Sample viewer

vx.netlux.org/Virus.DOS.Nuke.DC00L.1811

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:19:35.353075538Z 71 PC: 13f30 | Get current directory
2018-12-17T22:19:35.356816464Z 59 PC: 13f3b | Change current directory
2018-12-17T22:19:35.37328566Z 26 PC: 13fef | Set disk transfer address
2018-12-17T22:19:35.37491271Z 78 PC: 13ffd | Find first file
2018-12-17T22:19:35.382173199Z 61 PC: 14029 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:19:35.390293598Z 63 PC: 1403b | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:19:35.397813762Z 44 PC: 14071 | Get time 0x14071: add dl, dh
0x14073: je 0x1406d
0x14075: mov si, 0x115
0x14078: add si, word ptr [0x106]
0x1407c: mov byte ptr [si], dl
0x1407e: mov ax, 0x4301
0x14081: xor cx, cx
0x14083: mov dx, si
0x14085: add dx, 0xbf
0x14089: int 0x21
0x1408b: mov ah, 0x3e
0x1408d: int 0x21
0x1408f: mov ax, 0x3d02
0x14092: int 0x21
0x14094: jb 0x1404a
0x14096: mov di, dx
0x14098: add di, 0x5d
0x1409b: stosw word ptr es:[di], ax
0x1409c: xchg ax, bx
0x1409d: mov ah, 0x40
2018-12-17T22:19:35.401594056Z 67 PC: 1408b | Get or set file attributes
2018-12-17T22:19:35.421099083Z 62 PC: 1408f | Close file
2018-12-17T22:19:35.423492521Z 61 PC: 14094 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:19:35.431376838Z 64 PC: 140a7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:35.436040235Z 64 PC: 140b9 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:19:35.440276043Z 64 PC: 140ce | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:19:35.443572864Z 66 PC: 140d7 | Move file pointer
2018-12-17T22:19:35.457364732Z 64 PC: 13e77 | Write file or device (Write 1811 bytes on handle 5)
2018-12-17T22:19:35.467800796Z 87 PC: 140f0 | Get or set file date and time
2018-12-17T22:19:35.470083337Z 62 PC: 140f4 | Close file
2018-12-17T22:19:35.479789638Z 67 PC: 14105 | Get or set file attributes
2018-12-17T22:19:35.49163314Z 79 PC: 14011 | Find next file
2018-12-17T22:19:35.494841909Z 61 PC: 14029 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:19:35.503139094Z 63 PC: 1403b | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:19:35.510816122Z 44 PC: 14071 | Get time 0x14071: add dl, dh
0x14073: je 0x1406d
0x14075: mov si, 0x115
0x14078: add si, word ptr [0x106]
0x1407c: mov byte ptr [si], dl
0x1407e: mov ax, 0x4301
0x14081: xor cx, cx
0x14083: mov dx, si
0x14085: add dx, 0xbf
0x14089: int 0x21
0x1408b: mov ah, 0x3e
0x1408d: int 0x21
0x1408f: mov ax, 0x3d02
0x14092: int 0x21
0x14094: jb 0x1404a
0x14096: mov di, dx
0x14098: add di, 0x5d
0x1409b: stosw word ptr es:[di], ax
0x1409c: xchg ax, bx
0x1409d: mov ah, 0x40
2018-12-17T22:19:35.513617808Z 67 PC: 1408b | Get or set file attributes
2018-12-17T22:19:35.52634856Z 62 PC: 1408f | Close file
2018-12-17T22:19:35.531262879Z 61 PC: 14094 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:19:35.540083244Z 64 PC: 140a7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:35.544867503Z 64 PC: 140b9 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:19:35.552470623Z 64 PC: 140ce | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:19:35.557144653Z 66 PC: 140d7 | Move file pointer
2018-12-17T22:19:35.560381391Z 64 PC: 13e77 | Write file or device (Write 1811 bytes on handle 5)
2018-12-17T22:19:35.576882734Z 87 PC: 140f0 | Get or set file date and time
