Sample viewer

vx.netlux.org/Virus.DOS.DIW.386

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:26.630763538Z 47 PC: 12ab9 | Get disk transfer address
2018-12-17T23:10:26.63183575Z 26 PC: 12ac7 | Set disk transfer address
2018-12-17T23:10:26.633476622Z 78 PC: 12b63 | Find first file
2018-12-17T23:10:26.64009055Z 47 PC: 12b69 | Get disk transfer address
2018-12-17T23:10:26.64154961Z 61 PC: 12af8 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:26.648590477Z 63 PC: 12b06 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:10:26.654786763Z 66 PC: 12b31 | Move file pointer
2018-12-17T23:10:26.655974333Z 64 PC: 12b3a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:26.659032134Z 66 PC: 12b46 | Move file pointer
2018-12-17T23:10:26.660416924Z 64 PC: 12b52 | Write file or device (Write 386 bytes on handle 5)
2018-12-17T23:10:26.674783278Z 62 PC: 12b59 | Close file
2018-12-17T23:10:26.700293908Z 79 PC: 12b7f | Find next file
2018-12-17T23:10:26.703562601Z 61 PC: 12af8 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:10:26.7097761Z 63 PC: 12b06 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:10:26.716537229Z 66 PC: 12b31 | Move file pointer
2018-12-17T23:10:26.718261283Z 64 PC: 12b3a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:26.720828074Z 66 PC: 12b46 | Move file pointer
2018-12-17T23:10:26.729157805Z 64 PC: 12b52 | Write file or device (Write 386 bytes on handle 5)
2018-12-17T23:10:26.73179637Z 62 PC: 12b59 | Close file
2018-12-17T23:10:26.745865212Z 79 PC: 12b7f | Find next file
2018-12-17T23:10:26.74926043Z 61 PC: 12af8 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:10:26.755613913Z 63 PC: 12b06 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:10:26.761883347Z 66 PC: 12b31 | Move file pointer
2018-12-17T23:10:26.763657218Z 64 PC: 12b3a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:26.766503015Z 66 PC: 12b46 | Move file pointer
2018-12-17T23:10:26.768005172Z 64 PC: 12b52 | Write file or device (Write 386 bytes on handle 5)
2018-12-17T23:10:26.771232061Z 62 PC: 12b59 | Close file
2018-12-17T23:10:26.777907126Z 79 PC: 12b7f | Find next file
2018-12-17T23:10:26.780486754Z 61 PC: 12af8 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:10:26.787143825Z 63 PC: 12b06 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:10:26.793711902Z 66 PC: 12b31 | Move file pointer
2018-12-17T23:10:26.794974279Z 64 PC: 12b3a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:26.797558411Z 66 PC: 12b46 | Move file pointer
2018-12-17T23:10:26.799622564Z 64 PC: 12b52 | Write file or device (Write 386 bytes on handle 5)
2018-12-17T23:10:26.802361703Z 62 PC: 12b59 | Close file
2018-12-17T23:10:26.810235646Z 79 PC: 12b7f | Find next file
2018-12-17T23:10:26.813903423Z 61 PC: 12af8 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:10:26.820277599Z 63 PC: 12b06 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:10:26.826629859Z 66 PC: 12b31 | Move file pointer
2018-12-17T23:10:26.828850057Z 64 PC: 12b3a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:26.83141846Z 66 PC: 12b46 | Move file pointer
2018-12-17T23:10:26.834193951Z 64 PC: 12b52 | Write file or device (Write 386 bytes on handle 5)
2018-12-17T23:10:26.837717437Z 62 PC: 12b59 | Close file
2018-12-17T23:10:26.845726772Z 79 PC: 12b7f | Find next file
2018-12-17T23:10:26.84833378Z 61 PC: 12af8 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:10:26.855545597Z 63 PC: 12b06 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:10:26.86198638Z 66 PC: 12b31 | Move file pointer
2018-12-17T23:10:26.863378068Z 64 PC: 12b3a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:26.867409791Z 66 PC: 12b46 | Move file pointer
2018-12-17T23:10:26.86877716Z 64 PC: 12b52 | Write file or device (Write 386 bytes on handle 5)
2018-12-17T23:10:26.87676138Z 62 PC: 12b59 | Close file
2018-12-17T23:10:26.885625527Z 79 PC: 12b7f | Find next file
2018-12-17T23:10:26.896794403Z 61 PC: 12af8 | Open file (Filename = 'PAH.COM')
2018-12-17T23:10:26.903961481Z 63 PC: 12b06 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:10:26.911437771Z 66 PC: 12b31 | Move file pointer
2018-12-17T23:10:26.916101919Z 64 PC: 12b3a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:26.919247383Z 66 PC: 12b46 | Move file pointer
2018-12-17T23:10:26.920740299Z 64 PC: 12b52 | Write file or device (Write 386 bytes on handle 5)
2018-12-17T23:10:26.924823918Z 62 PC: 12b59 | Close file
2018-12-17T23:10:26.93319117Z 79 PC: 12b7f | Find next file
2018-12-17T23:10:26.935718637Z 61 PC: 12af8 | Open file (Filename = 'TEST.COM')
2018-12-17T23:10:26.94307692Z 63 PC: 12b06 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:10:26.946419852Z 62 PC: 12b59 | Close file
2018-12-17T23:10:26.948562571Z 79 PC: 12b7f | Find next file
2018-12-17T23:10:26.95276346Z 42 PC: 12b88 | Get date 0x12b88: cmp dh, dl
0x12b8a: je 0x12b8f
0x12b8c: jmp 0x12b9a
0x12b8e: nop
0x12b8f: mov ah, 0x2c
0x12b91: int 0x21
0x12b93: cmp ch, cl
0x12b95: jne 0x12b9a
0x12b97: call 0x12b9b
0x12b9a: ret
0x12b9b: mov dx, di
0x12b9d: add dx, 0xe
0x12ba0: mov ah, 0x4e
0x12ba2: mov cx, 0xef
0x12ba5: int 0x21
0x12ba7: jb 0x12bbc
0x12ba9: mov ah, 0x2f
0x12bab: int 0x21
0x12bad: mov dx, bx
0x12baf: mov bx, dx
2018-12-17T23:10:26.955116777Z 78 PC: 12be2 | Find first file
2018-12-17T23:10:26.960615317Z 26 PC: 12adc | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16856,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:06.188977807Z 64 PC: 0 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:54:06.195993134Z 41 PC: 94fae | Parse filename
2018-12-25T12:54:06.20153375Z 41 PC: 9502f | Parse filename
2018-12-25T12:54:06.203478407Z 41 PC: 9504c | Parse filename
2018-12-25T12:54:06.208578286Z 26 PC: 984f7 | Set disk transfer address
2018-12-25T12:54:06.211730929Z 71 PC: 986f3 | Get current directory
2018-12-25T12:54:06.215120102Z 78 PC: 986fe | Find first file
2018-12-25T12:54:06.226471157Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T12:54:06.2294826Z 78 PC: 986fe | Find first file (See above)
