Sample viewer

vx.netlux.org/Virus.DOS.Dark.1016

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:47.591679097Z 42 PC: 12a73 | Get date 0x12a73: cmp al, 1
0x12a75: jne 0x12a9f
0x12a77: cmp dl, 0x10
0x12a7a: jne 0x12a9f
0x12a7c: mov ah, 0x19
0x12a7e: int 0x21
0x12a80: lea bx, word ptr [bp + 0x2b7]
0x12a84: mov cx, 1
0x12a87: xor dx, dx
0x12a89: int 0x26
0x12a8b: jb 0x12a8e
0x12a8d: popf
0x12a8e: lea dx, word ptr [bp + 0x2e7]
0x12a92: mov ah, 9
0x12a94: int 0x21
0x12a96: int 5
0x12a98: xor ah, ah
0x12a9a: int 0x16
0x12a9c: jmp 0x12cf7
0x12a9f: lea si, word ptr [bp + 0x468]
2018-12-17T23:11:47.594231231Z 71 PC: 12aa9 | Get current directory
2018-12-17T23:11:47.596925808Z 71 PC: 12ab3 | Get current directory
2018-12-17T23:11:47.602052683Z 47 PC: 12b21 | Get disk transfer address
2018-12-17T23:11:47.604230751Z 26 PC: 12b33 | Set disk transfer address
2018-12-17T23:11:47.607074138Z 78 PC: 12b40 | Find first file
2018-12-17T23:11:47.636053715Z 78 PC: 12c50 | Find first file
2018-12-17T23:11:47.641920079Z 67 PC: 12c69 | Get or set file attributes
2018-12-17T23:11:47.65886292Z 61 PC: 12c80 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:11:47.665960155Z 63 PC: 12c8d | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:11:47.672590591Z 66 PC: 12c44 | Move file pointer
2018-12-17T23:11:47.674881594Z 63 PC: 12caf | Read file or device (Read 15 bytes on handle 5)
2018-12-17T23:11:47.677796209Z 66 PC: 12cb8 | Move file pointer
2018-12-17T23:11:47.67957739Z 64 PC: 12cce | Write file or device (Write 1016 bytes on handle 5)
2018-12-17T23:11:47.689941889Z 66 PC: 12c44 | Move file pointer
2018-12-17T23:11:47.691864254Z 64 PC: 12cdc | Write file or device (Write 15 bytes on handle 5)
2018-12-17T23:11:47.698608216Z 62 PC: 12ce1 | Close file
2018-12-17T23:11:47.708174132Z 67 PC: 12c3a | Get or set file attributes
2018-12-17T23:11:47.713494361Z 79 PC: 12c59 | Find next file
2018-12-17T23:11:47.716394864Z 67 PC: 12c69 | Get or set file attributes
2018-12-17T23:11:47.727079016Z 61 PC: 12c80 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:11:47.734506045Z 63 PC: 12c8d | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:11:47.741005548Z 66 PC: 12c44 | Move file pointer
2018-12-17T23:11:47.742744807Z 63 PC: 12caf | Read file or device (Read 15 bytes on handle 5)
2018-12-17T23:11:47.747932247Z 66 PC: 12cb8 | Move file pointer
2018-12-17T23:11:47.749635684Z 64 PC: 12cce | Write file or device (Write 1016 bytes on handle 5)
2018-12-17T23:11:47.758408703Z 66 PC: 12c44 | Move file pointer
2018-12-17T23:11:47.760543341Z 64 PC: 12cdc | Write file or device (Write 15 bytes on handle 5)
2018-12-17T23:11:47.767085939Z 62 PC: 12ce1 | Close file
2018-12-17T23:11:47.775358136Z 67 PC: 12c3a | Get or set file attributes
2018-12-17T23:11:47.78127238Z 79 PC: 12c59 | Find next file
2018-12-17T23:11:47.784334382Z 67 PC: 12c69 | Get or set file attributes
2018-12-17T23:11:47.79451139Z 61 PC: 12c80 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:11:47.802018854Z 63 PC: 12c8d | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:11:47.808619259Z 66 PC: 12c44 | Move file pointer
