Sample viewer

vx.netlux.org/Virus.DOS.Wit.Remor.592.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:24:17.711283618Z 26 PC: 12a71 | Set disk transfer address
2018-12-17T22:24:17.712958222Z 71 PC: 12a83 | Get current directory
2018-12-17T22:24:17.715740831Z 42 PC: 12a88 | Get date 0x12a88: cmp al, 0
0x12a8a: jne 0x12aa1
0x12a8c: push word ptr [0]
0x12a90: pop word ptr [0x155]
0x12a94: mov cx, 1
0x12a97: jcxz 0x12a9b
0x12a99: jmp 0x12aa1
0x12a9b: mov dx, 0x2e5
0x12a9e: call 0x12ac9
0x12aa1: cmp dh, 4
0x12aa4: jne 0x12aba
0x12aa6: cmp dl, 0xf
0x12aa9: jne 0x12aba
0x12aab: mov ax, 0x1010
0x12aae: out 0x70, ax
0x12ab0: mov dx, 0x2c7
0x12ab3: call 0x12ac9
0x12ab6: mov al, 0xfe
0x12ab8: out 0x64, al
0x12aba: mov ah, byte ptr [bp + 5]
2018-12-17T22:24:17.717822898Z 78 PC: 12ac4 | Find first file
2018-12-17T22:24:17.723978336Z 67 PC: 12add | Get or set file attributes
2018-12-17T22:24:17.729418568Z 67 PC: 12aeb | Get or set file attributes
2018-12-17T22:24:17.745577656Z 61 PC: 12af3 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:24:17.75734325Z 87 PC: 12b00 | Get or set file date and time
2018-12-17T22:24:17.758977039Z 63 PC: 12b1a | Read file or device (Read 592 bytes on handle 5)
2018-12-17T22:24:17.765538463Z 66 PC: 12b37 | Move file pointer
2018-12-17T22:24:17.767223291Z 66 PC: 12b55 | Move file pointer
2018-12-17T22:24:17.768876162Z 64 PC: 12b60 | Write file or device (Write 592 bytes on handle 5)
2018-12-17T22:24:17.777002659Z 66 PC: 12b6b | Move file pointer
2018-12-17T22:24:17.778501638Z 64 PC: 12b85 | Write file or device (Write 407 bytes on handle 5)
2018-12-17T22:24:17.781890327Z 87 PC: 12b94 | Get or set file date and time
2018-12-17T22:24:17.78325162Z 62 PC: 12b99 | Close file
2018-12-17T22:24:17.790486575Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:24:17.80039192Z 79 PC: 12ac4 | Find next file
2018-12-17T22:24:17.802045809Z 67 PC: 12add | Get or set file attributes
2018-12-17T22:24:17.805415399Z 67 PC: 12aeb | Get or set file attributes
2018-12-17T22:24:17.812308572Z 61 PC: 12af3 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:24:17.823485744Z 87 PC: 12b00 | Get or set file date and time
2018-12-17T22:24:17.824526713Z 63 PC: 12b1a | Read file or device (Read 592 bytes on handle 5)
2018-12-17T22:24:17.829426061Z 66 PC: 12b37 | Move file pointer
2018-12-17T22:24:17.830723568Z 66 PC: 12b55 | Move file pointer
2018-12-17T22:24:17.83187327Z 64 PC: 12b60 | Write file or device (Write 592 bytes on handle 5)
2018-12-17T22:24:17.840601641Z 66 PC: 12b6b | Move file pointer
2018-12-17T22:24:17.84203424Z 64 PC: 12b85 | Write file or device (Write 27 bytes on handle 5)
2018-12-17T22:24:17.844696287Z 87 PC: 12b94 | Get or set file date and time
2018-12-17T22:24:17.846484392Z 62 PC: 12b99 | Close file
2018-12-17T22:24:17.854592452Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:24:17.865696445Z 79 PC: 12ac4 | Find next file
2018-12-17T22:24:17.86818708Z 67 PC: 12add | Get or set file attributes
2018-12-17T22:24:17.874283861Z 67 PC: 12aeb | Get or set file attributes
2018-12-17T22:24:17.883894426Z 61 PC: 12af3 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:24:17.894951422Z 87 PC: 12b00 | Get or set file date and time
2018-12-17T22:24:17.897042043Z 63 PC: 12b1a | Read file or device (Read 592 bytes on handle 5)
2018-12-17T22:24:17.903884915Z 66 PC: 12b37 | Move file pointer
2018-12-17T22:24:17.905636869Z 66 PC: 12b55 | Move file pointer
2018-12-17T22:24:17.907873769Z 64 PC: 12b60 | Write file or device (Write 592 bytes on handle 5)
2018-12-17T22:24:17.916078796Z 66 PC: 12b6b | Move file pointer
2018-12-17T22:24:17.917890004Z 64 PC: 12b85 | Write file or device (Write 92 bytes on handle 5)
2018-12-17T22:24:17.921665247Z 87 PC: 12b94 | Get or set file date and time
2018-12-17T22:24:17.923230462Z 62 PC: 12b99 | Close file
2018-12-17T22:24:17.93089807Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:24:17.941304199Z 79 PC: 12ac4 | Find next file
2018-12-17T22:24:17.944013909Z 67 PC: 12add | Get or set file attributes
2018-12-17T22:24:17.949638948Z 67 PC: 12aeb | Get or set file attributes
2018-12-17T22:24:17.959434945Z 61 PC: 12af3 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:24:17.971552361Z 87 PC: 12b00 | Get or set file date and time
2018-12-17T22:24:17.972821322Z 63 PC: 12b1a | Read file or device (Read 592 bytes on handle 5)
2018-12-17T22:24:17.979102935Z 66 PC: 12b37 | Move file pointer
2018-12-17T22:24:17.980816042Z 66 PC: 12b55 | Move file pointer
2018-12-17T22:24:17.98204292Z 64 PC: 12b60 | Write file or device (Write 592 bytes on handle 5)
2018-12-17T22:24:17.989906315Z 66 PC: 12b6b | Move file pointer
2018-12-17T22:24:18.001853422Z 64 PC: 12b85 | Write file or device (Write 29 bytes on handle 5)
2018-12-17T22:24:18.004545669Z 87 PC: 12b94 | Get or set file date and time
2018-12-17T22:24:18.005989315Z 62 PC: 12b99 | Close file
2018-12-17T22:24:18.014633218Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:24:18.024576697Z 79 PC: 12ac4 | Find next file
2018-12-17T22:24:18.027443821Z 67 PC: 12add | Get or set file attributes
2018-12-17T22:24:18.034106439Z 67 PC: 12aeb | Get or set file attributes
2018-12-17T22:24:18.043928544Z 61 PC: 12af3 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:24:18.051061462Z 87 PC: 12b00 | Get or set file date and time
