Sample viewer

vx.netlux.org/Virus.DOS.Nucleii.1515

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:21:58.163019787Z 53 PC: 12aa2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:58.165883096Z 37 PC: 12ab6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:58.167676905Z 26 PC: 12abe | Set disk transfer address
2018-12-17T22:21:58.169422404Z 71 PC: 12acc | Get current directory
2018-12-17T22:21:58.173250287Z 78 PC: 12ad7 | Find first file
2018-12-17T22:21:58.180080074Z 67 PC: 12b61 | Get or set file attributes
2018-12-17T22:21:58.19749109Z 61 PC: 12b67 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:21:58.20538538Z 87 PC: 12b6d | Get or set file date and time
2018-12-17T22:21:58.20780021Z 63 PC: 12b7a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:21:58.214574648Z 66 PC: 12c65 | Move file pointer
2018-12-17T22:21:58.216401515Z 64 PC: 12baa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:58.22053592Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:21:58.222597869Z 64 PC: 12bc7 | Write file or device (Write 79 bytes on handle 5)
2018-12-17T22:21:58.225712333Z 64 PC: 12be0 | Write file or device (Write 1436 bytes on handle 5)
2018-12-17T22:21:58.23709848Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T22:21:58.239143968Z 62 PC: 12beb | Close file
2018-12-17T22:21:58.247585168Z 79 PC: 12ad7 | Find next file
2018-12-17T22:21:58.252402388Z 67 PC: 12b61 | Get or set file attributes
2018-12-17T22:21:58.262587643Z 61 PC: 12b67 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:21:58.269807278Z 87 PC: 12b6d | Get or set file date and time
2018-12-17T22:21:58.272746759Z 63 PC: 12b7a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:21:58.279725278Z 66 PC: 12c65 | Move file pointer
2018-12-17T22:21:58.281763126Z 64 PC: 12baa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:58.300484239Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:21:58.30198071Z 64 PC: 12bc7 | Write file or device (Write 79 bytes on handle 5)
2018-12-17T22:21:58.305699526Z 64 PC: 12be0 | Write file or device (Write 1436 bytes on handle 5)
2018-12-17T22:21:58.320888285Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T22:21:58.32238534Z 62 PC: 12beb | Close file
2018-12-17T22:21:58.338944777Z 79 PC: 12ad7 | Find next file
2018-12-17T22:21:58.351845766Z 67 PC: 12b61 | Get or set file attributes
2018-12-17T22:21:58.370099168Z 61 PC: 12b67 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:21:58.381004682Z 87 PC: 12b6d | Get or set file date and time
2018-12-17T22:21:58.382962183Z 63 PC: 12b7a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:21:58.391080273Z 66 PC: 12c65 | Move file pointer
2018-12-17T22:21:58.392571999Z 64 PC: 12baa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:58.395554476Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:21:58.398078399Z 64 PC: 12bc7 | Write file or device (Write 79 bytes on handle 5)
2018-12-17T22:21:58.401264649Z 64 PC: 12be0 | Write file or device (Write 1436 bytes on handle 5)
2018-12-17T22:21:58.410584259Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T22:21:58.412686774Z 62 PC: 12beb | Close file
2018-12-17T22:21:58.420629618Z 79 PC: 12ad7 | Find next file
2018-12-17T22:21:58.423472214Z 67 PC: 12b61 | Get or set file attributes
2018-12-17T22:21:58.441222328Z 61 PC: 12b67 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:21:58.448107086Z 87 PC: 12b6d | Get or set file date and time
2018-12-17T22:21:58.462400563Z 63 PC: 12b7a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:21:58.469044368Z 66 PC: 12c65 | Move file pointer
2018-12-17T22:21:58.470450356Z 64 PC: 12baa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:58.477688172Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:21:58.479607354Z 64 PC: 12bc7 | Write file or device (Write 79 bytes on handle 5)
2018-12-17T22:21:58.481694665Z 64 PC: 12be0 | Write file or device (Write 1436 bytes on handle 5)
2018-12-17T22:21:58.487735072Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T22:21:58.490115068Z 62 PC: 12beb | Close file
2018-12-17T22:21:58.495457513Z 79 PC: 12ad7 | Find next file
2018-12-17T22:21:58.497253561Z 67 PC: 12b61 | Get or set file attributes
2018-12-17T22:21:58.506715389Z 61 PC: 12b67 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:21:58.513733968Z 87 PC: 12b6d | Get or set file date and time
2018-12-17T22:21:58.515362991Z 63 PC: 12b7a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:21:58.528034153Z 66 PC: 12c65 | Move file pointer
2018-12-17T22:21:58.541595456Z 64 PC: 12baa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:58.544264949Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:21:58.546273836Z 64 PC: 12bc7 | Write file or device (Write 79 bytes on handle 5)
2018-12-17T22:21:58.548386583Z 64 PC: 12be0 | Write file or device (Write 1436 bytes on handle 5)
2018-12-17T22:21:58.554353984Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T22:21:58.556920158Z 62 PC: 12beb | Close file
2018-12-17T22:21:58.577712836Z 79 PC: 12ad7 | Find next file
2018-12-17T22:21:58.58056504Z 67 PC: 12b61 | Get or set file attributes
2018-12-17T22:21:58.590548537Z 61 PC: 12b67 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:21:58.597831395Z 87 PC: 12b6d | Get or set file date and time
2018-12-17T22:21:58.599433845Z 63 PC: 12b7a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:21:58.605985255Z 66 PC: 12c65 | Move file pointer