2018-12-17T23:11:47.810256229Z 63 PC: 12caf | Read file or device (Read 15 bytes on handle 5)
2018-12-17T23:11:47.81374944Z 66 PC: 12cb8 | Move file pointer
2018-12-17T23:11:47.815566751Z 64 PC: 12cce | Write file or device (Write 1016 bytes on handle 5)
2018-12-17T23:11:47.824646039Z 66 PC: 12c44 | Move file pointer
2018-12-17T23:11:47.827281153Z 64 PC: 12cdc | Write file or device (Write 15 bytes on handle 5)
2018-12-17T23:11:47.834344183Z 62 PC: 12ce1 | Close file
2018-12-17T23:11:47.842675384Z 67 PC: 12c3a | Get or set file attributes
2018-12-17T23:11:47.8486949Z 26 PC: 12cf4 | Set disk transfer address
2018-12-17T23:11:47.850081151Z 59 PC: 12ad1 | Change current directory
2018-12-17T23:11:47.854441438Z 59 PC: 12add | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17307,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:20.911936131Z 42 PC: 12a73 | Get date 0x12a73: cmp al, 1
0x12a75: jne 0x12a9f
0x12a77: cmp dl, 0x10
0x12a7a: jne 0x12a9f
0x12a7c: mov ah, 0x19
0x12a7e: int 0x21
0x12a80: lea bx, word ptr [bp + 0x2b7]
0x12a84: mov cx, 1
0x12a87: xor dx, dx
0x12a89: int 0x26
0x12a8b: jb 0x12a8e
0x12a8d: popf
0x12a8e: lea dx, word ptr [bp + 0x2e7]
0x12a92: mov ah, 9
0x12a94: int 0x21
0x12a96: int 5
0x12a98: xor ah, ah
0x12a9a: int 0x16
0x12a9c: jmp 0x12cf7
0x12a9f: lea si, word ptr [bp + 0x468]
2018-12-25T12:55:20.914563471Z 71 PC: 12aa9 | Get current directory
2018-12-25T12:55:20.917236872Z 71 PC: 12ab3 | Get current directory
2018-12-25T12:55:20.919875786Z 47 PC: 12b21 | Get disk transfer address
2018-12-25T12:55:20.921215605Z 26 PC: 12b33 | Set disk transfer address
2018-12-25T12:55:20.92223194Z 78 PC: 12b40 | Find first file
2018-12-25T12:55:20.928649513Z 78 PC: 12c50 | Find first file
2018-12-25T12:55:20.934414467Z 67 PC: 12c69 | Get or set file attributes
2018-12-25T12:55:20.953875244Z 61 PC: 12c80 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:20.965095792Z 63 PC: 12c8d | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:55:20.971168286Z 66 PC: 12c44 | Move file pointer
2018-12-25T12:55:20.972754968Z 63 PC: 12caf | Read file or device (Read 15 bytes on handle 5)
2018-12-25T12:55:20.975112174Z 66 PC: 12cb8 | Move file pointer
2018-12-25T12:55:20.976770179Z 64 PC: 12cce | Write file or device (Write 1016 bytes on handle 5)
2018-12-25T12:55:20.985252545Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:20.986504536Z 64 PC: 12cdc | Write file or device (Write 15 bytes on handle 5)
2018-12-25T12:55:20.992801774Z 62 PC: 12ce1 | Close file
2018-12-25T12:55:21.001966633Z 67 PC: 12c3a | Get or set file attributes
2018-12-25T12:55:21.008170005Z 79 PC: 12c59 | Find next file
2018-12-25T12:55:21.010911915Z 67 PC: 12c69 | Get or set file attributes (See above)
2018-12-25T12:55:21.020923006Z 61 PC: 12c80 | Open file (See above)
2018-12-25T12:55:21.027935268Z 63 PC: 12c8d | Read file or device (See above)
2018-12-25T12:55:21.034031439Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:21.035614729Z 63 PC: 12caf | Read file or device (See above)