2018-12-25T12:54:06.241303296Z 64 PC: 9a848 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T12:54:06.247100316Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:54:06.24924091Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:54:06.250599117Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:06.25189241Z 62 PC: 122ab | Close file
2018-12-25T12:54:06.253823931Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:54:06.255876725Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:54:06.257702033Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:54:06.259381792Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:54:06.26141663Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:54:06.263039843Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:54:06.264675636Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:54:06.267170256Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:54:06.268789435Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:54:06.270507078Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:54:06.272691063Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:54:06.274392509Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:54:06.276199722Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:54:06.278430303Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:54:06.280664393Z 99 PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T12:54:06.282107159Z 56 PC: 94df9 | Get or set country info
2018-12-25T12:54:06.284396445Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:54:06.2896443Z 25 PC: 94e62 | Get default drive
2018-12-25T12:54:06.291142859Z 71 PC: 970dd | Get current directory
2018-12-25T12:54:06.295957356Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:54:06.299702155Z 2 PC: 970b2 | Character output (Char = '3e')
2018-12-25T12:54:06.302102918Z 93 PC: 94f20 | File sharing functions
2018-12-25T12:54:06.303811078Z 93 PC: 94f27 | File sharing functions
2018-12-25T12:54:06.306514497Z 10 PC: 94f39 | Buffered keyboard input
2018-12-25T12:54:21.235871532Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:54:22.591731325Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:54:22.694417563Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:54:22.70160105Z 41 PC: 94fae | Parse filename (See above)
2018-12-25T12:54:22.708998717Z 41 PC: 9502f | Parse filename (See above)
2018-12-25T12:54:22.711836365Z 41 PC: 9504c | Parse filename (See above)
2018-12-25T12:54:22.714059678Z 26 PC: 984f7 | Set disk transfer address (See above)
2018-12-25T12:54:22.716761985Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T12:54:22.725287737Z 78 PC: 986fe | Find first file (See above)
2018-12-25T12:54:22.742972875Z 71 PC: 9856c | Get current directory
2018-12-25T12:54:22.746794734Z 73 PC: 97c09 | Release memory
2018-12-25T12:54:22.748653868Z 75 PC: 11821 | Execute program
2018-12-25T12:54:22.764010844Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T12:54:22.769625076Z 76 PC: 12a4b | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16856,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:06.225906404Z 47 PC: 12ab9 | Get disk transfer address
2018-12-25T12:54:06.227368449Z 26 PC: 12ac7 | Set disk transfer address
2018-12-25T12:54:06.228762455Z 78 PC: 12b63 | Find first file
2018-12-25T12:54:06.23532317Z 47 PC: 12b69 | Get disk transfer address
2018-12-25T12:54:06.236665772Z 61 PC: 12af8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:06.241594345Z 63 PC: 12b06 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:06.245921091Z 66 PC: 12b31 | Move file pointer
2018-12-25T12:54:06.247227687Z 64 PC: 12b3a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:06.249993477Z 66 PC: 12b46 | Move file pointer
2018-12-25T12:54:06.251222322Z 64 PC: 12b52 | Write file or device (Write 386 bytes on handle 5)
2018-12-25T12:54:06.423194128Z 62 PC: 12b59 | Close file
2018-12-25T12:54:06.434814499Z 79 PC: 12b7f | Find next file
2018-12-25T12:54:06.439301867Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.448558048Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.457548698Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.460065471Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.463292642Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.466084744Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.470387885Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.479234686Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.483872806Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.492238283Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.500298731Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.502230218Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.506502422Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.508904297Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.512342709Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.521574392Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.524878595Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.53372782Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.541897461Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.544635449Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.547887463Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.549788385Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.555166758Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.564906639Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.568911382Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.577053751Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.584350807Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.58604197Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.589448431Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.591816623Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.5951288Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.604367588Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