2018-12-17T22:24:18.053364862Z 63 PC: 12b1a | Read file or device (Read 592 bytes on handle 5)
2018-12-17T22:24:18.059522315Z 66 PC: 12b37 | Move file pointer
2018-12-17T22:24:18.060904931Z 66 PC: 12b55 | Move file pointer
2018-12-17T22:24:18.063215091Z 64 PC: 12b60 | Write file or device (Write 592 bytes on handle 5)
2018-12-17T22:24:18.071082532Z 66 PC: 12b6b | Move file pointer
2018-12-17T22:24:18.073205168Z 64 PC: 12b85 | Write file or device (Write 29 bytes on handle 5)
2018-12-17T22:24:18.076419845Z 87 PC: 12b94 | Get or set file date and time
2018-12-17T22:24:18.077815842Z 62 PC: 12b99 | Close file
2018-12-17T22:24:18.085330674Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:24:18.096372647Z 79 PC: 12ac4 | Find next file
2018-12-17T22:24:18.098954591Z 67 PC: 12add | Get or set file attributes
2018-12-17T22:24:18.104830614Z 67 PC: 12aeb | Get or set file attributes
2018-12-17T22:24:18.115197335Z 61 PC: 12af3 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:24:18.121886681Z 87 PC: 12b00 | Get or set file date and time
2018-12-17T22:24:18.12357636Z 63 PC: 12b1a | Read file or device (Read 592 bytes on handle 5)
2018-12-17T22:24:18.130237495Z 66 PC: 12b37 | Move file pointer
2018-12-17T22:24:18.131944554Z 66 PC: 12b55 | Move file pointer
2018-12-17T22:24:18.133034505Z 64 PC: 12b60 | Write file or device (Write 592 bytes on handle 5)
2018-12-17T22:24:18.139133604Z 66 PC: 12b6b | Move file pointer
2018-12-17T22:24:18.140842023Z 64 PC: 12b85 | Write file or device (Write 501 bytes on handle 5)
2018-12-17T22:24:18.148700191Z 87 PC: 12b94 | Get or set file date and time
2018-12-17T22:24:18.150830028Z 62 PC: 12b99 | Close file
2018-12-17T22:24:18.158138752Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:24:18.167629425Z 79 PC: 12ac4 | Find next file
2018-12-17T22:24:18.170285896Z 67 PC: 12add | Get or set file attributes
2018-12-17T22:24:18.176711254Z 67 PC: 12aeb | Get or set file attributes
2018-12-17T22:24:18.186816881Z 61 PC: 12af3 | Open file (Filename = 'PAH.COM')
2018-12-17T22:24:18.193707658Z 87 PC: 12b00 | Get or set file date and time
2018-12-17T22:24:18.196091661Z 63 PC: 12b1a | Read file or device (Read 592 bytes on handle 5)
2018-12-17T22:24:18.202586807Z 66 PC: 12b37 | Move file pointer
2018-12-17T22:24:18.204221833Z 66 PC: 12b55 | Move file pointer
2018-12-17T22:24:18.206504447Z 64 PC: 12b60 | Write file or device (Write 592 bytes on handle 5)
2018-12-17T22:24:18.214317965Z 66 PC: 12b6b | Move file pointer
2018-12-17T22:24:18.21568949Z 64 PC: 12b85 | Write file or device (Write 29 bytes on handle 5)
2018-12-17T22:24:18.222920453Z 87 PC: 12b94 | Get or set file date and time
2018-12-17T22:24:18.224316156Z 62 PC: 12b99 | Close file
2018-12-17T22:24:18.233162182Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:24:18.243568616Z 79 PC: 12ac4 | Find next file
2018-12-17T22:24:18.245965257Z 59 PC: 12bc3 | Change current directory
2018-12-17T22:24:18.250586087Z 26 PC: 12bdf | Set disk transfer address
2018-12-17T22:24:18.25253524Z 59 PC: 12bea | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4280,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:23.880557936Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T11:51:23.882897768Z 71 PC: 12a83 | Get current directory
2018-12-25T11:51:23.886759192Z 42 PC: 12a88 | Get date 0x12a88: cmp al, 0
0x12a8a: jne 0x12aa1
0x12a8c: push word ptr [0]
0x12a90: pop word ptr [0x155]
0x12a94: mov cx, 1
0x12a97: jcxz 0x12a9b
0x12a99: jmp 0x12aa1
0x12a9b: mov dx, 0x2e5
0x12a9e: call 0x12ac9
0x12aa1: cmp dh, 4
0x12aa4: jne 0x12aba
0x12aa6: cmp dl, 0xf
0x12aa9: jne 0x12aba
0x12aab: mov ax, 0x1010
0x12aae: out 0x70, ax
0x12ab0: mov dx, 0x2c7
0x12ab3: call 0x12ac9
0x12ab6: mov al, 0xfe
0x12ab8: out 0x64, al
0x12aba: mov ah, byte ptr [bp + 5]
2018-12-25T11:51:23.889500554Z 78 PC: 12ac4 | Find first file
2018-12-25T11:51:23.89652112Z 67 PC: 12add | Get or set file attributes
2018-12-25T11:51:23.909865202Z 67 PC: 12aeb | Get or set file attributes
2018-12-25T11:51:23.928079188Z 61 PC: 12af3 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:23.936014968Z 87 PC: 12b00 | Get or set file date and time
2018-12-25T11:51:23.938839296Z 63 PC: 12b1a | Read file or device (Read 592 bytes on handle 5)
2018-12-25T11:51:23.946355308Z 66 PC: 12b37 | Move file pointer
2018-12-25T11:51:23.948332054Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:51:23.951190166Z 64 PC: 12b60 | Write file or device (Write 592 bytes on handle 5)
2018-12-25T11:51:23.96062781Z 66 PC: 12b6b | Move file pointer
2018-12-25T11:51:23.962814012Z 64 PC: 12b85 | Write file or device (Write 407 bytes on handle 5)
2018-12-25T11:51:23.96614569Z 87 PC: 12b94 | Get or set file date and time
2018-12-25T11:51:23.968980779Z 62 PC: 12b99 | Close file
2018-12-25T11:51:23.980928532Z 67 PC: 12ba8 | Get or set file attributes