2018-12-17T22:19:35.579511821Z 62 PC: 140f4 | Close file
2018-12-17T22:19:35.589916696Z 67 PC: 14105 | Get or set file attributes
2018-12-17T22:19:35.605289566Z 79 PC: 14011 | Find next file
2018-12-17T22:19:35.608031803Z 61 PC: 14029 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:19:35.613469194Z 63 PC: 1403b | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:19:35.619454518Z 44 PC: 14071 | Get time 0x14071: add dl, dh
0x14073: je 0x1406d
0x14075: mov si, 0x115
0x14078: add si, word ptr [0x106]
0x1407c: mov byte ptr [si], dl
0x1407e: mov ax, 0x4301
0x14081: xor cx, cx
0x14083: mov dx, si
0x14085: add dx, 0xbf
0x14089: int 0x21
0x1408b: mov ah, 0x3e
0x1408d: int 0x21
0x1408f: mov ax, 0x3d02
0x14092: int 0x21
0x14094: jb 0x1404a
0x14096: mov di, dx
0x14098: add di, 0x5d
0x1409b: stosw word ptr es:[di], ax
0x1409c: xchg ax, bx
0x1409d: mov ah, 0x40
2018-12-17T22:19:35.621950592Z 67 PC: 1408b | Get or set file attributes
2018-12-17T22:19:35.630601983Z 62 PC: 1408f | Close file
2018-12-17T22:19:35.632805255Z 61 PC: 14094 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:19:35.638228663Z 64 PC: 140a7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:35.640470818Z 64 PC: 140b9 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:19:35.64284326Z 64 PC: 140ce | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:19:35.64555414Z 66 PC: 140d7 | Move file pointer
2018-12-17T22:19:35.647179071Z 64 PC: 13e77 | Write file or device (Write 1811 bytes on handle 5)
2018-12-17T22:19:35.655481961Z 87 PC: 140f0 | Get or set file date and time
2018-12-17T22:19:35.657931031Z 62 PC: 140f4 | Close file
2018-12-17T22:19:35.665199887Z 67 PC: 14105 | Get or set file attributes
2018-12-17T22:19:35.677588627Z 53 PC: 1414f | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:19:35.680137909Z 37 PC: 14161 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:19:35.682160212Z 73 PC: 1416b | Release memory
2018-12-17T22:19:35.684476354Z 49 PC: 14174 | Terminate and stay resident (Return code = '0' | Memory size = '85')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3381,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:59.467081332Z 71 PC: 13f30 | Get current directory
2018-12-25T11:48:59.470543729Z 59 PC: 13f3b | Change current directory
2018-12-25T11:48:59.474882273Z 26 PC: 13fef | Set disk transfer address
2018-12-25T11:48:59.475923135Z 78 PC: 13ffd | Find first file
2018-12-25T11:48:59.482805661Z 61 PC: 14029 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:59.489885818Z 63 PC: 1403b | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:59.496639368Z 44 PC: 14071 | Get time 0x14071: add dl, dh
0x14073: je 0x1406d
0x14075: mov si, 0x115
0x14078: add si, word ptr [0x106]
0x1407c: mov byte ptr [si], dl
0x1407e: mov ax, 0x4301
0x14081: xor cx, cx
0x14083: mov dx, si
0x14085: add dx, 0xbf
0x14089: int 0x21
0x1408b: mov ah, 0x3e
0x1408d: int 0x21
0x1408f: mov ax, 0x3d02
0x14092: int 0x21
0x14094: jb 0x1404a
0x14096: mov di, dx
0x14098: add di, 0x5d
0x1409b: stosw word ptr es:[di], ax
0x1409c: xchg ax, bx
0x1409d: mov ah, 0x40
2018-12-25T11:48:59.499275811Z 67 PC: 1408b | Get or set file attributes
2018-12-25T11:49:00.320734988Z 62 PC: 1408f | Close file