2018-12-17T22:21:58.608363123Z 64 PC: 12baa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:58.610985611Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:21:58.612686291Z 64 PC: 12bc7 | Write file or device (Write 79 bytes on handle 5)
2018-12-17T22:21:58.621868432Z 64 PC: 12be0 | Write file or device (Write 1436 bytes on handle 5)
2018-12-17T22:21:58.630826765Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T22:21:58.632612611Z 62 PC: 12beb | Close file
2018-12-17T22:21:58.641514605Z 79 PC: 12ad7 | Find next file
2018-12-17T22:21:58.644995093Z 67 PC: 12b61 | Get or set file attributes
2018-12-17T22:21:58.654791457Z 61 PC: 12b67 | Open file (Filename = 'PAH.COM')
2018-12-17T22:21:58.662421814Z 87 PC: 12b6d | Get or set file date and time
2018-12-17T22:21:58.664520233Z 63 PC: 12b7a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:21:58.671088237Z 66 PC: 12c65 | Move file pointer
2018-12-17T22:21:58.673609683Z 64 PC: 12baa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:58.676897933Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:21:58.678604949Z 64 PC: 12bc7 | Write file or device (Write 79 bytes on handle 5)
2018-12-17T22:21:58.682398665Z 64 PC: 12be0 | Write file or device (Write 1436 bytes on handle 5)
2018-12-17T22:21:58.690919195Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T22:21:58.692558173Z 62 PC: 12beb | Close file
2018-12-17T22:21:58.701570319Z 79 PC: 12ad7 | Find next file
2018-12-17T22:21:58.704307589Z 67 PC: 12b61 | Get or set file attributes
2018-12-17T22:21:58.714120757Z 61 PC: 12b67 | Open file (Filename = 'TEST.COM')
2018-12-17T22:21:58.7209706Z 87 PC: 12b6d | Get or set file date and time
2018-12-17T22:21:58.72272452Z 63 PC: 12b7a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:21:58.725427902Z 66 PC: 12c65 | Move file pointer
2018-12-17T22:21:58.72735957Z 64 PC: 12baa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:58.730251074Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:21:58.731858016Z 64 PC: 12bc7 | Write file or device (Write 79 bytes on handle 5)
2018-12-17T22:21:58.741158734Z 64 PC: 12be0 | Write file or device (Write 1436 bytes on handle 5)
2018-12-17T22:21:58.749599519Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T22:21:58.751344693Z 62 PC: 12beb | Close file
2018-12-17T22:21:58.762121177Z 79 PC: 12ad7 | Find next file
2018-12-17T22:21:58.765836246Z 59 PC: 12ae1 | Change current directory
2018-12-17T22:21:58.76994567Z 42 PC: 12ae7 | Get date 0x12ae7: cmp dl, 0x1d
0x12aea: jne 0x12b2b
0x12aec: cmp byte ptr ds:[bp + 0x660], 1
0x12af2: je 0x12b16
0x12af4: mov ah, 0x19
0x12af6: int 0x21
0x12af8: mov byte ptr ds:[bp + 0x6c3], al
0x12afd: cmp al, 2
0x12aff: je 0x12b07
0x12b01: mov ah, 0xe
0x12b03: mov dl, 2
0x12b05: int 0x21
0x12b07: mov ah, 0x3b
0x12b09: lea dx, word ptr [bp + 0x64d]
0x12b0d: int 0x21
0x12b0f: inc byte ptr ds:[bp + 0x660]
0x12b14: jae 0x12acc
0x12b16: mov ax, 0xb800
0x12b19: mov es, ax
0x12b1b: xor di, di
2018-12-17T22:21:58.772286795Z 37 PC: 12b3b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:58.773578817Z 14 PC: 12b45 | Set default drive (Drive = 'A')
2018-12-17T22:21:58.774863472Z 59 PC: 12b4d | Change current directory
2018-12-17T22:21:58.779085279Z 26 PC: 12b54 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3843,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:17.548598257Z 53 PC: 12aa2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:17.550816506Z 37 PC: 12ab6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:17.552076135Z 26 PC: 12abe | Set disk transfer address
2018-12-25T11:50:17.553194775Z 71 PC: 12acc | Get current directory
2018-12-25T11:50:17.556347326Z 78 PC: 12ad7 | Find first file
2018-12-25T11:50:17.562120699Z 67 PC: 12b61 | Get or set file attributes
2018-12-25T11:50:17.576929244Z 61 PC: 12b67 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:17.583910228Z 87 PC: 12b6d | Get or set file date and time
2018-12-25T11:50:17.585507086Z 63 PC: 12b7a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:17.591757491Z 66 PC: 12c65 | Move file pointer
2018-12-25T11:50:17.594383024Z 64 PC: 12baa | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:17.597321142Z 66 PC: 12bb2 | Move file pointer
2018-12-25T11:50:17.598518857Z 64 PC: 12bc7 | Write file or device (Write 79 bytes on handle 5)
2018-12-25T11:50:17.601256674Z 64 PC: 12be0 | Write file or device (Write 1436 bytes on handle 5)
2018-12-25T11:50:17.61063534Z 87 PC: 12be7 | Get or set file date and time
2018-12-25T11:50:17.61226295Z 62 PC: 12beb | Close file
2018-12-25T11:50:17.620886726Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.631023878Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:17.641643391Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:17.648285682Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:17.650857187Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:17.657320178Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:17.658753772Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:17.66185899Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:17.663260927Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:17.666098334Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:17.67588609Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:17.67752781Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:17.684961358Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.687938347Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:17.698177502Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:17.704813524Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:17.707145879Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:17.713625816Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:17.71487695Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:17.717570102Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:17.719631197Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:17.722646314Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:17.731098855Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:17.733313929Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:17.740791192Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.74434101Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:17.754207185Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:17.760407917Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:17.762042513Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:17.771142102Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:17.773363233Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:17.77611923Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:17.778200193Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:17.780967545Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:17.78912571Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:17.791455364Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:17.798937101Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.801672392Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:17.811828206Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:17.818200424Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:17.819527852Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:17.826242081Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:17.827983913Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:17.830865555Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:17.833146428Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:17.835822619Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:17.844233451Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:17.84695133Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:17.862890102Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.865263042Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:17.874784486Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:17.881818113Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:17.883483117Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:17.890378059Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:17.892183553Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:17.895152378Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:17.897235811Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:17.905122314Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:17.914249212Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:17.916944537Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:17.923725226Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.926176011Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:17.935830488Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:17.940054441Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:17.941312854Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:17.946634289Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:17.947733154Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:17.949543442Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:17.951522281Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:17.953485083Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:17.959558129Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:17.962183114Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:17.972120089Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.995265747Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:18.009340121Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:18.014737967Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:18.015915989Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:18.018425164Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:18.019601626Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:18.021480371Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:18.023285236Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:18.028684198Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:18.035667367Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:18.037454189Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:18.042811773Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:18.044481814Z 59 PC: 12ae1 | Change current directory
2018-12-25T11:50:18.047768952Z 42 PC: 12ae7 | Get date 0x12ae7: cmp dl, 0x1d
0x12aea: jne 0x12b2b
0x12aec: cmp byte ptr ds:[bp + 0x660], 1
0x12af2: je 0x12b16
0x12af4: mov ah, 0x19
0x12af6: int 0x21
0x12af8: mov byte ptr ds:[bp + 0x6c3], al
0x12afd: cmp al, 2
0x12aff: je 0x12b07
0x12b01: mov ah, 0xe
0x12b03: mov dl, 2
0x12b05: int 0x21
0x12b07: mov ah, 0x3b
0x12b09: lea dx, word ptr [bp + 0x64d]
0x12b0d: int 0x21
0x12b0f: inc byte ptr ds:[bp + 0x660]
0x12b14: jae 0x12acc
0x12b16: mov ax, 0xb800
0x12b19: mov es, ax
0x12b1b: xor di, di
2018-12-25T11:50:18.049649055Z 37 PC: 12b3b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:18.050609923Z 14 PC: 12b45 | Set default drive (Drive = 'A')
2018-12-25T11:50:18.052062051Z 59 PC: 12b4d | Change current directory
