 61 PC: 13008 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:01:28.335936485Z 63 PC: 1301a | Read file or device (Read 8 bytes on handle 5)
2018-12-17T23:01:28.343417426Z 44 PC: 13054 | Get time 0x13054: add dl, dh
0x13056: je 0x13050
0x13058: mov si, 0x115
0x1305b: add si, word ptr [0x106]
0x1305f: mov byte ptr [si], dl
0x13061: mov ax, 0x4301
0x13064: xor cx, cx
0x13066: mov dx, si
0x13068: add dx, 0xb6
0x1306c: int 0x21
0x1306e: mov ah, 0x3e
0x13070: int 0x21
0x13072: mov ax, 0x3d02
0x13075: int 0x21
0x13077: jb 0x13029
0x13079: mov di, dx
0x1307b: add di, 0x5d
0x1307e: stosw word ptr es:[di], ax
0x1307f: xchg ax, bx
0x13080: mov ah, 0x40
2018-12-17T23:01:28.346410464Z 67 PC: 1306e | Get or set file attributes
2018-12-17T23:01:28.357862422Z 62 PC: 13072 | Close file
2018-12-17T23:01:28.360925279Z 61 PC: 13077 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:01:28.368655441Z 64 PC: 1308a | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:01:28.371885462Z 64 PC: 1309c | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:01:28.374913158Z 64 PC: 130b1 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:01:28.379010279Z 66 PC: 130ba | Move file pointer
2018-12-17T23:01:28.381219165Z 64 PC: 12e64 | Write file or device (Write 991 bytes on handle 5)
2018-12-17T23:01:28.390504788Z 87 PC: 130d3 | Get or set file date and time
2018-12-17T23:01:28.393632017Z 62 PC: 130d7 | Close file
2018-12-17T23:01:28.402580826Z 67 PC: 130e8 | Get or set file attributes
2018-12-17T23:01:28.413427592Z 79 PC: 12ff0 | Find next file
2018-12-17T23:01:28.417117538Z 61 PC: 13008 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:01:28.43838853Z 63 PC: 1301a | Read file or device (Read 8 bytes on handle 5)
2018-12-17T23:01:28.446151093Z 44 PC: 13054 | Get time 0x13054: add dl, dh
0x13056: je 0x13050
0x13058: mov si, 0x115
0x1305b: add si, word ptr [0x106]
0x1305f: mov byte ptr [si], dl
0x13061: mov ax, 0x4301
0x13064: xor cx, cx
0x13066: mov dx, si
0x13068: add dx, 0xb6
0x1306c: int 0x21
0x1306e: mov ah, 0x3e
0x13070: int 0x21
0x13072: mov ax, 0x3d02
0x13075: int 0x21
0x13077: jb 0x13029
0x13079: mov di, dx
0x1307b: add di, 0x5d
0x1307e: stosw word ptr es:[di], ax
0x1307f: xchg ax, bx
0x13080: mov ah, 0x40
2018-12-17T23:01:28.449580989Z 67 PC: 1306e | Get or set file attributes
2018-12-17T23:01:28.461464105Z 62 PC: 13072 | Close file
2018-12-17T23:01:28.463893825Z 61 PC: 13077 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:01:28.473230494Z 64 PC: 1308a | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:01:28.476849888Z 64 PC: 1309c | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:01:28.48021179Z 64 PC: 130b1 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:01:28.483542718Z 66 PC: 130ba | Move file pointer
2018-12-17T23:01:28.486185225Z 64 PC: 12e64 | Write file or device (Write 991 bytes on handle 5)
2018-12-17T23:01:28.496250285Z 87 PC: 130d3 | Get or set file date and time
2018-12-17T23:01:28.498084237Z 62 PC: 130d7 | Close file
2018-12-17T23:01:28.50792188Z 67 PC: 130e8 | Get or set file attributes
2018-12-17T23:01:28.519732537Z 53 PC: 13132 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:01:28.52150404Z 37 PC: 13144 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:01:28.523777282Z 73 PC: 1314e | Release memory
2018-12-17T23:01:28.525529363Z 49 PC: 13157 | Terminate and stay resident (Return code = '0' | Memory size = '34')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13890,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:25.109060039Z 71 PC: 12f0f | Get current directory
