Sample viewer

vx.netlux.org/Virus.DOS.VirDem.824

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:48.879192182Z 25 PC: 12a82 | Get default drive
2018-12-17T23:04:48.880229737Z 71 PC: 12a94 | Get current directory
2018-12-17T23:04:48.88369651Z 59 PC: 12aac | Change current directory
2018-12-17T23:04:48.887867429Z 78 PC: 12b05 | Find first file
2018-12-17T23:04:48.899443065Z 61 PC: 12b4a | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:04:48.912930765Z 63 PC: 12b58 | Read file or device (Read 768 bytes on handle 5)
2018-12-17T23:04:48.920255012Z 62 PC: 12b0e | Close file
2018-12-17T23:04:48.922616403Z 79 PC: 12b12 | Find next file
2018-12-17T23:04:48.926102535Z 61 PC: 12b4a | Open file (Filename = 'PRINT.COM')
2018-12-17T23:04:48.932980241Z 63 PC: 12b58 | Read file or device (Read 768 bytes on handle 5)
2018-12-17T23:04:48.939605788Z 62 PC: 12b0e | Close file
2018-12-17T23:04:48.942408389Z 79 PC: 12b12 | Find next file
2018-12-17T23:04:48.945207644Z 61 PC: 12b4a | Open file (Filename = 'HELLO.COM')
2018-12-17T23:04:48.952111249Z 63 PC: 12b58 | Read file or device (Read 768 bytes on handle 5)
2018-12-17T23:04:48.959857875Z 62 PC: 12b0e | Close file
2018-12-17T23:04:48.962046411Z 79 PC: 12b12 | Find next file
2018-12-17T23:04:48.964903199Z 61 PC: 12b4a | Open file (Filename = 'PHANG.COM')
2018-12-17T23:04:48.971833654Z 63 PC: 12b58 | Read file or device (Read 768 bytes on handle 5)
2018-12-17T23:04:48.978632332Z 62 PC: 12b0e | Close file
2018-12-17T23:04:48.981380805Z 79 PC: 12b12 | Find next file
2018-12-17T23:04:48.984727091Z 61 PC: 12b4a | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:04:48.992611052Z 63 PC: 12b58 | Read file or device (Read 768 bytes on handle 5)
2018-12-17T23:04:48.999722088Z 62 PC: 12b0e | Close file
2018-12-17T23:04:49.001696497Z 79 PC: 12b12 | Find next file
2018-12-17T23:04:49.005595786Z 61 PC: 12b4a | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:04:49.012806448Z 63 PC: 12b58 | Read file or device (Read 768 bytes on handle 5)
2018-12-17T23:04:49.019861408Z 62 PC: 12b0e | Close file
2018-12-17T23:04:49.022380146Z 79 PC: 12b12 | Find next file
2018-12-17T23:04:49.025389433Z 61 PC: 12b4a | Open file (Filename = 'PAH.COM')
2018-12-17T23:04:49.033125381Z 63 PC: 12b58 | Read file or device (Read 768 bytes on handle 5)
2018-12-17T23:04:49.041026868Z 62 PC: 12b0e | Close file
2018-12-17T23:04:49.043007266Z 79 PC: 12b12 | Find next file
2018-12-17T23:04:49.046636296Z 61 PC: 12b4a | Open file (Filename = 'TEST.COM')
2018-12-17T23:04:49.053694407Z 63 PC: 12b58 | Read file or device (Read 768 bytes on handle 5)
2018-12-17T23:04:49.061702374Z 62 PC: 12b61 | Close file
2018-12-17T23:04:49.063986203Z 62 PC: 12b0e | Close file
2018-12-17T23:04:49.065703895Z 79 PC: 12b12 | Find next file
2018-12-17T23:04:49.068513267Z 59 PC: 12ab7 | Change current directory
2018-12-17T23:04:49.072695605Z 78 PC: 12ac2 | Find first file
2018-12-17T23:04:49.078513551Z 14 PC: 12c87 | Set default drive (Drive = 'A')
2018-12-17T23:04:49.080241049Z 59 PC: 12c8f | Change current directory
2018-12-17T23:04:49.084473759Z 44 PC: 12c51 | Get time 0x12c51: nop
0x12c52: push bx
0x12c53: mov bx, word ptr [0x350]
0x12c57: mov word ptr [0x31c], bx