2018-12-25T11:49:00.322734822Z 61 PC: 14094 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:00.337697277Z 64 PC: 140a7 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:00.37897992Z 64 PC: 140b9 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:49:00.382617619Z 64 PC: 140ce | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:49:00.385406473Z 66 PC: 140d7 | Move file pointer
2018-12-25T11:49:00.387472388Z 64 PC: 13e77 | Write file or device (Write 1811 bytes on handle 5)
2018-12-25T11:49:00.505357864Z 87 PC: 140f0 | Get or set file date and time
2018-12-25T11:49:00.507209528Z 62 PC: 140f4 | Close file
2018-12-25T11:49:00.677735623Z 67 PC: 14105 | Get or set file attributes
2018-12-25T11:49:00.87633641Z 79 PC: 14011 | Find next file
2018-12-25T11:49:00.878254143Z 61 PC: 14029 | Open file (See above)
2018-12-25T11:49:00.883606304Z 63 PC: 1403b | Read file or device (See above)
2018-12-25T11:49:00.888020586Z 44 PC: 14071 | Get time (See above)
2018-12-25T11:49:00.889656397Z 67 PC: 1408b | Get or set file attributes (See above)
2018-12-25T11:49:01.007292159Z 62 PC: 1408f | Close file (See above)
2018-12-25T11:49:01.010738476Z 61 PC: 14094 | Open file (See above)
2018-12-25T11:49:01.018270229Z 64 PC: 140a7 | Write file or device (See above)
2018-12-25T11:49:01.021400601Z 64 PC: 140b9 | Write file or device (See above)
2018-12-25T11:49:01.024390077Z 64 PC: 140ce | Write file or device (See above)
2018-12-25T11:49:01.026960556Z 66 PC: 140d7 | Move file pointer (See above)
2018-12-25T11:49:01.028779508Z 64 PC: 13e77 | Write file or device (See above)
2018-12-25T11:49:01.19185259Z 87 PC: 140f0 | Get or set file date and time (See above)
2018-12-25T11:49:01.193442781Z 62 PC: 140f4 | Close file (See above)
2018-12-25T11:49:01.208163411Z 67 PC: 14105 | Get or set file attributes (See above)
2018-12-25T11:49:01.224210929Z 79 PC: 14011 | Find next file (See above)
2018-12-25T11:49:01.227100503Z 61 PC: 14029 | Open file (See above)
2018-12-25T11:49:01.23412989Z 63 PC: 1403b | Read file or device (See above)
2018-12-25T11:49:01.242066066Z 44 PC: 14071 | Get time (See above)
2018-12-25T11:49:01.244605617Z 67 PC: 1408b | Get or set file attributes (See above)
2018-12-25T11:49:01.264895169Z 62 PC: 1408f | Close file (See above)
2018-12-25T11:49:01.26716448Z 61 PC: 14094 | Open file (See above)
2018-12-25T11:49:01.274761163Z 64 PC: 140a7 | Write file or device (See above)
2018-12-25T11:49:01.278073984Z 64 PC: 140b9 | Write file or device (See above)
2018-12-25T11:49:01.281611693Z 64 PC: 140ce | Write file or device (See above)
2018-12-25T11:49:01.284433474Z 66 PC: 140d7 | Move file pointer (See above)
2018-12-25T11:49:01.286474082Z 64 PC: 13e77 | Write file or device (See above)
2018-12-25T11:49:01.312129307Z 87 PC: 140f0 | Get or set file date and time (See above)
2018-12-25T11:49:01.313816164Z 62 PC: 140f4 | Close file (See above)
2018-12-25T11:49:01.341949256Z 67 PC: 14105 | Get or set file attributes (See above)
2018-12-25T11:49:01.36368161Z 53 PC: 1414f | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:49:01.36495415Z 37 PC: 14161 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:49:01.366072286Z 73 PC: 1416b | Release memory
2018-12-25T11:49:01.367526493Z 49 PC: 14174 | Terminate and stay resident (Return code = '0' | Memory size = '85')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3381,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:06:51.294574342Z 71 PC: 13f30 | Get current directory