2018-12-25T11:51:23.990141498Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:23.998629391Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.005910463Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.017690771Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.026019367Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.027590678Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.035295346Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.045009394Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.046965954Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.056383142Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.058832875Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.063566657Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.065718785Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.074881581Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.087701927Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.09101504Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.097808313Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.110181176Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.118136342Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.120254757Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.12941091Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.131553632Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.13363307Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.144068888Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.146616283Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.150069988Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.152904827Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.161882793Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.172916914Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.176590141Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.184331938Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.196055099Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.203806856Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.206773386Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.213978467Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.215975415Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.218563733Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.227855723Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.229811129Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.233317101Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.235775815Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.244665272Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.256325271Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.260173399Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.267556544Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.279513232Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.287327727Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.28950635Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.29724752Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.299303163Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.300778654Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.309712248Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.311930787Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.314805453Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.316370676Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.325936361Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.333036364Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.335934212Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.342898193Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.353670943Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.361280445Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.364115468Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.372033984Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.374041411Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.376365102Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.386029123Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.388191512Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.398499314Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.400408998Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.409193361Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.42034145Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.424041895Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.430924038Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.442266737Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.457182204Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.459022867Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.466254399Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.468705842Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.470846613Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.480184716Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.482863828Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.486264735Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.488382724Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.498963242Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.510212898Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.513316415Z 59 PC: 12bc3 | Change current directory
2018-12-25T11:51:24.519854627Z 26 PC: 12bdf | Set disk transfer address
2018-12-25T11:51:24.521875808Z 59 PC: 12bea | Change current directory