0x12c5b: pop bx
0x12c5c: mov ah, 0x2a
0x12c5e: int 0x21
0x12c60: cmp cx, 0x7bc
0x12c64: jne 0x12c78
0x12c66: mov ah, 0x40
0x12c68: mov bx, 1
0x12c6b: mov cx, 0x25
0x12c6e: lea dx, word ptr [0x3c8]
0x12c72: int 0x21
0x12c74: mov ah, 0
0x12c76: int 0x21
0x12c78: mov ax, word ptr es:[0xfd00]
0x12c7c: push ax
0x12c7d: ret
0x12c7e: mov ah, 0xe
2018-12-17T23:04:49.08673262Z 42 PC: 12c60 | Get date 0x12c60: cmp cx, 0x7bc
0x12c64: jne 0x12c78
0x12c66: mov ah, 0x40
0x12c68: mov bx, 1
0x12c6b: mov cx, 0x25
0x12c6e: lea dx, word ptr [0x3c8]
0x12c72: int 0x21
0x12c74: mov ah, 0
0x12c76: int 0x21
0x12c78: mov ax, word ptr es:[0xfd00]
0x12c7c: push ax
0x12c7d: ret
0x12c7e: mov ah, 0xe
0x12c80: mov dl, byte ptr cs:[0x3a4]
0x12c85: int 0x21
0x12c87: mov ah, 0x3b
0x12c89: lea dx, word ptr [0x3a5]
0x12c8d: int 0x21
0x12c8f: ret
0x12c90: mov ah, 0x2a
2018-12-17T23:04:49.091347308Z 9 PC: 12cde | Display string (Could not find end pointer)
2018-12-17T23:04:49.096460164Z 9 PC: 12cde | Display string (String= ' Checking ')
2018-12-17T23:04:49.102882912Z 9 PC: 12cde | Display string (String= 'memory block write ')
2018-12-17T23:04:49.226121635Z 9 PC: 12cde | Display string (String= ' ticks: ')
2018-12-17T23:04:49.229395534Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-17T23:04:49.231920723Z 9 PC: 12cde | Display string (String= ' compared to IBM/PC ')
2018-12-17T23:04:49.236945512Z 2 PC: 12c7c | Character output (Char = '31')
2018-12-17T23:04:49.240496147Z 2 PC: 12c7c | Character output (Char = '36')
2018-12-17T23:04:49.244183135Z 2 PC: 12c7c | Character output (Char = '38')
2018-12-17T23:04:49.248644376Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-17T23:04:49.251786742Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-17T23:04:49.254896226Z 2 PC: 12c7c | Character output (Char = '25')
2018-12-17T23:04:49.257754159Z 9 PC: 12cde | Display string (String= ' Checking ')
2018-12-17T23:04:49.263076307Z 9 PC: 12cde | Display string (String= 'register to memory ')
2018-12-17T23:04:49.412698495Z 9 PC: 12cde | Display string (String= ' ticks: ')
2018-12-17T23:04:49.41515915Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-17T23:04:49.417841995Z 9 PC: 12cde | Display string (String= ' compared to IBM/PC ')
2018-12-17T23:04:49.42037423Z 2 PC: 12c7c | Character output (Char = '31')
2018-12-17T23:04:49.422653456Z 2 PC: 12c7c | Character output (Char = '36')
2018-12-17T23:04:49.426683176Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-17T23:04:49.428940782Z 2 PC: 12c7c | Character output (Char = '36')
2018-12-17T23:04:49.430988486Z 2 PC: 12c7c | Character output (Char = '36')
2018-12-17T23:04:49.433554355Z 2 PC: 12c7c | Character output (Char = '25')
2018-12-17T23:04:49.436261298Z 9 PC: 12cde | Display string (String= ' Checking ')
2018-12-17T23:04:49.439210875Z 9 PC: 12cde | Display string (String= 'memory to register ')
2018-12-17T23:04:49.624888471Z 9 PC: 12cde | Display string (String= ' ticks: ')
2018-12-17T23:04:49.62758194Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-17T23:04:49.630608256Z 9 PC: 12cde | Display string (String= ' compared to IBM/PC ')
2018-12-17T23:04:49.634707693Z 2 PC: 12c7c | Character output (Char = '31')