2018-12-25T13:06:51.29875089Z 59 PC: 13f3b | Change current directory
2018-12-25T13:06:51.303661237Z 26 PC: 13fef | Set disk transfer address
2018-12-25T13:06:51.306789137Z 78 PC: 13ffd | Find first file
2018-12-25T13:06:51.314916184Z 61 PC: 14029 | Open file (Filename = 'SLEEP.COM')
2018-12-25T13:06:51.323080734Z 63 PC: 1403b | Read file or device (Read 8 bytes on handle 5)
2018-12-25T13:06:51.33067139Z 44 PC: 14071 | Get time 0x14071: add dl, dh
0x14073: je 0x1406d
0x14075: mov si, 0x115
0x14078: add si, word ptr [0x106]
0x1407c: mov byte ptr [si], dl
0x1407e: mov ax, 0x4301
0x14081: xor cx, cx
0x14083: mov dx, si
0x14085: add dx, 0xbf
0x14089: int 0x21
0x1408b: mov ah, 0x3e
0x1408d: int 0x21
0x1408f: mov ax, 0x3d02
0x14092: int 0x21
0x14094: jb 0x1404a
0x14096: mov di, dx
0x14098: add di, 0x5d
0x1409b: stosw word ptr es:[di], ax
0x1409c: xchg ax, bx
0x1409d: mov ah, 0x40
2018-12-25T13:06:51.333466668Z 67 PC: 1408b | Get or set file attributes
2018-12-25T13:06:51.35608231Z 62 PC: 1408f | Close file
2018-12-25T13:06:51.358604924Z 61 PC: 14094 | Open file (Filename = 'SLEEP.COM')
2018-12-25T13:06:51.3666895Z 64 PC: 140a7 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T13:06:51.370719569Z 64 PC: 140b9 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T13:06:51.37388057Z 64 PC: 140ce | Write file or device (Write 2 bytes on handle 5)
2018-12-25T13:06:51.376982744Z 66 PC: 140d7 | Move file pointer
2018-12-25T13:06:51.379671926Z 64 PC: 13e77 | Write file or device (Write 1811 bytes on handle 5)
2018-12-25T13:06:51.39009358Z 87 PC: 140f0 | Get or set file date and time
2018-12-25T13:06:51.39207255Z 62 PC: 140f4 | Close file
2018-12-25T13:06:51.401798367Z 67 PC: 14105 | Get or set file attributes
2018-12-25T13:06:51.413121361Z 79 PC: 14011 | Find next file
2018-12-25T13:06:51.417377155Z 61 PC: 14029 | Open file (See above)
2018-12-25T13:06:51.427282641Z 63 PC: 1403b | Read file or device (See above)
2018-12-25T13:06:51.434971531Z 44 PC: 14071 | Get time (See above)
2018-12-25T13:06:51.437364597Z 67 PC: 1408b | Get or set file attributes (See above)
2018-12-25T13:06:51.45006039Z 62 PC: 1408f | Close file (See above)
2018-12-25T13:06:51.453156682Z 61 PC: 14094 | Open file (See above)
2018-12-25T13:06:51.460890904Z 64 PC: 140a7 | Write file or device (See above)
2018-12-25T13:06:51.464447846Z 64 PC: 140b9 | Write file or device (See above)
2018-12-25T13:06:51.468918427Z 64 PC: 140ce | Write file or device (See above)
2018-12-25T13:06:51.472189538Z 66 PC: 140d7 | Move file pointer (See above)
2018-12-25T13:06:51.474549659Z 64 PC: 13e77 | Write file or device (See above)
2018-12-25T13:06:51.486017497Z 87 PC: 140f0 | Get or set file date and time (See above)
2018-12-25T13:06:51.48802118Z 62 PC: 140f4 | Close file (See above)
2018-12-25T13:06:51.496990318Z 67 PC: 14105 | Get or set file attributes (See above)
2018-12-25T13:06:51.508569706Z 79 PC: 14011 | Find next file (See above)
2018-12-25T13:06:51.512325574Z 61 PC: 14029 | Open file (See above)
2018-12-25T13:06:51.519623456Z 63 PC: 1403b | Read file or device (See above)
2018-12-25T13:06:51.533650059Z 44 PC: 14071 | Get time (See above)
2018-12-25T13:06:51.536376033Z 67 PC: 1408b | Get or set file attributes (See above)
2018-12-25T13:06:51.548240906Z 62 PC: 1408f | Close file (See above)