2018-12-25T11:50:18.054710262Z 26 PC: 12b54 | Set disk transfer address

{"DateBased":true,"Day":29,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3843,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:17.615326468Z 53 PC: 12aa2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:17.616547993Z 37 PC: 12ab6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:17.617805001Z 26 PC: 12abe | Set disk transfer address
2018-12-25T11:50:17.618825612Z 71 PC: 12acc | Get current directory
2018-12-25T11:50:17.621398809Z 78 PC: 12ad7 | Find first file
2018-12-25T11:50:17.626456459Z 67 PC: 12b61 | Get or set file attributes
2018-12-25T11:50:17.641030819Z 61 PC: 12b67 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:17.652912679Z 87 PC: 12b6d | Get or set file date and time
2018-12-25T11:50:17.656013528Z 63 PC: 12b7a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:17.676543385Z 66 PC: 12c65 | Move file pointer
2018-12-25T11:50:17.678362104Z 64 PC: 12baa | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:17.683380693Z 66 PC: 12bb2 | Move file pointer
2018-12-25T11:50:17.685472495Z 64 PC: 12bc7 | Write file or device (Write 79 bytes on handle 5)
2018-12-25T11:50:17.689178339Z 64 PC: 12be0 | Write file or device (Write 1436 bytes on handle 5)
2018-12-25T11:50:17.717602399Z 87 PC: 12be7 | Get or set file date and time
2018-12-25T11:50:17.720256993Z 62 PC: 12beb | Close file
2018-12-25T11:50:17.729294738Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.732777244Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:17.744457556Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:17.753094423Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:17.755119634Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:17.763508536Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:17.765667903Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:17.768726608Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:17.771091983Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:17.774850471Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:17.783132802Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:17.785361495Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:17.790720361Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.79272142Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:17.810940801Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:17.81807214Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:17.82003196Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:17.828520478Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:17.830677867Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:17.834947075Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:17.837659568Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:17.842287412Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:17.85301514Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:17.855155226Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:17.864975239Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.868271076Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:17.879155976Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:17.887272172Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:17.889290072Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:17.896722047Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:17.899428887Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:17.90348921Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:17.905445781Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:17.909595303Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:17.919367674Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:17.921521923Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:17.931269945Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.93504885Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:17.946224549Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:17.954194832Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:17.957190397Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:17.964596183Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:17.966614179Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:17.971895246Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:17.973927042Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:17.977597751Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:17.988645762Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:17.990549225Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:17.99922239Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:18.003008843Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:18.014266826Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:18.021660222Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:18.024295144Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:18.031523593Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:18.033108862Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:18.037567223Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:18.040692901Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:18.050318457Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:18.060740941Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:18.06404006Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:18.072878372Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