2018-12-17T23:04:49.636509543Z 2 PC: 12c7c | Character output (Char = '36')
2018-12-17T23:04:49.638146415Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-17T23:04:49.639745026Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-17T23:04:49.642031502Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-17T23:04:49.643609362Z 2 PC: 12c7c | Character output (Char = '25')
2018-12-17T23:04:49.645265402Z 9 PC: 12cde | Display string (String= ' Checking ')
2018-12-17T23:04:49.647576113Z 9 PC: 12cde | Display string (String= 'register to register')
2018-12-17T23:04:49.71939978Z 9 PC: 12cde | Display string (String= ' ticks: ')
2018-12-17T23:04:49.721211489Z 2 PC: 12c7c | Character output (Char = '31')
2018-12-17T23:04:49.723640177Z 9 PC: 12cde | Display string (String= ' compared to IBM/PC ')
2018-12-17T23:04:49.726316718Z 2 PC: 12c7c | Character output (Char = '35')
2018-12-17T23:04:49.727982103Z 2 PC: 12c7c | Character output (Char = '35')
2018-12-17T23:04:49.730979448Z 2 PC: 12c7c | Character output (Char = '31')
2018-12-17T23:04:49.732930557Z 2 PC: 12c7c | Character output (Char = '30')
2018-12-17T23:04:49.734633216Z 2 PC: 12c7c | Character output (Char = '30')
2018-12-17T23:04:49.736612759Z 2 PC: 12c7c | Character output (Char = '25')
2018-12-17T23:04:49.739319229Z 9 PC: 12cde | Display string (String= ' Checking ')
2018-12-17T23:04:49.741079716Z 9 PC: 12cde | Display string (String= 'divide by register ')
2018-12-17T23:04:49.773829245Z 9 PC: 12cde | Display string (String= ' ticks: ')
2018-12-17T23:04:49.77666376Z 2 PC: 12c7c | Character output (Char = '31')
2018-12-17T23:04:49.778421649Z 9 PC: 12cde | Display string (String= ' compared to IBM/PC ')
2018-12-17T23:04:49.780619782Z 2 PC: 12c7c | Character output (Char = '35')
2018-12-17T23:04:49.783196037Z 2 PC: 12c7c | Character output (Char = '31')
2018-12-17T23:04:49.78597979Z 2 PC: 12c7c | Character output (Char = '32')
2018-12-17T23:04:49.788760287Z 2 PC: 12c7c | Character output (Char = '30')
2018-12-17T23:04:49.792523098Z 2 PC: 12c7c | Character output (Char = '30')
2018-12-17T23:04:49.795392183Z 2 PC: 12c7c | Character output (Char = '25')
2018-12-17T23:04:49.797812811Z 9 PC: 12cde | Display string (String= ' Checking ')
2018-12-17T23:04:49.801305021Z 9 PC: 12cde | Display string (String= 'divide by memory ')
2018-12-17T23:04:49.855685747Z 9 PC: 12cde | Display string (String= ' ticks: ')
2018-12-17T23:04:49.857511836Z 2 PC: 12c7c | Character output (Char = '31')
2018-12-17T23:04:49.859948677Z 9 PC: 12cde | Display string (String= ' compared to IBM/PC ')
2018-12-17T23:04:49.861709811Z 2 PC: 12c7c | Character output (Char = '36')
2018-12-17T23:04:49.863360469Z 2 PC: 12c7c | Character output (Char = '30')
2018-12-17T23:04:49.865528561Z 2 PC: 12c7c | Character output (Char = '34')
2018-12-17T23:04:49.867225171Z 2 PC: 12c7c | Character output (Char = '30')
2018-12-17T23:04:49.868812539Z 2 PC: 12c7c | Character output (Char = '30')
2018-12-17T23:04:49.870983908Z 2 PC: 12c7c | Character output (Char = '25')
2018-12-17T23:04:49.872565551Z 9 PC: 12cde | Display string (String= ' Checking ')
2018-12-17T23:04:49.874291903Z 9 PC: 12cde | Display string (String= 'multiply by register')