2018-12-25T13:06:51.551119392Z 61 PC: 14094 | Open file (See above)
2018-12-25T13:06:51.559018746Z 64 PC: 140a7 | Write file or device (See above)
2018-12-25T13:06:51.56244755Z 64 PC: 140b9 | Write file or device (See above)
2018-12-25T13:06:51.565921281Z 64 PC: 140ce | Write file or device (See above)
2018-12-25T13:06:51.569430014Z 66 PC: 140d7 | Move file pointer (See above)
2018-12-25T13:06:51.571741941Z 64 PC: 13e77 | Write file or device (See above)
2018-12-25T13:06:51.58249755Z 87 PC: 140f0 | Get or set file date and time (See above)
2018-12-25T13:06:51.58505041Z 62 PC: 140f4 | Close file (See above)
2018-12-25T13:06:51.593745388Z 67 PC: 14105 | Get or set file attributes (See above)
2018-12-25T13:06:51.605481045Z 53 PC: 1414f | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T13:06:51.607835669Z 37 PC: 14161 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T13:06:51.609508533Z 73 PC: 1416b | Release memory
2018-12-25T13:06:51.611307721Z 49 PC: 14174 | Terminate and stay resident (Return code = '0' | Memory size = '85')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3381,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:59.82599544Z 71 PC: 13f30 | Get current directory
2018-12-25T11:48:59.829614145Z 59 PC: 13f3b | Change current directory
2018-12-25T11:48:59.834019997Z 26 PC: 13fef | Set disk transfer address
2018-12-25T11:48:59.835136064Z 78 PC: 13ffd | Find first file
2018-12-25T11:48:59.84218527Z 61 PC: 14029 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:59.849408109Z 63 PC: 1403b | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:59.856440219Z 44 PC: 14071 | Get time 0x14071: add dl, dh
0x14073: je 0x1406d
0x14075: mov si, 0x115
0x14078: add si, word ptr [0x106]
0x1407c: mov byte ptr [si], dl
0x1407e: mov ax, 0x4301
0x14081: xor cx, cx
0x14083: mov dx, si
0x14085: add dx, 0xbf
0x14089: int 0x21
0x1408b: mov ah, 0x3e
0x1408d: int 0x21
0x1408f: mov ax, 0x3d02
0x14092: int 0x21
0x14094: jb 0x1404a
0x14096: mov di, dx
0x14098: add di, 0x5d
0x1409b: stosw word ptr es:[di], ax
0x1409c: xchg ax, bx
0x1409d: mov ah, 0x40
2018-12-25T11:48:59.860537063Z 67 PC: 1408b | Get or set file attributes
2018-12-25T11:49:01.195217275Z 62 PC: 1408f | Close file
2018-12-25T11:49:01.197203842Z 61 PC: 14094 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:01.210735493Z 64 PC: 140a7 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:01.218349104Z 64 PC: 140b9 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:49:01.221167328Z 64 PC: 140ce | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:49:01.22418597Z 66 PC: 140d7 | Move file pointer
2018-12-25T11:49:01.226642612Z 64 PC: 13e77 | Write file or device (Write 1811 bytes on handle 5)
2018-12-25T11:49:01.239011094Z 87 PC: 140f0 | Get or set file date and time
2018-12-25T11:49:01.240693879Z 62 PC: 140f4 | Close file
2018-12-25T11:49:01.260275308Z 67 PC: 14105 | Get or set file attributes
2018-12-25T11:49:01.292501272Z 79 PC: 14011 | Find next file
2018-12-25T11:49:01.296150687Z 61 PC: 14029 | Open file (See above)
2018-12-25T11:49:01.304080156Z 63 PC: 1403b | Read file or device (See above)
2018-12-25T11:49:01.311402909Z 44 PC: 14071 | Get time (See above)
2018-12-25T11:49:01.313883035Z 67 PC: 1408b | Get or set file attributes (See above)
2018-12-25T11:49:01.342405317Z 62 PC: 1408f | Close file (See above)