2018-12-25T13:07:25.112977289Z 59 PC: 12f1a | Change current directory
2018-12-25T13:07:25.116822289Z 26 PC: 12fce | Set disk transfer address
2018-12-25T13:07:25.11785654Z 78 PC: 12fdc | Find first file
2018-12-25T13:07:25.124097581Z 61 PC: 13008 | Open file (Filename = 'SLEEP.COM')
2018-12-25T13:07:25.130813362Z 63 PC: 1301a | Read file or device (Read 8 bytes on handle 5)
2018-12-25T13:07:25.13731318Z 44 PC: 13054 | Get time 0x13054: add dl, dh
0x13056: je 0x13050
0x13058: mov si, 0x115
0x1305b: add si, word ptr [0x106]
0x1305f: mov byte ptr [si], dl
0x13061: mov ax, 0x4301
0x13064: xor cx, cx
0x13066: mov dx, si
0x13068: add dx, 0xb6
0x1306c: int 0x21
0x1306e: mov ah, 0x3e
0x13070: int 0x21
0x13072: mov ax, 0x3d02
0x13075: int 0x21
0x13077: jb 0x13029
0x13079: mov di, dx
0x1307b: add di, 0x5d
0x1307e: stosw word ptr es:[di], ax
0x1307f: xchg ax, bx
0x13080: mov ah, 0x40
2018-12-25T13:07:25.13941059Z 67 PC: 1306e | Get or set file attributes
2018-12-25T13:07:25.158483551Z 62 PC: 13072 | Close file
2018-12-25T13:07:25.160998565Z 61 PC: 13077 | Open file (Filename = 'SLEEP.COM')
2018-12-25T13:07:25.169969695Z 64 PC: 1308a | Write file or device (Write 4 bytes on handle 5)
2018-12-25T13:07:25.177069853Z 64 PC: 1309c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T13:07:25.179256119Z 64 PC: 130b1 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T13:07:25.181775444Z 66 PC: 130ba | Move file pointer
2018-12-25T13:07:25.185072901Z 64 PC: 12e64 | Write file or device (Write 991 bytes on handle 5)
2018-12-25T13:07:25.197962633Z 87 PC: 130d3 | Get or set file date and time
2018-12-25T13:07:25.199622311Z 62 PC: 130d7 | Close file
2018-12-25T13:07:25.207707822Z 67 PC: 130e8 | Get or set file attributes
2018-12-25T13:07:25.217262464Z 79 PC: 12ff0 | Find next file
2018-12-25T13:07:25.2197285Z 61 PC: 13008 | Open file (See above)
2018-12-25T13:07:25.227023297Z 63 PC: 1301a | Read file or device (See above)
2018-12-25T13:07:25.233672549Z 44 PC: 13054 | Get time (See above)
2018-12-25T13:07:25.235966479Z 67 PC: 1306e | Get or set file attributes (See above)
2018-12-25T13:07:25.245981006Z 62 PC: 13072 | Close file (See above)
2018-12-25T13:07:25.247720965Z 61 PC: 13077 | Open file (See above)
2018-12-25T13:07:25.254788342Z 64 PC: 1308a | Write file or device (See above)
2018-12-25T13:07:25.2589893Z 64 PC: 1309c | Write file or device (See above)
2018-12-25T13:07:25.261481468Z 64 PC: 130b1 | Write file or device (See above)
2018-12-25T13:07:25.264133319Z 66 PC: 130ba | Move file pointer (See above)
2018-12-25T13:07:25.265865124Z 64 PC: 12e64 | Write file or device (See above)
2018-12-25T13:07:25.274374727Z 87 PC: 130d3 | Get or set file date and time (See above)
2018-12-25T13:07:25.275895301Z 62 PC: 130d7 | Close file (See above)
2018-12-25T13:07:25.283935321Z 67 PC: 130e8 | Get or set file attributes (See above)
2018-12-25T13:07:25.29470224Z 79 PC: 12ff0 | Find next file (See above)
2018-12-25T13:07:25.297337014Z 61 PC: 13008 | Open file (See above)
2018-12-25T13:07:25.303981621Z 63 PC: 1301a | Read file or device (See above)
2018-12-25T13:07:25.311518581Z 44 PC: 13054 | Get time (See above)
2018-12-25T13:07:25.314431185Z 67 PC: 1306e | Get or set file attributes (See above)
2018-12-25T13:07:25.324365617Z 62 PC: 13072 | Close file (See above)
2018-12-25T13:07:25.326602549Z 61 PC: 13077 | Open file (See above)
2018-12-25T13:07:25.333371881Z 64 PC: 1308a | Write file or device (See above)
2018-12-25T13:07:25.33606946Z 64 PC: 1309c | Write file or device (See above)