:18.076174242Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:18.088153715Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:18.096474936Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:18.098584512Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:18.109592493Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:18.112025766Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:18.115446392Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:18.117769575Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:18.12232769Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:18.132139388Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:18.134269056Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:18.144115892Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:18.147131374Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:18.15813187Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:18.166156054Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:18.167798992Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:18.171983646Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:18.174498534Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:18.177777029Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:18.179827405Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:18.190206364Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:18.199836917Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:18.201951769Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:18.211890919Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:18.215311847Z 59 PC: 12ae1 | Change current directory
2018-12-25T11:50:18.220331866Z 42 PC: 12ae7 | Get date 0x12ae7: cmp dl, 0x1d
0x12aea: jne 0x12b2b
0x12aec: cmp byte ptr ds:[bp + 0x660], 1
0x12af2: je 0x12b16
0x12af4: mov ah, 0x19
0x12af6: int 0x21
0x12af8: mov byte ptr ds:[bp + 0x6c3], al
0x12afd: cmp al, 2
0x12aff: je 0x12b07
0x12b01: mov ah, 0xe
0x12b03: mov dl, 2
0x12b05: int 0x21
0x12b07: mov ah, 0x3b
0x12b09: lea dx, word ptr [bp + 0x64d]
0x12b0d: int 0x21
0x12b0f: inc byte ptr ds:[bp + 0x660]
0x12b14: jae 0x12acc
0x12b16: mov ax, 0xb800
0x12b19: mov es, ax
0x12b1b: xor di, di
2018-12-25T11:50:18.223899605Z 25 PC: 12af8 | Get default drive
2018-12-25T11:50:18.225837041Z 14 PC: 12b07 | Set default drive (Drive = 'C')
2018-12-25T11:50:18.227624799Z 59 PC: 12b0f | Change current directory

{"DateBased":true,"Day":29,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3843,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:17.62866364Z 53 PC: 12aa2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:17.632652285Z 37 PC: 12ab6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:17.635185677Z 26 PC: 12abe | Set disk transfer address
2018-12-25T11:50:17.636548372Z 71 PC: 12acc | Get current directory
2018-12-25T11:50:17.639037147Z 78 PC: 12ad7 | Find first file
2018-12-25T11:50:17.64647241Z 67 PC: 12b61 | Get or set file attributes
2018-12-25T11:50:17.662367941Z 61 PC: 12b67 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:17.66993664Z 87 PC: 12b6d | Get or set file date and time
2018-12-25T11:50:17.673055595Z 63 PC: 12b7a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:17.6810341Z 66 PC: 12c65 | Move file pointer
2018-12-25T11:50:17.683235272Z 64 PC: 12baa | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:17.687766706Z 66 PC: 12bb2 | Move file pointer
2018-12-25T11:50:17.689975326Z 64 PC: 12bc7 | Write file or device (Write 79 bytes on handle 5)
2018-12-25T11:50:17.693731905Z 64 PC: 12be0 | Write file or device (Write 1436 bytes on handle 5)
2018-12-25T11:50:17.704876607Z 87 PC: 12be7 | Get or set file date and time
2018-12-25T11:50:17.707100811Z 62 PC: 12beb | Close file
2018-12-25T11:50:17.716007433Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.719418723Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:17.731514183Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:17.739094312Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:17.741100216Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:17.749723171Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:17.752850024Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:17.756243958Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:17.759461302Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:17.763255731Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:17.773150279Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:17.775988422Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:17.785271502Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.789385795Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:17.801224715Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:17.809873055Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:17.812904247Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:17.820966848Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:17.825925472Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:17.829453546Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:17.831554518Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:17.836076652Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:17.845755891Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:17.848047902Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:17.857602987Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.860847656Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