2018-12-25T12:55:21.03783846Z 66 PC: 12cb8 | Move file pointer (See above)
2018-12-25T12:55:21.039022542Z 64 PC: 12cce | Write file or device (See above)
2018-12-25T12:55:21.047657531Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:21.048965024Z 64 PC: 12cdc | Write file or device (See above)
2018-12-25T12:55:21.055148865Z 62 PC: 12ce1 | Close file (See above)
2018-12-25T12:55:21.063577853Z 67 PC: 12c3a | Get or set file attributes (See above)
2018-12-25T12:55:21.068380475Z 79 PC: 12c59 | Find next file (See above)
2018-12-25T12:55:21.070869215Z 67 PC: 12c69 | Get or set file attributes (See above)
2018-12-25T12:55:21.080971446Z 61 PC: 12c80 | Open file (See above)
2018-12-25T12:55:21.087401261Z 63 PC: 12c8d | Read file or device (See above)
2018-12-25T12:55:21.093883536Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:21.096522665Z 63 PC: 12caf | Read file or device (See above)
2018-12-25T12:55:21.098954114Z 66 PC: 12cb8 | Move file pointer (See above)
2018-12-25T12:55:21.100267049Z 64 PC: 12cce | Write file or device (See above)
2018-12-25T12:55:21.109104807Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:21.110436959Z 64 PC: 12cdc | Write file or device (See above)
2018-12-25T12:55:21.116654926Z 62 PC: 12ce1 | Close file (See above)
2018-12-25T12:55:21.142416975Z 67 PC: 12c3a | Get or set file attributes (See above)
2018-12-25T12:55:21.147085918Z 26 PC: 12cf4 | Set disk transfer address
2018-12-25T12:55:21.148099824Z 59 PC: 12ad1 | Change current directory
2018-12-25T12:55:21.152485308Z 59 PC: 12add | Change current directory

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17307,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:21.225933279Z 42 PC: 12a73 | Get date 0x12a73: cmp al, 1
0x12a75: jne 0x12a9f
0x12a77: cmp dl, 0x10
0x12a7a: jne 0x12a9f
0x12a7c: mov ah, 0x19
0x12a7e: int 0x21
0x12a80: lea bx, word ptr [bp + 0x2b7]
0x12a84: mov cx, 1
0x12a87: xor dx, dx
0x12a89: int 0x26
0x12a8b: jb 0x12a8e
0x12a8d: popf
0x12a8e: lea dx, word ptr [bp + 0x2e7]
0x12a92: mov ah, 9
0x12a94: int 0x21
0x12a96: int 5
0x12a98: xor ah, ah
0x12a9a: int 0x16
0x12a9c: jmp 0x12cf7
0x12a9f: lea si, word ptr [bp + 0x468]
2018-12-25T12:55:21.233991799Z 71 PC: 12aa9 | Get current directory
2018-12-25T12:55:21.236633978Z 71 PC: 12ab3 | Get current directory
2018-12-25T12:55:21.24000259Z 47 PC: 12b21 | Get disk transfer address
2018-12-25T12:55:21.241548439Z 26 PC: 12b33 | Set disk transfer address
2018-12-25T12:55:21.242581495Z 78 PC: 12b40 | Find first file
2018-12-25T12:55:21.24806879Z 78 PC: 12c50 | Find first file
2018-12-25T12:55:21.253928376Z 67 PC: 12c69 | Get or set file attributes
2018-12-25T12:55:21.272810144Z 61 PC: 12c80 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:21.283950076Z 63 PC: 12c8d | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:55:21.290463174Z 66 PC: 12c44 | Move file pointer
2018-12-25T12:55:21.292474083Z 63 PC: 12caf | Read file or device (Read 15 bytes on handle 5)