2018-12-17T23:04:49.907170014Z 9 PC: 12cde | Display string (String= ' ticks: ')
2018-12-17T23:04:49.909259405Z 2 PC: 12c7c | Character output (Char = '31')
2018-12-17T23:04:49.911225584Z 9 PC: 12cde | Display string (String= ' compared to IBM/PC ')
2018-12-17T23:04:49.913228124Z 2 PC: 12c7c | Character output (Char = '34')
2018-12-17T23:04:49.915275605Z 2 PC: 12c7c | Character output (Char = '38')
2018-12-17T23:04:49.916998889Z 2 PC: 12c7c | Character output (Char = '31')
2018-12-17T23:04:49.918764662Z 2 PC: 12c7c | Character output (Char = '30')
2018-12-17T23:04:49.921085746Z 2 PC: 12c7c | Character output (Char = '30')
2018-12-17T23:04:49.9228404Z 2 PC: 12c7c | Character output (Char = '25')
2018-12-17T23:04:49.924614061Z 9 PC: 12cde | Display string (String= ' Checking ')
2018-12-17T23:04:49.927157797Z 9 PC: 12cde | Display string (String= 'multiply by memory ')
2018-12-17T23:04:49.952787023Z 9 PC: 12cde | Display string (String= ' ticks: ')
2018-12-17T23:04:49.954584909Z 2 PC: 12c7c | Character output (Char = '31')
2018-12-17T23:04:49.956890259Z 9 PC: 12cde | Display string (String= ' compared to IBM/PC ')
2018-12-17T23:04:49.958651096Z 2 PC: 12c7c | Character output (Char = '35')
2018-12-17T23:04:49.960263584Z 2 PC: 12c7c | Character output (Char = '35')
2018-12-17T23:04:49.962765044Z 2 PC: 12c7c | Character output (Char = '37')
2018-12-17T23:04:49.964947727Z 2 PC: 12c7c | Character output (Char = '30')
2018-12-17T23:04:49.966846559Z 2 PC: 12c7c | Character output (Char = '30')
2018-12-17T23:04:49.969586111Z 2 PC: 12c7c | Character output (Char = '25')
2018-12-17T23:04:49.971380598Z 9 PC: 12cde | Display string (String= ' Checking ')
2018-12-17T23:04:49.976007713Z 9 PC: 12cde | Display string (String= 'stack operations ')
2018-12-17T23:04:50.148495598Z 9 PC: 12cde | Display string (String= ' ticks: ')
2018-12-17T23:04:50.151985847Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-17T23:04:50.154863772Z 9 PC: 12cde | Display string (String= ' compared to IBM/PC ')
2018-12-17T23:04:50.158750866Z 2 PC: 12c7c | Character output (Char = '31')
2018-12-17T23:04:50.161936399Z 2 PC: 12c7c | Character output (Char = '34')
2018-12-17T23:04:50.164492915Z 2 PC: 12c7c | Character output (Char = '38')
2018-12-17T23:04:50.168040183Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-17T23:04:50.171056133Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-17T23:04:50.173715419Z 2 PC: 12c7c | Character output (Char = '25')
2018-12-17T23:04:50.17749588Z 9 PC: 12cde | Display string (String= ' Checking ')
2018-12-17T23:04:50.182727811Z 9 PC: 12cde | Display string (String= 'far jumps, far calls')
2018-12-17T23:04:50.358887897Z 9 PC: 12cde | Display string (String= ' ticks: ')
2018-12-17T23:04:50.361685083Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-17T23:04:50.364343071Z 9 PC: 12cde | Display string (String= ' compared to IBM/PC ')
2018-12-17T23:04:50.367011072Z 2 PC: 12c7c | Character output (Char = '31')
2018-12-17T23:04:50.369563461Z 2 PC: 12c7c | Character output (Char = '37')
2018-12-17T23:04:50.3742699Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-17T23:04:50.376839043Z 2 PC: 12c7c | Character output (Char = '30')