2018-12-25T11:49:01.344325765Z 61 PC: 14094 | Open file (See above)
2018-12-25T11:49:01.351666807Z 64 PC: 140a7 | Write file or device (See above)
2018-12-25T11:49:01.355062378Z 64 PC: 140b9 | Write file or device (See above)
2018-12-25T11:49:01.357779554Z 64 PC: 140ce | Write file or device (See above)
2018-12-25T11:49:01.360310869Z 66 PC: 140d7 | Move file pointer (See above)
2018-12-25T11:49:01.36251492Z 64 PC: 13e77 | Write file or device (See above)
2018-12-25T11:49:01.393538163Z 87 PC: 140f0 | Get or set file date and time (See above)
2018-12-25T11:49:01.395146463Z 62 PC: 140f4 | Close file (See above)
2018-12-25T11:49:01.425212481Z 67 PC: 14105 | Get or set file attributes (See above)
2018-12-25T11:49:01.455446898Z 79 PC: 14011 | Find next file (See above)
2018-12-25T11:49:01.458348061Z 61 PC: 14029 | Open file (See above)
2018-12-25T11:49:01.465915782Z 63 PC: 1403b | Read file or device (See above)
2018-12-25T11:49:01.472971916Z 44 PC: 14071 | Get time (See above)
2018-12-25T11:49:01.475060281Z 67 PC: 1408b | Get or set file attributes (See above)
2018-12-25T11:49:01.510232037Z 62 PC: 1408f | Close file (See above)
2018-12-25T11:49:01.512285664Z 61 PC: 14094 | Open file (See above)
2018-12-25T11:49:01.519498554Z 64 PC: 140a7 | Write file or device (See above)
2018-12-25T11:49:01.522413173Z 64 PC: 140b9 | Write file or device (See above)
2018-12-25T11:49:01.52561792Z 64 PC: 140ce | Write file or device (See above)
2018-12-25T11:49:01.528468055Z 66 PC: 140d7 | Move file pointer (See above)
2018-12-25T11:49:01.530345682Z 64 PC: 13e77 | Write file or device (See above)
2018-12-25T11:49:01.541651308Z 87 PC: 140f0 | Get or set file date and time (See above)
2018-12-25T11:49:01.543825464Z 62 PC: 140f4 | Close file (See above)
2018-12-25T11:49:01.552303777Z 67 PC: 14105 | Get or set file attributes (See above)
2018-12-25T11:49:01.565709381Z 53 PC: 1414f | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:49:01.567909032Z 37 PC: 14161 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:49:01.569286992Z 73 PC: 1416b | Release memory
2018-12-25T11:49:01.572366817Z 49 PC: 14174 | Terminate and stay resident (Return code = '0' | Memory size = '85')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3381,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:59.93395029Z 71 PC: 13f30 | Get current directory
2018-12-25T11:48:59.93700688Z 59 PC: 13f3b | Change current directory
2018-12-25T11:48:59.940915303Z 26 PC: 13fef | Set disk transfer address
2018-12-25T11:48:59.942302739Z 78 PC: 13ffd | Find first file
2018-12-25T11:48:59.949238713Z 61 PC: 14029 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:59.956403646Z 63 PC: 1403b | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:59.960975479Z 44 PC: 14071 | Get time 0x14071: add dl, dh
0x14073: je 0x1406d
0x14075: mov si, 0x115
0x14078: add si, word ptr [0x106]
0x1407c: mov byte ptr [si], dl
0x1407e: mov ax, 0x4301
0x14081: xor cx, cx
0x14083: mov dx, si
0x14085: add dx, 0xbf
0x14089: int 0x21
0x1408b: mov ah, 0x3e
0x1408d: int 0x21
0x1408f: mov ax, 0x3d02
0x14092: int 0x21
0x14094: jb 0x1404a
0x14096: mov di, dx
0x14098: add di, 0x5d
0x1409b: stosw word ptr es:[di], ax
0x1409c: xchg ax, bx
0x1409d: mov ah, 0x40
2018-12-25T11:48:59.978485317Z 67 PC: 1408b | Get or set file attributes
2018-12-25T11:49:00.570170665Z 62 PC: 1408f | Close file