2018-12-25T12:55:21.294737258Z 66 PC: 12cb8 | Move file pointer
2018-12-25T12:55:21.29591275Z 64 PC: 12cce | Write file or device (Write 1016 bytes on handle 5)
2018-12-25T12:55:21.304836341Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:21.306164963Z 64 PC: 12cdc | Write file or device (Write 15 bytes on handle 5)
2018-12-25T12:55:21.313546337Z 62 PC: 12ce1 | Close file
2018-12-25T12:55:21.321972252Z 67 PC: 12c3a | Get or set file attributes
2018-12-25T12:55:21.326550658Z 79 PC: 12c59 | Find next file
2018-12-25T12:55:21.328993224Z 67 PC: 12c69 | Get or set file attributes (See above)
2018-12-25T12:55:21.339092786Z 61 PC: 12c80 | Open file (See above)
2018-12-25T12:55:21.345455003Z 63 PC: 12c8d | Read file or device (See above)
2018-12-25T12:55:21.351580408Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:21.353443793Z 63 PC: 12caf | Read file or device (See above)
2018-12-25T12:55:21.355788794Z 66 PC: 12cb8 | Move file pointer (See above)
2018-12-25T12:55:21.357087112Z 64 PC: 12cce | Write file or device (See above)
2018-12-25T12:55:21.366267864Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:21.367956733Z 64 PC: 12cdc | Write file or device (See above)
2018-12-25T12:55:21.374619112Z 62 PC: 12ce1 | Close file (See above)
2018-12-25T12:55:21.383278722Z 67 PC: 12c3a | Get or set file attributes (See above)
2018-12-25T12:55:21.38843592Z 79 PC: 12c59 | Find next file (See above)
2018-12-25T12:55:21.391440402Z 67 PC: 12c69 | Get or set file attributes (See above)
2018-12-25T12:55:21.401664485Z 61 PC: 12c80 | Open file (See above)
2018-12-25T12:55:21.407922304Z 63 PC: 12c8d | Read file or device (See above)
2018-12-25T12:55:21.413951089Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:21.416216309Z 63 PC: 12caf | Read file or device (See above)
2018-12-25T12:55:21.41866295Z 66 PC: 12cb8 | Move file pointer (See above)
2018-12-25T12:55:21.419894858Z 64 PC: 12cce | Write file or device (See above)
2018-12-25T12:55:21.42771618Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:21.429329694Z 64 PC: 12cdc | Write file or device (See above)
2018-12-25T12:55:21.435799774Z 62 PC: 12ce1 | Close file (See above)
2018-12-25T12:55:21.443788904Z 67 PC: 12c3a | Get or set file attributes (See above)
2018-12-25T12:55:21.45096785Z 26 PC: 12cf4 | Set disk transfer address
2018-12-25T12:55:21.451934565Z 59 PC: 12ad1 | Change current directory
2018-12-25T12:55:21.455752227Z 59 PC: 12add | Change current directory

{"DateBased":true,"Day":16,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17307,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:27.483651263Z 42 PC: 12a73 | Get date 0x12a73: cmp al, 1
0x12a75: jne 0x12a9f
0x12a77: cmp dl, 0x10
0x12a7a: jne 0x12a9f
0x12a7c: mov ah, 0x19
0x12a7e: int 0x21
0x12a80: lea bx, word ptr [bp + 0x2b7]
0x12a84: mov cx, 1
0x12a87: xor dx, dx
0x12a89: int 0x26
0x12a8b: jb 0x12a8e
0x12a8d: popf
0x12a8e: lea dx, word ptr [bp + 0x2e7]
0x12a92: mov ah, 9
0x12a94: int 0x21
0x12a96: int 5
0x12a98: xor ah, ah
0x12a9a: int 0x16
0x12a9c: jmp 0x12cf7