2018-12-25T13:07:25.339003989Z 64 PC: 130b1 | Write file or device (See above)
2018-12-25T13:07:25.341451006Z 66 PC: 130ba | Move file pointer (See above)
2018-12-25T13:07:25.343233895Z 64 PC: 12e64 | Write file or device (See above)
2018-12-25T13:07:25.352578078Z 87 PC: 130d3 | Get or set file date and time (See above)
2018-12-25T13:07:25.354575037Z 62 PC: 130d7 | Close file (See above)
2018-12-25T13:07:25.362554986Z 67 PC: 130e8 | Get or set file attributes (See above)
2018-12-25T13:07:25.372971237Z 53 PC: 13132 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T13:07:25.374101283Z 37 PC: 13144 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T13:07:25.375173359Z 73 PC: 1314e | Release memory
2018-12-25T13:07:25.376683623Z 49 PC: 13157 | Terminate and stay resident (Return code = '0' | Memory size = '34')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13890,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:18.64184154Z 71 PC: 12f0f | Get current directory
2018-12-25T12:39:18.652199889Z 59 PC: 12f1a | Change current directory
2018-12-25T12:39:18.655587002Z 26 PC: 12fce | Set disk transfer address
2018-12-25T12:39:18.657221031Z 78 PC: 12fdc | Find first file
2018-12-25T12:39:18.664966905Z 61 PC: 13008 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:18.673320067Z 63 PC: 1301a | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:18.680852087Z 44 PC: 13054 | Get time 0x13054: add dl, dh
0x13056: je 0x13050
0x13058: mov si, 0x115
0x1305b: add si, word ptr [0x106]
0x1305f: mov byte ptr [si], dl
0x13061: mov ax, 0x4301
0x13064: xor cx, cx
0x13066: mov dx, si
0x13068: add dx, 0xb6
0x1306c: int 0x21
0x1306e: mov ah, 0x3e
0x13070: int 0x21
0x13072: mov ax, 0x3d02
0x13075: int 0x21
0x13077: jb 0x13029
0x13079: mov di, dx
0x1307b: add di, 0x5d
0x1307e: stosw word ptr es:[di], ax
0x1307f: xchg ax, bx
0x13080: mov ah, 0x40
2018-12-25T12:39:18.68363027Z 67 PC: 1306e | Get or set file attributes
2018-12-25T12:39:18.703721117Z 62 PC: 13072 | Close file
2018-12-25T12:39:18.705677726Z 61 PC: 13077 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:18.714055683Z 64 PC: 1308a | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:18.721459304Z 64 PC: 1309c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:18.724361602Z 64 PC: 130b1 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:18.727205831Z 66 PC: 130ba | Move file pointer
2018-12-25T12:39:18.72954672Z 64 PC: 12e64 | Write file or device (Write 991 bytes on handle 5)
2018-12-25T12:39:18.73942931Z 87 PC: 130d3 | Get or set file date and time
2018-12-25T12:39:18.741350469Z 62 PC: 130d7 | Close file
2018-12-25T12:39:18.750897076Z 67 PC: 130e8 | Get or set file attributes
2018-12-25T12:39:18.7620047Z 79 PC: 12ff0 | Find next file
2018-12-25T12:39:18.766311916Z 61 PC: 13008 | Open file (See above)
2018-12-25T12:39:18.77455426Z 63 PC: 1301a | Read file or device (See above)
2018-12-25T12:39:18.779422125Z 44 PC: 13054 | Get time (See above)
2018-12-25T12:39:18.781795503Z 67 PC: 1306e | Get or set file attributes (See above)
2018-12-25T12:39:18.790877377Z 62 PC: 13072 | Close file (See above)
2018-12-25T12:39:18.792752471Z 61 PC: 13077 | Open file (See above)
2018-12-25T12:39:18.800614375Z 64 PC: 1308a | Write file or device (See above)
2018-12-25T12:39:18.804272333Z 64 PC: 1309c | Write file or device (See above)
2018-12-25T12:39:18.807753166Z 64 PC: 130b1 | Write file or device (See above)
2018-12-25T12:39:18.81163016Z 66 PC: 130ba | Move file pointer (See above)
2018-12-25T12:39:18.815008962Z 64 PC: 12e64 | Write file or device (See above)