2018-12-17T23:04:50.379308069Z 2 PC: 12c7c | Character output (Char = '30')
2018-12-17T23:04:50.382663453Z 2 PC: 12c7c | Character output (Char = '25')
2018-12-17T23:04:50.385096946Z 9 PC: 12cde | Display string (String= ' Total time is: ')
2018-12-17T23:04:50.387942195Z 2 PC: 12c7c | Character output (Char = '32')
2018-12-17T23:04:50.392172517Z 2 PC: 12c7c | Character output (Char = '30')
2018-12-17T23:04:50.394653736Z 9 PC: 12cde | Display string (String= ' clock ticks, (')
2018-12-17T23:04:50.397290633Z 2 PC: 12c7c | Character output (Char = '31')
2018-12-17T23:04:50.40075472Z 9 PC: 12cde | Display string (String= ' seconds)')
2018-12-17T23:04:50.403553419Z 9 PC: 12cde | Display string (String= ' compared to IBM/PC ')
2018-12-17T23:04:50.408605429Z 2 PC: 12c7c | Character output (Char = '32')
2018-12-17T23:04:50.412192778Z 2 PC: 12c7c | Character output (Char = '35')
2018-12-17T23:04:50.414989809Z 2 PC: 12c7c | Character output (Char = '37')
2018-12-17T23:04:50.418588946Z 2 PC: 12c7c | Character output (Char = '37')
2018-12-17T23:04:50.422685156Z 2 PC: 12c7c | Character output (Char = '35')
2018-12-17T23:04:50.428043764Z 2 PC: 12c7c | Character output (Char = '25')
2018-12-17T23:04:50.430705443Z 9 PC: 12cde | Display string (String= ' ')
2018-12-17T23:04:50.435671567Z 76 PC: 12c3f | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14989,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:19.424209053Z 25 PC: 12a82 | Get default drive
2018-12-25T12:42:19.425818297Z 71 PC: 12a94 | Get current directory
2018-12-25T12:42:19.428543273Z 59 PC: 12aac | Change current directory
2018-12-25T12:42:19.431293201Z 78 PC: 12b05 | Find first file
2018-12-25T12:42:19.438308794Z 61 PC: 12b4a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:19.446637171Z 63 PC: 12b58 | Read file or device (Read 768 bytes on handle 5)
2018-12-25T12:42:19.45077253Z 62 PC: 12b0e | Close file
2018-12-25T12:42:19.452139052Z 79 PC: 12b12 | Find next file
2018-12-25T12:42:19.454911054Z 61 PC: 12b4a | Open file (See above)
2018-12-25T12:42:19.462370407Z 63 PC: 12b58 | Read file or device (See above)
2018-12-25T12:42:19.469347272Z 62 PC: 12b0e | Close file (See above)
2018-12-25T12:42:19.472360684Z 79 PC: 12b12 | Find next file (See above)
2018-12-25T12:42:19.476447996Z 61 PC: 12b4a | Open file (See above)
2018-12-25T12:42:19.483687763Z 63 PC: 12b58 | Read file or device (See above)
2018-12-25T12:42:19.493492164Z 62 PC: 12b0e | Close file (See above)
2018-12-25T12:42:19.495305531Z 79 PC: 12b12 | Find next file (See above)
2018-12-25T12:42:19.498224406Z 61 PC: 12b4a | Open file (See above)
2018-12-25T12:42:19.505795791Z 63 PC: 12b58 | Read file or device (See above)
2018-12-25T12:42:19.513524248Z 62 PC: 12b0e | Close file (See above)
2018-12-25T12:42:19.515458598Z 79 PC: 12b12 | Find next file (See above)
2018-12-25T12:42:19.520349674Z 61 PC: 12b4a | Open file (See above)
2018-12-25T12:42:19.531253748Z 63 PC: 12b58 | Read file or device (See above)
2018-12-25T12:42:19.538220468Z 62 PC: 12b0e | Close file (See above)
2018-12-25T12:42:19.540140104Z 79 PC: 12b12 | Find next file (See above)
2018-12-25T12:42:19.544003855Z 61 PC: 12b4a | Open file (See above)