0x12a9f: lea si, word ptr [bp + 0x468]
2018-12-25T12:55:27.487028923Z 25 PC: 12a80 | Get default drive
2018-12-25T12:55:27.503246118Z 9 PC: 12a96 | Display string (String= ' Welcome to the Dark Apocalypse... Your computer will never escape... You might as well read this and weep! The Dark Apocalypse v1.00 by Crypt Keeper [RoT] ���Reign of Terror��� [DARK APOCALYPSE] Press any key to continue...')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17307,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:28.069411534Z 42 PC: 12a73 | Get date 0x12a73: cmp al, 1
0x12a75: jne 0x12a9f
0x12a77: cmp dl, 0x10
0x12a7a: jne 0x12a9f
0x12a7c: mov ah, 0x19
0x12a7e: int 0x21
0x12a80: lea bx, word ptr [bp + 0x2b7]
0x12a84: mov cx, 1
0x12a87: xor dx, dx
0x12a89: int 0x26
0x12a8b: jb 0x12a8e
0x12a8d: popf
0x12a8e: lea dx, word ptr [bp + 0x2e7]
0x12a92: mov ah, 9
0x12a94: int 0x21
0x12a96: int 5
0x12a98: xor ah, ah
0x12a9a: int 0x16
0x12a9c: jmp 0x12cf7
0x12a9f: lea si, word ptr [bp + 0x468]
2018-12-25T12:55:28.07309403Z 71 PC: 12aa9 | Get current directory
2018-12-25T12:55:28.076475762Z 71 PC: 12ab3 | Get current directory
2018-12-25T12:55:28.079681515Z 47 PC: 12b21 | Get disk transfer address
2018-12-25T12:55:28.081500799Z 26 PC: 12b33 | Set disk transfer address
2018-12-25T12:55:28.082883857Z 78 PC: 12b40 | Find first file
2018-12-25T12:55:28.095131681Z 78 PC: 12c50 | Find first file
2018-12-25T12:55:28.103046222Z 67 PC: 12c69 | Get or set file attributes
2018-12-25T12:55:28.122272973Z 61 PC: 12c80 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:28.1298514Z 63 PC: 12c8d | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:55:28.139717261Z 66 PC: 12c44 | Move file pointer
2018-12-25T12:55:28.143052349Z 63 PC: 12caf | Read file or device (Read 15 bytes on handle 5)
2018-12-25T12:55:28.145953909Z 66 PC: 12cb8 | Move file pointer
2018-12-25T12:55:28.155601071Z 64 PC: 12cce | Write file or device (Write 1016 bytes on handle 5)
2018-12-25T12:55:28.166311257Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:28.168239198Z 64 PC: 12cdc | Write file or device (Write 15 bytes on handle 5)
2018-12-25T12:55:28.172723685Z 62 PC: 12ce1 | Close file
2018-12-25T12:55:28.181750839Z 67 PC: 12c3a | Get or set file attributes
2018-12-25T12:55:28.184973977Z 79 PC: 12c59 | Find next file
2018-12-25T12:55:28.187922663Z 67 PC: 12c69 | Get or set file attributes (See above)
2018-12-25T12:55:28.199155199Z 61 PC: 12c80 | Open file (See above)
2018-12-25T12:55:28.206414576Z 63 PC: 12c8d | Read file or device (See above)
2018-12-25T12:55:28.214842192Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:28.217016241Z 63 PC: 12caf | Read file or device (See above)
2018-12-25T12:55:28.219773774Z 66 PC: 12cb8 | Move file pointer (See above)
2018-12-25T12:55:28.221324895Z 64 PC: 12cce | Write file or device (See above)
2018-12-25T12:55:28.231460656Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:28.233045024Z 64 PC: 12cdc | Write file or device (See above)
2018-12-25T12:55:28.240231593Z 62 PC: 12ce1 | Close file (See above)