2018-12-25T12:39:18.824339596Z 87 PC: 130d3 | Get or set file date and time (See above)
2018-12-25T12:39:18.826076219Z 62 PC: 130d7 | Close file (See above)
2018-12-25T12:39:18.835465098Z 67 PC: 130e8 | Get or set file attributes (See above)
2018-12-25T12:39:18.846814544Z 79 PC: 12ff0 | Find next file (See above)
2018-12-25T12:39:18.849892462Z 61 PC: 13008 | Open file (See above)
2018-12-25T12:39:18.859008439Z 63 PC: 1301a | Read file or device (See above)
2018-12-25T12:39:18.869020951Z 44 PC: 13054 | Get time (See above)
2018-12-25T12:39:18.871551315Z 67 PC: 1306e | Get or set file attributes (See above)
2018-12-25T12:39:18.882705628Z 62 PC: 13072 | Close file (See above)
2018-12-25T12:39:18.885390565Z 61 PC: 13077 | Open file (See above)
2018-12-25T12:39:18.893156233Z 64 PC: 1308a | Write file or device (See above)
2018-12-25T12:39:18.897481557Z 64 PC: 1309c | Write file or device (See above)
2018-12-25T12:39:18.901534139Z 64 PC: 130b1 | Write file or device (See above)
2018-12-25T12:39:18.904312151Z 66 PC: 130ba | Move file pointer (See above)
2018-12-25T12:39:18.906178123Z 64 PC: 12e64 | Write file or device (See above)
2018-12-25T12:39:18.91649936Z 87 PC: 130d3 | Get or set file date and time (See above)
2018-12-25T12:39:18.918219257Z 62 PC: 130d7 | Close file (See above)
2018-12-25T12:39:18.926844935Z 67 PC: 130e8 | Get or set file attributes (See above)
2018-12-25T12:39:18.939366855Z 53 PC: 13132 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:39:18.941053708Z 37 PC: 13144 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:39:18.942764931Z 73 PC: 1314e | Release memory
2018-12-25T12:39:18.945672408Z 49 PC: 13157 | Terminate and stay resident (Return code = '0' | Memory size = '34')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13890,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:18.683606854Z 71 PC: 12f0f | Get current directory
2018-12-25T12:39:18.686193104Z 59 PC: 12f1a | Change current directory
2018-12-25T12:39:18.690956548Z 26 PC: 12fce | Set disk transfer address
2018-12-25T12:39:18.692296654Z 78 PC: 12fdc | Find first file
2018-12-25T12:39:18.698710378Z 61 PC: 13008 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:18.703897261Z 63 PC: 1301a | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:18.710990721Z 44 PC: 13054 | Get time 0x13054: add dl, dh
0x13056: je 0x13050
0x13058: mov si, 0x115
0x1305b: add si, word ptr [0x106]
0x1305f: mov byte ptr [si], dl
0x13061: mov ax, 0x4301
0x13064: xor cx, cx
0x13066: mov dx, si
0x13068: add dx, 0xb6
0x1306c: int 0x21
0x1306e: mov ah, 0x3e
0x13070: int 0x21
0x13072: mov ax, 0x3d02
0x13075: int 0x21
0x13077: jb 0x13029
0x13079: mov di, dx
0x1307b: add di, 0x5d
0x1307e: stosw word ptr es:[di], ax
0x1307f: xchg ax, bx
0x13080: mov ah, 0x40
2018-12-25T12:39:18.713473475Z 67 PC: 1306e | Get or set file attributes
2018-12-25T12:39:18.73461691Z 62 PC: 13072 | Close file
2018-12-25T12:39:18.739172983Z 61 PC: 13077 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:18.749765556Z 64 PC: 1308a | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:18.756740122Z 64 PC: 1309c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:18.759181173Z 64 PC: 130b1 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:18.761685628Z 66 PC: 130ba | Move file pointer
2018-12-25T12:39:18.763520268Z 64 PC: 12e64 | Write file or device (Write 991 bytes on handle 5)
2018-12-25T12:39:18.773243238Z 87 PC: 130d3 | Get or set file date and time
2018-12-25T12:39:18.774850882Z 62 PC: 130d7 | Close file
2018-12-25T12:39:18.783292745Z 67 PC: 130e8 | Get or set file attributes