2018-12-25T12:42:19.550278403Z 63 PC: 12b58 | Read file or device (See above)
2018-12-25T12:42:19.55639766Z 62 PC: 12b0e | Close file (See above)
2018-12-25T12:42:19.564242957Z 79 PC: 12b12 | Find next file (See above)
2018-12-25T12:42:19.566606858Z 61 PC: 12b4a | Open file (See above)
2018-12-25T12:42:19.572533719Z 63 PC: 12b58 | Read file or device (See above)
2018-12-25T12:42:19.581573052Z 62 PC: 12b0e | Close file (See above)
2018-12-25T12:42:19.583664845Z 79 PC: 12b12 | Find next file (See above)
2018-12-25T12:42:19.587923087Z 61 PC: 12b4a | Open file (See above)
2018-12-25T12:42:19.596356355Z 63 PC: 12b58 | Read file or device (See above)
2018-12-25T12:42:19.604493558Z 62 PC: 12b61 | Close file
2018-12-25T12:42:19.606615009Z 62 PC: 12b0e | Close file (See above)
2018-12-25T12:42:19.60833887Z 79 PC: 12b12 | Find next file (See above)
2018-12-25T12:42:19.611193789Z 59 PC: 12ab7 | Change current directory
2018-12-25T12:42:19.615572267Z 78 PC: 12ac2 | Find first file
2018-12-25T12:42:19.621771525Z 14 PC: 12c87 | Set default drive (Drive = 'A')
2018-12-25T12:42:19.623716433Z 59 PC: 12c8f | Change current directory
2018-12-25T12:42:19.628324518Z 44 PC: 12c51 | Get time 0x12c51: nop
0x12c52: push bx
0x12c53: mov bx, word ptr [0x350]
0x12c57: mov word ptr [0x31c], bx
0x12c5b: pop bx
0x12c5c: mov ah, 0x2a
0x12c5e: int 0x21
0x12c60: cmp cx, 0x7bc
0x12c64: jne 0x12c78
0x12c66: mov ah, 0x40
0x12c68: mov bx, 1
0x12c6b: mov cx, 0x25
0x12c6e: lea dx, word ptr [0x3c8]
0x12c72: int 0x21
0x12c74: mov ah, 0
0x12c76: int 0x21
0x12c78: mov ax, word ptr es:[0xfd00]
0x12c7c: push ax
0x12c7d: ret
0x12c7e: mov ah, 0xe
2018-12-25T12:42:19.630589625Z 42 PC: 12c60 | Get date 0x12c60: cmp cx, 0x7bc
0x12c64: jne 0x12c78
0x12c66: mov ah, 0x40
0x12c68: mov bx, 1
0x12c6b: mov cx, 0x25
0x12c6e: lea dx, word ptr [0x3c8]
0x12c72: int 0x21
0x12c74: mov ah, 0
0x12c76: int 0x21
0x12c78: mov ax, word ptr es:[0xfd00]
0x12c7c: push ax
0x12c7d: ret
0x12c7e: mov ah, 0xe
0x12c80: mov dl, byte ptr cs:[0x3a4]
0x12c85: int 0x21
0x12c87: mov ah, 0x3b
0x12c89: lea dx, word ptr [0x3a5]
0x12c8d: int 0x21
0x12c8f: ret
0x12c90: mov ah, 0x2a
2018-12-25T12:42:19.635369018Z 9 PC: 12cde | Display string (Could not find end pointer)
2018-12-25T12:42:19.640931615Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:19.643471785Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:19.765176662Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:19.767684973Z 2 PC: 12c7c | Character output (Char = '33')
2018-12-25T12:42:19.769963034Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:19.774713933Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:19.777186226Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:19.779554588Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:19.782783951Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:19.785171433Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:19.787494074Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:19.790061874Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:19.792805676Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:19.99057532Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:19.993741965Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