2018-12-25T12:55:28.249948349Z 67 PC: 12c3a | Get or set file attributes (See above)
2018-12-25T12:55:28.255351717Z 79 PC: 12c59 | Find next file (See above)
2018-12-25T12:55:28.258215402Z 67 PC: 12c69 | Get or set file attributes (See above)
2018-12-25T12:55:28.269530508Z 61 PC: 12c80 | Open file (See above)
2018-12-25T12:55:28.278469363Z 63 PC: 12c8d | Read file or device (See above)
2018-12-25T12:55:28.285597738Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:28.287188679Z 63 PC: 12caf | Read file or device (See above)
2018-12-25T12:55:28.291130507Z 66 PC: 12cb8 | Move file pointer (See above)
2018-12-25T12:55:28.292794817Z 64 PC: 12cce | Write file or device (See above)
2018-12-25T12:55:28.302867801Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:28.305218943Z 64 PC: 12cdc | Write file or device (See above)
2018-12-25T12:55:28.312767357Z 62 PC: 12ce1 | Close file (See above)
2018-12-25T12:55:28.322234828Z 67 PC: 12c3a | Get or set file attributes (See above)
2018-12-25T12:55:28.329480233Z 26 PC: 12cf4 | Set disk transfer address
2018-12-25T12:55:28.330731205Z 59 PC: 12ad1 | Change current directory
2018-12-25T12:55:28.336260124Z 59 PC: 12add | Change current directory

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17307,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:28.789129176Z 42 PC: 12a73 | Get date 0x12a73: cmp al, 1
0x12a75: jne 0x12a9f
0x12a77: cmp dl, 0x10
0x12a7a: jne 0x12a9f
0x12a7c: mov ah, 0x19
0x12a7e: int 0x21
0x12a80: lea bx, word ptr [bp + 0x2b7]
0x12a84: mov cx, 1
0x12a87: xor dx, dx
0x12a89: int 0x26
0x12a8b: jb 0x12a8e
0x12a8d: popf
0x12a8e: lea dx, word ptr [bp + 0x2e7]
0x12a92: mov ah, 9
0x12a94: int 0x21
0x12a96: int 5
0x12a98: xor ah, ah
0x12a9a: int 0x16
0x12a9c: jmp 0x12cf7
0x12a9f: lea si, word ptr [bp + 0x468]
2018-12-25T12:55:28.792151026Z 71 PC: 12aa9 | Get current directory
2018-12-25T12:55:28.795335116Z 71 PC: 12ab3 | Get current directory
2018-12-25T12:55:28.798453176Z 47 PC: 12b21 | Get disk transfer address
2018-12-25T12:55:28.799786271Z 26 PC: 12b33 | Set disk transfer address
2018-12-25T12:55:28.801311408Z 78 PC: 12b40 | Find first file
2018-12-25T12:55:28.808055881Z 78 PC: 12c50 | Find first file
2018-12-25T12:55:28.814997422Z 67 PC: 12c69 | Get or set file attributes
2018-12-25T12:55:28.843520582Z 61 PC: 12c80 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:28.857086008Z 63 PC: 12c8d | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:55:28.865593534Z 66 PC: 12c44 | Move file pointer
2018-12-25T12:55:28.867981621Z 63 PC: 12caf | Read file or device (Read 15 bytes on handle 5)
2018-12-25T12:55:28.871044357Z 66 PC: 12cb8 | Move file pointer
2018-12-25T12:55:28.872980832Z 64 PC: 12cce | Write file or device (Write 1016 bytes on handle 5)
2018-12-25T12:55:28.883145411Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:28.884621338Z 64 PC: 12cdc | Write file or device (Write 15 bytes on handle 5)
2018-12-25T12:55:28.894451219Z 62 PC: 12ce1 | Close file
2018-12-25T12:55:28.904480911Z 67 PC: 12c3a | Get or set file attributes