2018-12-25T12:39:18.794195333Z 79 PC: 12ff0 | Find next file
2018-12-25T12:39:18.796998345Z 61 PC: 13008 | Open file (See above)
2018-12-25T12:39:18.804468146Z 63 PC: 1301a | Read file or device (See above)
2018-12-25T12:39:18.812082259Z 44 PC: 13054 | Get time (See above)
2018-12-25T12:39:18.814700856Z 67 PC: 1306e | Get or set file attributes (See above)
2018-12-25T12:39:18.826244969Z 62 PC: 13072 | Close file (See above)
2018-12-25T12:39:18.829233084Z 61 PC: 13077 | Open file (See above)
2018-12-25T12:39:18.836531685Z 64 PC: 1308a | Write file or device (See above)
2018-12-25T12:39:18.839415075Z 64 PC: 1309c | Write file or device (See above)
2018-12-25T12:39:18.843423177Z 64 PC: 130b1 | Write file or device (See above)
2018-12-25T12:39:18.84640555Z 66 PC: 130ba | Move file pointer (See above)
2018-12-25T12:39:18.848669784Z 64 PC: 12e64 | Write file or device (See above)
2018-12-25T12:39:18.858969351Z 87 PC: 130d3 | Get or set file date and time (See above)
2018-12-25T12:39:18.861152037Z 62 PC: 130d7 | Close file (See above)
2018-12-25T12:39:18.870028306Z 67 PC: 130e8 | Get or set file attributes (See above)
2018-12-25T12:39:18.882279591Z 79 PC: 12ff0 | Find next file (See above)
2018-12-25T12:39:18.88660894Z 61 PC: 13008 | Open file (See above)
2018-12-25T12:39:18.894441897Z 63 PC: 1301a | Read file or device (See above)
2018-12-25T12:39:18.902850124Z 44 PC: 13054 | Get time (See above)
2018-12-25T12:39:18.906032328Z 67 PC: 1306e | Get or set file attributes (See above)
2018-12-25T12:39:18.917284139Z 62 PC: 13072 | Close file (See above)
2018-12-25T12:39:18.919639752Z 61 PC: 13077 | Open file (See above)
2018-12-25T12:39:18.927517317Z 64 PC: 1308a | Write file or device (See above)
2018-12-25T12:39:18.930623261Z 64 PC: 1309c | Write file or device (See above)
2018-12-25T12:39:18.933771679Z 64 PC: 130b1 | Write file or device (See above)
2018-12-25T12:39:18.937654579Z 66 PC: 130ba | Move file pointer (See above)
2018-12-25T12:39:18.940820969Z 64 PC: 12e64 | Write file or device (See above)
2018-12-25T12:39:18.951518095Z 87 PC: 130d3 | Get or set file date and time (See above)
2018-12-25T12:39:18.954577228Z 62 PC: 130d7 | Close file (See above)
2018-12-25T12:39:18.963697533Z 67 PC: 130e8 | Get or set file attributes (See above)
2018-12-25T12:39:18.975756899Z 53 PC: 13132 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:39:18.978380429Z 37 PC: 13144 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:39:18.979806091Z 73 PC: 1314e | Release memory
2018-12-25T12:39:18.981406489Z 49 PC: 13157 | Terminate and stay resident (Return code = '0' | Memory size = '34')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13890,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:18.694966651Z 71 PC: 12f0f | Get current directory
2018-12-25T12:39:18.698311619Z 59 PC: 12f1a | Change current directory
2018-12-25T12:39:18.704056735Z 26 PC: 12fce | Set disk transfer address
2018-12-25T12:39:18.705038645Z 78 PC: 12fdc | Find first file
2018-12-25T12:39:18.711429556Z 61 PC: 13008 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:18.719782992Z 63 PC: 1301a | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:18.727123255Z 44 PC: 13054 | Get time 0x13054: add dl, dh
0x13056: je 0x13050
0x13058: mov si, 0x115
0x1305b: add si, word ptr [0x106]
0x1305f: mov byte ptr [si], dl
0x13061: mov ax, 0x4301
0x13064: xor cx, cx
0x13066: mov dx, si
0x13068: add dx, 0xb6
0x1306c: int 0x21
0x1306e: mov ah, 0x3e
0x13070: int 0x21
0x13072: mov ax, 0x3d02
0x13075: int 0x21
0x13077: jb 0x13029