.608035358Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.615814045Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.623385049Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.626410511Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.629777835Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.631746002Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.642174265Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.65149077Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.654870146Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.663413626Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.670595403Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.672139842Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.675586406Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.677027277Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.679831423Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.688647144Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.691552481Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.70049259Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.705380768Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.707710452Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.710863562Z 42 PC: 12b88 | Get date 0x12b88: cmp dh, dl
0x12b8a: je 0x12b8f
0x12b8c: jmp 0x12b9a
0x12b8e: nop
0x12b8f: mov ah, 0x2c
0x12b91: int 0x21
0x12b93: cmp ch, cl
0x12b95: jne 0x12b9a
0x12b97: call 0x12b9b
0x12b9a: ret
0x12b9b: mov dx, di
0x12b9d: add dx, 0xe
0x12ba0: mov ah, 0x4e
0x12ba2: mov cx, 0xef
0x12ba5: int 0x21
0x12ba7: jb 0x12bbc
0x12ba9: mov ah, 0x2f
0x12bab: int 0x21
0x12bad: mov dx, bx
0x12baf: mov bx, dx
2018-12-25T12:54:06.713770263Z 78 PC: 12be2 | Find first file
2018-12-25T12:54:06.721244651Z 26 PC: 12adc | Set disk transfer address

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16856,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:06.365996966Z 47 PC: 12ab9 | Get disk transfer address
2018-12-25T12:54:06.367480836Z 26 PC: 12ac7 | Set disk transfer address
2018-12-25T12:54:06.368566145Z 78 PC: 12b63 | Find first file
2018-12-25T12:54:06.374424287Z 47 PC: 12b69 | Get disk transfer address
2018-12-25T12:54:06.376053004Z 61 PC: 12af8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:06.38271435Z 63 PC: 12b06 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:06.389122962Z 66 PC: 12b31 | Move file pointer
2018-12-25T12:54:06.390561384Z 64 PC: 12b3a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:06.393340866Z 66 PC: 12b46 | Move file pointer
2018-12-25T12:54:06.394659504Z 64 PC: 12b52 | Write file or device (Write 386 bytes on handle 5)
2018-12-25T12:54:06.409278652Z 62 PC: 12b59 | Close file
2018-12-25T12:54:06.416720404Z 79 PC: 12b7f | Find next file
2018-12-25T12:54:06.41921573Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.424096993Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.42860595Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.429925472Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.433145696Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.434848046Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.43726654Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.445276058Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.450505471Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.457145376Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.463285583Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.464929223Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.46741478Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.468604369Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.471375163Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.47875465Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.481153176Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.488168014Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.494195729Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.495403635Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.497857502Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.499433154Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.501753881Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.509220091Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.511892776Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.518096455Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.52414141Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.527494167Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.52983428Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.530996067Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.533463131Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.54052571Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.543041674Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.550030677Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.556582454Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.558202453Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.561716284Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.563126228Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.571350185Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.580164567Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.582734816Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.589033868Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.595933096Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.597176265Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.599621653Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.60132676Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.603834087Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.611189832Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.614359588Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.620675872Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.623030756Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.634169567Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.636465344Z 42 PC: 12b88 | Get date 0x12b88: cmp dh, dl