2018-12-25T12:55:28.910129045Z 79 PC: 12c59 | Find next file
2018-12-25T12:55:28.912906184Z 67 PC: 12c69 | Get or set file attributes (See above)
2018-12-25T12:55:28.925047408Z 61 PC: 12c80 | Open file (See above)
2018-12-25T12:55:28.93232978Z 63 PC: 12c8d | Read file or device (See above)
2018-12-25T12:55:28.939450906Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:28.941688647Z 63 PC: 12caf | Read file or device (See above)
2018-12-25T12:55:28.945477758Z 66 PC: 12cb8 | Move file pointer (See above)
2018-12-25T12:55:28.947224443Z 64 PC: 12cce | Write file or device (See above)
2018-12-25T12:55:28.956673585Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:28.959567846Z 64 PC: 12cdc | Write file or device (See above)
2018-12-25T12:55:28.967227019Z 62 PC: 12ce1 | Close file (See above)
2018-12-25T12:55:28.977336101Z 67 PC: 12c3a | Get or set file attributes (See above)
2018-12-25T12:55:28.983720503Z 79 PC: 12c59 | Find next file (See above)
2018-12-25T12:55:28.987471853Z 67 PC: 12c69 | Get or set file attributes (See above)
2018-12-25T12:55:28.993974179Z 61 PC: 12c80 | Open file (See above)
2018-12-25T12:55:29.000239526Z 63 PC: 12c8d | Read file or device (See above)
2018-12-25T12:55:29.004655685Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:29.005765307Z 63 PC: 12caf | Read file or device (See above)
2018-12-25T12:55:29.008016288Z 66 PC: 12cb8 | Move file pointer (See above)
2018-12-25T12:55:29.009246874Z 64 PC: 12cce | Write file or device (See above)
2018-12-25T12:55:29.014995844Z 66 PC: 12c44 | Move file pointer (See above)
2018-12-25T12:55:29.016759541Z 64 PC: 12cdc | Write file or device (See above)
2018-12-25T12:55:29.021129972Z 62 PC: 12ce1 | Close file (See above)
2018-12-25T12:55:29.027331235Z 67 PC: 12c3a | Get or set file attributes (See above)
2018-12-25T12:55:29.033158439Z 26 PC: 12cf4 | Set disk transfer address
2018-12-25T12:55:29.034737108Z 59 PC: 12ad1 | Change current directory
2018-12-25T12:55:29.039434612Z 59 PC: 12add | Change current directory

{"DateBased":true,"Day":16,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17307,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:29.362114834Z 42 PC: 12a73 | Get date 0x12a73: cmp al, 1
0x12a75: jne 0x12a9f
0x12a77: cmp dl, 0x10
0x12a7a: jne 0x12a9f
0x12a7c: mov ah, 0x19
0x12a7e: int 0x21
0x12a80: lea bx, word ptr [bp + 0x2b7]
0x12a84: mov cx, 1
0x12a87: xor dx, dx
0x12a89: int 0x26
0x12a8b: jb 0x12a8e
0x12a8d: popf
0x12a8e: lea dx, word ptr [bp + 0x2e7]
0x12a92: mov ah, 9
0x12a94: int 0x21
0x12a96: int 5
0x12a98: xor ah, ah
0x12a9a: int 0x16
0x12a9c: jmp 0x12cf7
0x12a9f: lea si, word ptr [bp + 0x468]
2018-12-25T12:55:29.365989872Z 25 PC: 12a80 | Get default drive
2018-12-25T12:55:29.379732734Z 9 PC: 12a96 | Display string (String= ' Welcome to the Dark Apocalypse... Your computer will never escape... You might as well read this and weep! The Dark Apocalypse v1.00 by Crypt Keeper [RoT] ���Reign of Terror��� [DARK APOCALYPSE] Press any key to continue...')