:17.872752587Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:17.881109194Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:17.883778099Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:17.890946477Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:17.893145089Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:17.895908023Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:17.897346073Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:17.90071235Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:17.911257794Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:17.912943567Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:17.921515315Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.925833243Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:17.936931862Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:17.944706185Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:17.947473568Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:17.955265284Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:17.957113826Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:17.961526382Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:17.963425417Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:17.966929882Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:17.977106817Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:17.979273281Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:17.987924315Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:17.991793837Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:18.003783079Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:18.011227303Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:18.01340753Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:18.02173842Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:18.023650868Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:18.026908804Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:18.029449649Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:18.03891242Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:18.048751853Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:18.051751914Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:18.060714835Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:18.064028977Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:18.075840644Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:18.084345715Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:18.08612432Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:18.094446137Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:18.096661236Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:18.10009296Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:18.102394662Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:18.106954046Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:18.116808257Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:18.118965688Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:18.128829417Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:18.131853426Z 67 PC: 12b61 | Get or set file attributes (See above)
2018-12-25T11:50:18.143323834Z 61 PC: 12b67 | Open file (See above)
2018-12-25T11:50:18.152907413Z 87 PC: 12b6d | Get or set file date and time (See above)
2018-12-25T11:50:18.155161819Z 63 PC: 12b7a | Read file or device (See above)
2018-12-25T11:50:18.158542657Z 66 PC: 12c65 | Move file pointer (See above)
2018-12-25T11:50:18.161326907Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T11:50:18.164718771Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T11:50:18.166728806Z 64 PC: 12bc7 | Write file or device (See above)
2018-12-25T11:50:18.177355527Z 64 PC: 12be0 | Write file or device (See above)
2018-12-25T11:50:18.18998703Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T11:50:18.192136481Z 62 PC: 12beb | Close file (See above)
2018-12-25T11:50:18.201184128Z 79 PC: 12ad7 | Find next file (See above)
2018-12-25T11:50:18.205172941Z 59 PC: 12ae1 | Change current directory
2018-12-25T11:50:18.210144888Z 42 PC: 12ae7 | Get date 0x12ae7: cmp dl, 0x1d
0x12aea: jne 0x12b2b
0x12aec: cmp byte ptr ds:[bp + 0x660], 1
0x12af2: je 0x12b16
0x12af4: mov ah, 0x19
0x12af6: int 0x21
0x12af8: mov byte ptr ds:[bp + 0x6c3], al
0x12afd: cmp al, 2
0x12aff: je 0x12b07
0x12b01: mov ah, 0xe
0x12b03: mov dl, 2
0x12b05: int 0x21
0x12b07: mov ah, 0x3b
0x12b09: lea dx, word ptr [bp + 0x64d]
0x12b0d: int 0x21
0x12b0f: inc byte ptr ds:[bp + 0x660]
0x12b14: jae 0x12acc
0x12b16: mov ax, 0xb800
0x12b19: mov es, ax
0x12b1b: xor di, di
2018-12-25T11:50:18.212944147Z 25 PC: 12af8 | Get default drive
2018-12-25T11:50:18.215421987Z 14 PC: 12b07 | Set default drive (Drive = 'C')
2018-12-25T11:50:18.217204668Z 59 PC: 12b0f | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3843,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:17.931466653Z 37 PC: 12ad7 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:50:17.933128687Z 42 PC: 12adb | Get date 0x12adb: cmp al, 1
0x12add: jne 0x12ae7
0x12adf: dec al
0x12ae1: out 0xa0, al
0x12ae3: mov al, 0xb0
0x12ae5: out 0x41, al
0x12ae7: mov ax, cs
0x12ae9: mov ds, ax
0x12aeb: mov es, ax
0x12aed: pop ax
0x12aee: push cs
0x12aef: mov cx, 0x100
0x12af2: push cx
0x12af3: mov cx, word ptr [0xfe]
0x12af7: sub cx, 0x100
0x12afb: retf
0x12afc: int 0x20
0x12afe: nop
0x12aff: mov ax, 0xe000
0x12b02: mov ds, ax