:19.99646977Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:20.001615814Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.004810033Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.008127944Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.010588221Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.012882656Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.015523105Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.017179323Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:20.019210258Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:20.175849493Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:20.179816823Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.182477125Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:20.18576639Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.188098898Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.190365776Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.193277324Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.195635709Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.197977686Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.200825202Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:20.203882849Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:20.365304035Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:20.368861058Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.373136935Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:20.376395428Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.379412223Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.383482914Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.386511384Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.389457153Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.39333392Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.396022721Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:20.398772429Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:20.449434476Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:20.453132599Z 2 PC: 12c7c | Character output (See above)
2018-12-25T12:42:20.45599548Z 9 PC: 12cde | Display string (See above)
2018-12-25T12:42:20.459865714Z 76 PC: 0 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14989,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:20.150804777Z 25 PC: 12a82 | Get default drive
2018-12-25T12:42:20.15374506Z 71 PC: 12a94 | Get current directory
2018-12-25T12:42:20.15775832Z 59 PC: 12aac | Change current directory
2018-12-25T12:42:20.162373267Z 78 PC: 12b05 | Find first file
2018-12-25T12:42:20.169788206Z 61 PC: 12b4a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:20.178268709Z 63 PC: 12b58 | Read file or device (Read 768 bytes on handle 5)
2018-12-25T12:42:20.186475042Z 62 PC: 12b0e | Close file
2018-12-25T12:42:20.189514063Z 79 PC: 12b12 | Find next file
2018-12-25T12:42:20.193539964Z 61 PC: 12b4a | Open file (See above)
2018-12-25T12:42:20.201910589Z 63 PC: 12b58 | Read file or device (See above)
2018-12-25T12:42:20.20921596Z 62 PC: 12b0e | Close file (See above)
2018-12-25T12:42:20.212941839Z 79 PC: 12b12 | Find next file (See above)