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4280,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:23.87423377Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T11:51:23.876806298Z 71 PC: 12a83 | Get current directory
2018-12-25T11:51:23.880419228Z 42 PC: 12a88 | Get date 0x12a88: cmp al, 0
0x12a8a: jne 0x12aa1
0x12a8c: push word ptr [0]
0x12a90: pop word ptr [0x155]
0x12a94: mov cx, 1
0x12a97: jcxz 0x12a9b
0x12a99: jmp 0x12aa1
0x12a9b: mov dx, 0x2e5
0x12a9e: call 0x12ac9
0x12aa1: cmp dh, 4
0x12aa4: jne 0x12aba
0x12aa6: cmp dl, 0xf
0x12aa9: jne 0x12aba
0x12aab: mov ax, 0x1010
0x12aae: out 0x70, ax
0x12ab0: mov dx, 0x2c7
0x12ab3: call 0x12ac9
0x12ab6: mov al, 0xfe
0x12ab8: out 0x64, al
0x12aba: mov ah, byte ptr [bp + 5]
2018-12-25T11:51:23.883266601Z 78 PC: 12ac4 | Find first file
2018-12-25T11:51:23.89018398Z 67 PC: 12add | Get or set file attributes
2018-12-25T11:51:23.89706905Z 67 PC: 12aeb | Get or set file attributes
2018-12-25T11:51:23.914365282Z 61 PC: 12af3 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:23.930530454Z 87 PC: 12b00 | Get or set file date and time
2018-12-25T11:51:23.933779306Z 63 PC: 12b1a | Read file or device (Read 592 bytes on handle 5)
2018-12-25T11:51:23.943008586Z 66 PC: 12b37 | Move file pointer
2018-12-25T11:51:23.944972353Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:51:23.94786071Z 64 PC: 12b60 | Write file or device (Write 592 bytes on handle 5)
2018-12-25T11:51:23.957096287Z 66 PC: 12b6b | Move file pointer
2018-12-25T11:51:23.958787788Z 64 PC: 12b85 | Write file or device (Write 407 bytes on handle 5)
2018-12-25T11:51:23.962985463Z 87 PC: 12b94 | Get or set file date and time
2018-12-25T11:51:23.964636835Z 62 PC: 12b99 | Close file
2018-12-25T11:51:23.984346522Z 67 PC: 12ba8 | Get or set file attributes
2018-12-25T11:51:23.995022489Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:23.997854448Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.002004842Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.011052588Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.017014122Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.018332409Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.02324111Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.025334508Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.026625686Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.032800489Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.034526507Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.03668531Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.037973114Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.044467565Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.051229516Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.054196177Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.059816899Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.068578014Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.079912303Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.081528321Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.086282762Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.087961575Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.089697448Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.099288874Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.101441187Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.105924925Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.10977145Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.120890841Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.140492737Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.144509393Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.152109325Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.164787914Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.17421897Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.176762218Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.184399386Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.187211563Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.188841158Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.19796435Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.199822794Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.20413665Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.206195217Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.215124565Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.227500691Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.230789459Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.237833554Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.250237375Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.257901154Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.259636937Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.267751577Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.269760627Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.271673005Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.282990937Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.284652131Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.288042583Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.290340148Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.300392493Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.311970848Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.315263196Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.323483841Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.335152145Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.342868274Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.344712383Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.352286595Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.353734163Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.355640896Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.364474423Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.366017897Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.375473699Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.377044462Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.385408288Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.397157633Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.400782237Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.407448383Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.419156843Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.427527009Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.42930967Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.436514602Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.439392053Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.441338652Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.450686296Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.453178099Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.456291014Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.458026019Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.467385343Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.479043879Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.482274987Z 59 PC: 12bc3 | Change current directory
2018-12-25T11:51:24.487605627Z 26 PC: 12bdf | Set disk transfer address
2018-12-25T11:51:24.490158703Z 59 PC: 12bea | Change current directory

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4280,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:24.096613906Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T11:51:24.098175524Z 71 PC: 12a83 | Get current directory
2018-12-25T11:51:24.101951191Z 42 PC: 12a88 | Get date 0x12a88: cmp al, 0
0x12a8a: jne 0x12aa1
0x12a8c: push word ptr [0]
0x12a90: pop word ptr [0x155]
0x12a94: mov cx, 1
0x12a97: jcxz 0x12a9b
0x12a99: jmp 0x12aa1
0x12a9b: mov dx, 0x2e5
0x12a9e: call 0x12ac9
0x12aa1: cmp dh, 4
0x12aa4: jne 0x12aba
0x12aa6: cmp dl, 0xf
0x12aa9: jne 0x12aba
0x12aab: mov ax, 0x1010
0x12aae: out 0x70, ax
0x12ab0: mov dx, 0x2c7
0x12ab3: call 0x12ac9
0x12ab6: mov al, 0xfe
0x12ab8: out 0x64, al
0x12aba: mov ah, byte ptr [bp + 5]
2018-12-25T11:51:24.10425443Z 78 PC: 12ac4 | Find first file
2018-12-25T11:51:24.112214343Z 67 PC: 12add | Get or set file attributes
2018-12-25T11:51:24.118457592Z 67 PC: 12aeb | Get or set file attributes
2018-12-25T11:51:24.139344219Z 61 PC: 12af3 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:24.148279624Z 87 PC: 12b00 | Get or set file date and time
2018-12-25T11:51:24.149827623Z 63 PC: 12b1a | Read file or device (Read 592 bytes on handle 5)
2018-12-25T11:51:24.156876644Z 66 PC: 12b37 | Move file pointer
2018-12-25T11:51:24.158540534Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:51:24.160331792Z 64 PC: 12b60 | Write file or device (Write 592 bytes on handle 5)
2018-12-25T11:51:24.171007486Z 66 PC: 12b6b | Move file pointer
2018-12-25T11:51:24.173778365Z 64 PC: 12b85 | Write file or device (Write 407 bytes on handle 5)
2018-12-25T11:51:24.177760135Z 87 PC: 12b94 | Get or set file date and time
2018-12-25T11:51:24.179872496Z 62 PC: 12b99 | Close file
2018-12-25T11:51:24.189689572Z 67 PC: 12ba8 | Get or set file attributes
2018-12-25T11:51:24.201522428Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.20457588Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.211292037Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.22378316Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.245257305Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.247962272Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.256339851Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.257950306Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.264180814Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.273723444Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.275354038Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.278259114Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.280365845Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.289235668Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.300214047Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.304473923Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.310827037Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.321861826Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.329683497Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.332218989Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.339545034Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.34157503Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.344633882Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