2018-12-25T11:49:00.573057184Z 61 PC: 14094 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:00.5789747Z 64 PC: 140a7 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:00.581955531Z 64 PC: 140b9 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:49:00.584485767Z 64 PC: 140ce | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:49:00.587410801Z 66 PC: 140d7 | Move file pointer
2018-12-25T11:49:00.589080026Z 64 PC: 13e77 | Write file or device (Write 1811 bytes on handle 5)
2018-12-25T11:49:00.597740187Z 87 PC: 140f0 | Get or set file date and time
2018-12-25T11:49:00.599350479Z 62 PC: 140f4 | Close file
2018-12-25T11:49:00.606995084Z 67 PC: 14105 | Get or set file attributes
2018-12-25T11:49:00.616913222Z 79 PC: 14011 | Find next file
2018-12-25T11:49:00.619876982Z 61 PC: 14029 | Open file (See above)
2018-12-25T11:49:00.626321469Z 63 PC: 1403b | Read file or device (See above)
2018-12-25T11:49:00.632507409Z 44 PC: 14071 | Get time (See above)
2018-12-25T11:49:00.634946189Z 67 PC: 1408b | Get or set file attributes (See above)
2018-12-25T11:49:00.641643076Z 62 PC: 1408f | Close file (See above)
2018-12-25T11:49:00.643209018Z 61 PC: 14094 | Open file (See above)
2018-12-25T11:49:00.649935996Z 64 PC: 140a7 | Write file or device (See above)
2018-12-25T11:49:00.652503192Z 64 PC: 140b9 | Write file or device (See above)
2018-12-25T11:49:00.654934517Z 64 PC: 140ce | Write file or device (See above)
2018-12-25T11:49:00.65768087Z 66 PC: 140d7 | Move file pointer (See above)
2018-12-25T11:49:00.659243504Z 64 PC: 13e77 | Write file or device (See above)
2018-12-25T11:49:00.667864047Z 87 PC: 140f0 | Get or set file date and time (See above)
2018-12-25T11:49:00.669594162Z 62 PC: 140f4 | Close file (See above)
2018-12-25T11:49:00.676961925Z 67 PC: 14105 | Get or set file attributes (See above)
2018-12-25T11:49:00.686891922Z 79 PC: 14011 | Find next file (See above)
2018-12-25T11:49:00.689746407Z 61 PC: 14029 | Open file (See above)
2018-12-25T11:49:00.695954481Z 63 PC: 1403b | Read file or device (See above)
2018-12-25T11:49:00.70210805Z 44 PC: 14071 | Get time (See above)
2018-12-25T11:49:00.704370377Z 67 PC: 1408b | Get or set file attributes (See above)
2018-12-25T11:49:00.713963608Z 62 PC: 1408f | Close file (See above)
2018-12-25T11:49:00.715557038Z 61 PC: 14094 | Open file (See above)
2018-12-25T11:49:00.722743634Z 64 PC: 140a7 | Write file or device (See above)
2018-12-25T11:49:00.725499545Z 64 PC: 140b9 | Write file or device (See above)
2018-12-25T11:49:00.727961574Z 64 PC: 140ce | Write file or device (See above)
2018-12-25T11:49:00.730537521Z 66 PC: 140d7 | Move file pointer (See above)
2018-12-25T11:49:00.732553809Z 64 PC: 13e77 | Write file or device (See above)
2018-12-25T11:49:00.740613782Z 87 PC: 140f0 | Get or set file date and time (See above)
2018-12-25T11:49:00.74200283Z 62 PC: 140f4 | Close file (See above)
2018-12-25T11:49:00.749422855Z 67 PC: 14105 | Get or set file attributes (See above)
2018-12-25T11:49:00.758982028Z 53 PC: 1414f | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:49:00.760050489Z 37 PC: 14161 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:49:00.76152024Z 73 PC: 1416b | Release memory
2018-12-25T11:49:00.763024749Z 49 PC: 14174 | Terminate and stay resident (Return code = '0' | Memory size = '85')