2018-12-25T12:42:20.222617193Z 61 PC: 12b4a | Open file (See above)
2018-12-25T12:42:20.238909024Z 63 PC: 12b58 | Read file or device (See above)
2018-12-25T12:42:20.248343847Z 62 PC: 12b0e | Close file (See above)
2018-12-25T12:42:20.250254981Z 79 PC: 12b12 | Find next file (See above)
2018-12-25T12:42:20.254063861Z 61 PC: 12b4a | Open file (See above)
2018-12-25T12:42:20.262819502Z 63 PC: 12b58 | Read file or device (See above)
2018-12-25T12:42:20.270789061Z 62 PC: 12b0e | Close file (See above)
2018-12-25T12:42:20.273178531Z 79 PC: 12b12 | Find next file (See above)
2018-12-25T12:42:20.277037359Z 61 PC: 12b4a | Open file (See above)
2018-12-25T12:42:20.28442345Z 63 PC: 12b58 | Read file or device (See above)
2018-12-25T12:42:20.292138281Z 62 PC: 12b0e | Close file (See above)
2018-12-25T12:42:20.295317443Z 79 PC: 12b12 | Find next file (See above)
2018-12-25T12:42:20.299125596Z 61 PC: 12b4a | Open file (See above)
2018-12-25T12:42:20.306882945Z 63 PC: 12b58 | Read file or device (See above)
2018-12-25T12:42:20.315261891Z 62 PC: 12b0e | Close file (See above)
2018-12-25T12:42:20.31789355Z 79 PC: 12b12 | Find next file (See above)
2018-12-25T12:42:20.321319904Z 61 PC: 12b4a | Open file (See above)
2018-12-25T12:42:20.329394364Z 63 PC: 12b58 | Read file or device (See above)
2018-12-25T12:42:20.33727792Z 62 PC: 12b0e | Close file (See above)
2018-12-25T12:42:20.339360802Z 79 PC: 12b12 | Find next file (See above)
2018-12-25T12:42:20.342770331Z 61 PC: 12b4a | Open file (See above)
2018-12-25T12:42:20.35223909Z 63 PC: 12b58 | Read file or device (See above)
2018-12-25T12:42:20.361747965Z 62 PC: 12b61 | Close file
2018-12-25T12:42:20.36907023Z 62 PC: 12b0e | Close file (See above)
2018-12-25T12:42:20.372631036Z 79 PC: 12b12 | Find next file (See above)
2018-12-25T12:42:20.375737962Z 59 PC: 12ab7 | Change current directory
2018-12-25T12:42:20.380610917Z 78 PC: 12ac2 | Find first file
2018-12-25T12:42:20.38910757Z 14 PC: 12c87 | Set default drive (Drive = 'A')
2018-12-25T12:42:20.390613896Z 59 PC: 12c8f | Change current directory
2018-12-25T12:42:20.39531208Z 44 PC: 12c51 | Get time 0x12c51: nop
0x12c52: push bx
0x12c53: mov bx, word ptr [0x350]
0x12c57: mov word ptr [0x31c], bx
0x12c5b: pop bx
0x12c5c: mov ah, 0x2a
0x12c5e: int 0x21
0x12c60: cmp cx, 0x7bc
0x12c64: jne 0x12c78
0x12c66: mov ah, 0x40
0x12c68: mov bx, 1
0x12c6b: mov cx, 0x25
0x12c6e: lea dx, word ptr [0x3c8]
0x12c72: int 0x21
0x12c74: mov ah, 0
0x12c76: int 0x21
0x12c78: mov ax, word ptr es:[0xfd00]
0x12c7c: push ax
0x12c7d: ret
0x12c7e: mov ah, 0xe
2018-12-25T12:42:20.398779696Z 42 PC: 12c60 | Get date 0x12c60: cmp cx, 0x7bc
0x12c64: jne 0x12c78
0x12c66: mov ah, 0x40
0x12c68: mov bx, 1
0x12c6b: mov cx, 0x25
0x12c6e: lea dx, word ptr [0x3c8]
0x12c72: int 0x21
0x12c74: mov ah, 0
0x12c76: int 0x21
0x12c78: mov ax, word ptr es:[0xfd00]
0x12c7c: push ax
0x12c7d: ret
0x12c7e: mov ah, 0xe
0x12c80: mov dl, byte ptr cs:[0x3a4]
0x12c85: int 0x21
0x12c87: mov ah, 0x3b
0x12c89: lea dx, word ptr [0x3a5]
0x12c8d: int 0x21
0x12c8f: ret
0x12c90: mov ah, 0x2a
2018-12-25T12:42:20.4015024Z 64 PC: 12c74 | Write file or device (Write 37 bytes on handle 1)
2018-12-25T12:42:20.411662204Z 0 PC: 12c78 | Program terminate