.354006431Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.356081423Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.360152718Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.362228091Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.368235856Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.375653812Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.377808874Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.381659296Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.389449778Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.393963073Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.395552456Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.402048734Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.403407457Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.404833595Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.412649728Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.415491769Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.418894866Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.421124459Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.429983969Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.438639485Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.440736065Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.44548223Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.452058625Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.456804756Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.458881722Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.467891462Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.46953754Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.471961989Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.480989145Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.48321291Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.48578357Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.487230397Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.492534349Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.503332127Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.508328933Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.514711862Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.526176404Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.534896064Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.536961188Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.543717659Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.5466338Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.548935554Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.558110218Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.560432252Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.568484157Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.569776425Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.575355292Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.58309928Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.585312605Z 67 PC: 12add | Get or set file attributes (See above)
2018-12-25T11:51:24.589764359Z 67 PC: 12aeb | Get or set file attributes (See above)
2018-12-25T11:51:24.598055342Z 61 PC: 12af3 | Open file (See above)
2018-12-25T11:51:24.603203319Z 87 PC: 12b00 | Get or set file date and time (See above)
2018-12-25T11:51:24.60514222Z 63 PC: 12b1a | Read file or device (See above)
2018-12-25T11:51:24.613697532Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T11:51:24.615590419Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:51:24.617062729Z 64 PC: 12b60 | Write file or device (See above)
2018-12-25T11:51:24.624383375Z 66 PC: 12b6b | Move file pointer (See above)
2018-12-25T11:51:24.625732094Z 64 PC: 12b85 | Write file or device (See above)
2018-12-25T11:51:24.627848919Z 87 PC: 12b94 | Get or set file date and time (See above)
2018-12-25T11:51:24.629706236Z 62 PC: 12b99 | Close file (See above)
2018-12-25T11:51:24.635209448Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T11:51:24.644138233Z 79 PC: 12ac4 | Find next file (See above)
2018-12-25T11:51:24.646054419Z 59 PC: 12bc3 | Change current directory
2018-12-25T11:51:24.649406432Z 26 PC: 12bdf | Set disk transfer address
2018-12-25T11:51:24.650448116Z 59 PC: 12bea | Change current directory

{"DateBased":true,"Day":15,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4280,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:24.109839687Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T11:51:24.111246083Z 71 PC: 12a83 | Get current directory
2018-12-25T11:51:24.113760587Z 42 PC: 12a88 | Get date 0x12a88: cmp al, 0
0x12a8a: jne 0x12aa1
0x12a8c: push word ptr [0]
0x12a90: pop word ptr [0x155]
0x12a94: mov cx, 1
0x12a97: jcxz 0x12a9b
0x12a99: jmp 0x12aa1
0x12a9b: mov dx, 0x2e5
0x12a9e: call 0x12ac9
0x12aa1: cmp dh, 4
0x12aa4: jne 0x12aba
0x12aa6: cmp dl, 0xf
0x12aa9: jne 0x12aba
0x12aab: mov ax, 0x1010
0x12aae: out 0x70, ax
0x12ab0: mov dx, 0x2c7
0x12ab3: call 0x12ac9
0x12ab6: mov al, 0xfe
0x12ab8: out 0x64, al
0x12aba: mov ah, byte ptr [bp + 5]
2018-12-25T11:51:24.115625277Z 9 PC: 12acd | Display string (String= '��ࠡ���� - rulez forever ! ')
2018-12-25T11:51:24.119900234Z 8 PC: 12ad1 | Console input without echo