0x13079: mov di, dx
0x1307b: add di, 0x5d
0x1307e: stosw word ptr es:[di], ax
0x1307f: xchg ax, bx
0x13080: mov ah, 0x40
2018-12-25T12:39:18.729499658Z 67 PC: 1306e | Get or set file attributes
2018-12-25T12:39:18.748178958Z 62 PC: 13072 | Close file
2018-12-25T12:39:18.750143612Z 61 PC: 13077 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:18.757908671Z 64 PC: 1308a | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:18.761507484Z 64 PC: 1309c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:18.765221857Z 64 PC: 130b1 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:18.767952671Z 66 PC: 130ba | Move file pointer
2018-12-25T12:39:18.770178548Z 64 PC: 12e64 | Write file or device (Write 991 bytes on handle 5)
2018-12-25T12:39:18.780189862Z 87 PC: 130d3 | Get or set file date and time
2018-12-25T12:39:18.781891803Z 62 PC: 130d7 | Close file
2018-12-25T12:39:18.791622545Z 67 PC: 130e8 | Get or set file attributes
2018-12-25T12:39:18.802475904Z 79 PC: 12ff0 | Find next file
2018-12-25T12:39:18.805470132Z 61 PC: 13008 | Open file (See above)
2018-12-25T12:39:18.812970769Z 63 PC: 1301a | Read file or device (See above)
2018-12-25T12:39:18.820470206Z 44 PC: 13054 | Get time (See above)
2018-12-25T12:39:18.822708541Z 67 PC: 1306e | Get or set file attributes (See above)
2018-12-25T12:39:18.833997176Z 62 PC: 13072 | Close file (See above)
2018-12-25T12:39:18.83639697Z 61 PC: 13077 | Open file (See above)
2018-12-25T12:39:18.84375952Z 64 PC: 1308a | Write file or device (See above)
2018-12-25T12:39:18.846709786Z 64 PC: 1309c | Write file or device (See above)
2018-12-25T12:39:18.850800772Z 64 PC: 130b1 | Write file or device (See above)
2018-12-25T12:39:18.853937056Z 66 PC: 130ba | Move file pointer (See above)
2018-12-25T12:39:18.855809643Z 64 PC: 12e64 | Write file or device (See above)
2018-12-25T12:39:18.867143903Z 87 PC: 130d3 | Get or set file date and time (See above)
2018-12-25T12:39:18.869196434Z 62 PC: 130d7 | Close file (See above)
2018-12-25T12:39:18.878099494Z 67 PC: 130e8 | Get or set file attributes (See above)
2018-12-25T12:39:18.890279696Z 79 PC: 12ff0 | Find next file (See above)
2018-12-25T12:39:18.89462862Z 61 PC: 13008 | Open file (See above)
2018-12-25T12:39:18.90241287Z 63 PC: 1301a | Read file or device (See above)
2018-12-25T12:39:18.910644709Z 44 PC: 13054 | Get time (See above)
2018-12-25T12:39:18.91323967Z 67 PC: 1306e | Get or set file attributes (See above)
2018-12-25T12:39:18.922955857Z 62 PC: 13072 | Close file (See above)
2018-12-25T12:39:18.92439813Z 61 PC: 13077 | Open file (See above)
2018-12-25T12:39:18.929351485Z 64 PC: 1308a | Write file or device (See above)
2018-12-25T12:39:18.931151275Z 64 PC: 1309c | Write file or device (See above)
2018-12-25T12:39:18.93291153Z 64 PC: 130b1 | Write file or device (See above)
2018-12-25T12:39:18.93524771Z 66 PC: 130ba | Move file pointer (See above)
2018-12-25T12:39:18.936577926Z 64 PC: 12e64 | Write file or device (See above)
2018-12-25T12:39:18.942347065Z 87 PC: 130d3 | Get or set file date and time (See above)
2018-12-25T12:39:18.944134495Z 62 PC: 130d7 | Close file (See above)
2018-12-25T12:39:18.953089022Z 67 PC: 130e8 | Get or set file attributes (See above)
2018-12-25T12:39:18.96524453Z 53 PC: 13132 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:39:18.967060591Z 37 PC: 13144 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:39:18.968308035Z 73 PC: 1314e | Release memory
2018-12-25T12:39:18.969513284Z 49 PC: 13157 | Terminate and stay resident (Return code = '0' | Memory size = '34')