0x12b8a: je 0x12b8f
0x12b8c: jmp 0x12b9a
0x12b8e: nop
0x12b8f: mov ah, 0x2c
0x12b91: int 0x21
0x12b93: cmp ch, cl
0x12b95: jne 0x12b9a
0x12b97: call 0x12b9b
0x12b9a: ret
0x12b9b: mov dx, di
0x12b9d: add dx, 0xe
0x12ba0: mov ah, 0x4e
0x12ba2: mov cx, 0xef
0x12ba5: int 0x21
0x12ba7: jb 0x12bbc
0x12ba9: mov ah, 0x2f
0x12bab: int 0x21
0x12bad: mov dx, bx
0x12baf: mov bx, dx
2018-12-25T12:54:06.638505653Z 78 PC: 12be2 | Find first file
2018-12-25T12:54:06.644915389Z 26 PC: 12adc | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16856,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:06.459066619Z 47 PC: 12ab9 | Get disk transfer address
2018-12-25T12:54:06.460525921Z 26 PC: 12ac7 | Set disk transfer address
2018-12-25T12:54:06.461467511Z 78 PC: 12b63 | Find first file
2018-12-25T12:54:06.467009988Z 47 PC: 12b69 | Get disk transfer address
2018-12-25T12:54:06.468407268Z 61 PC: 12af8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:06.474474082Z 63 PC: 12b06 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:06.480362871Z 66 PC: 12b31 | Move file pointer
2018-12-25T12:54:06.481848136Z 64 PC: 12b3a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:06.48444417Z 66 PC: 12b46 | Move file pointer
2018-12-25T12:54:06.485599706Z 64 PC: 12b52 | Write file or device (Write 386 bytes on handle 5)
2018-12-25T12:54:06.49965532Z 62 PC: 12b59 | Close file
2018-12-25T12:54:06.507529421Z 79 PC: 12b7f | Find next file
2018-12-25T12:54:06.510108886Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.516755565Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.522877298Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.52430282Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.527148077Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.534342178Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.537230654Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.544798263Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.548139745Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.554539104Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.560699789Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.562566775Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.565230228Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.566478538Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.569621674Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.577298646Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.580213069Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.588165433Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.594767811Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.596195801Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.598584458Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.600095376Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.603196365Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.611286903Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.614337281Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.6205695Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.627137273Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.628654783Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.63113918Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.63279226Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.635280177Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.642519267Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.645562775Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.652622015Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.658072694Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.659876999Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.661864251Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.663199328Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.668837259Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.674227541Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.676694727Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.681560288Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.685595963Z 66 PC: 12b31 | Move file pointer (See above)
2018-12-25T12:54:06.686449609Z 64 PC: 12b3a | Write file or device (See above)
2018-12-25T12:54:06.688552918Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:54:06.689592299Z 64 PC: 12b52 | Write file or device (See above)
2018-12-25T12:54:06.691180492Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.696846Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.69862154Z 61 PC: 12af8 | Open file (See above)
2018-12-25T12:54:06.704722102Z 63 PC: 12b06 | Read file or device (See above)
2018-12-25T12:54:06.707410884Z 62 PC: 12b59 | Close file (See above)
2018-12-25T12:54:06.708921615Z 79 PC: 12b7f | Find next file (See above)
2018-12-25T12:54:06.711051607Z 42 PC: 12b88 | Get date 0x12b88: cmp dh, dl
0x12b8a: je 0x12b8f
0x12b8c: jmp 0x12b9a
0x12b8e: nop
0x12b8f: mov ah, 0x2c
0x12b91: int 0x21
0x12b93: cmp ch, cl
0x12b95: jne 0x12b9a
0x12b97: call 0x12b9b
0x12b9a: ret
0x12b9b: mov dx, di
0x12b9d: add dx, 0xe
0x12ba0: mov ah, 0x4e
0x12ba2: mov cx, 0xef
0x12ba5: int 0x21
0x12ba7: jb 0x12bbc
0x12ba9: mov ah, 0x2f
0x12bab: int 0x21
0x12bad: mov dx, bx
0x12baf: mov bx, dx
2018-12-25T12:54:06.713237578Z 44 PC: 12b93 | Get time 0x12b93: cmp ch, cl
0x12b95: jne 0x12b9a
0x12b97: call 0x12b9b
0x12b9a: ret
0x12b9b: mov dx, di
0x12b9d: add dx, 0xe
0x12ba0: mov ah, 0x4e
0x12ba2: mov cx, 0xef
0x12ba5: int 0x21
0x12ba7: jb 0x12bbc
0x12ba9: mov ah, 0x2f
0x12bab: int 0x21
0x12bad: mov dx, bx
0x12baf: mov bx, dx
0x12bb1: push dx
0x12bb2: add bx, 0x1e
0x12bb5: mov dx, bx
0x12bb7: mov ah, 0x41
0x12bb9: int 0x21
0x12bbb: pop dx
2018-12-25T12:54:06.715170417Z 78 PC: 12be2 | Find first file
2018-12-25T12:54:06.720912992Z 26 PC: 12adc | Set disk transfer address