Sample viewer

vx.netlux.org/Virus.DOS.Wit.543

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:29:27.935039961Z 26 PC: 12a71 | Set disk transfer address
2018-12-17T22:29:27.937083227Z 71 PC: 12a83 | Get current directory
2018-12-17T22:29:27.941496922Z 42 PC: 12a88 | Get date 0x12a88: cmp al, 0
0x12a8a: jne 0x12a9f
0x12a8c: mov word ptr [0x153], 0
0x12a92: mov cx, 1
0x12a95: jcxz 0x12a99
0x12a97: jmp 0x12a9f
0x12a99: mov dx, 0x2e4
0x12a9c: call 0x12ac7
0x12a9f: cmp dh, 4
0x12aa2: jne 0x12ab8
0x12aa4: cmp dl, 0xf
0x12aa7: jne 0x12ab8
0x12aa9: mov ax, 0x1010
0x12aac: out 0x70, ax
0x12aae: mov dx, 0x2c6
0x12ab1: call 0x12ac7
0x12ab4: mov al, 0xfe
0x12ab6: out 0x64, al
0x12ab8: mov ah, byte ptr [bp + 5]
0x12abb: mov cl, 7
2018-12-17T22:29:27.944443258Z 78 PC: 12ac2 | Find first file
2018-12-17T22:29:27.952708389Z 67 PC: 12adb | Get or set file attributes
2018-12-17T22:29:27.959537023Z 67 PC: 12ae9 | Get or set file attributes
2018-12-17T22:29:27.976763619Z 61 PC: 12af1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:29:27.991031047Z 87 PC: 12afe | Get or set file date and time
2018-12-17T22:29:27.993914351Z 63 PC: 12b19 | Read file or device (Read 591 bytes on handle 5)
2018-12-17T22:29:28.001992337Z 66 PC: 12b36 | Move file pointer
2018-12-17T22:29:28.004517812Z 66 PC: 12b53 | Move file pointer
2018-12-17T22:29:28.007055358Z 64 PC: 12b5f | Write file or device (Write 591 bytes on handle 5)
2018-12-17T22:29:28.016329312Z 66 PC: 12b6a | Move file pointer
2018-12-17T22:29:28.018616707Z 64 PC: 12b84 | Write file or device (Write 407 bytes on handle 5)
2018-12-17T22:29:28.022503521Z 87 PC: 12b93 | Get or set file date and time
2018-12-17T22:29:28.023720472Z 62 PC: 12b98 | Close file
2018-12-17T22:29:28.028819076Z 67 PC: 12ba7 | Get or set file attributes
2018-12-17T22:29:28.046389029Z 79 PC: 12ac2 | Find next file
2018-12-17T22:29:28.061687819Z 67 PC: 12adb | Get or set file attributes
2018-12-17T22:29:28.069073932Z 67 PC: 12ae9 | Get or set file attributes
2018-12-17T22:29:28.081255366Z 61 PC: 12af1 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:29:28.089452164Z 87 PC: 12afe | Get or set file date and time
2018-12-17T22:29:28.091407008Z 63 PC: 12b19 | Read file or device (Read 591 bytes on handle 5)
2018-12-17T22:29:28.098885721Z 66 PC: 12b36 | Move file pointer
2018-12-17T22:29:28.101223255Z 66 PC: 12b53 | Move file pointer
2018-12-17T22:29:28.103179582Z 64 PC: 12b5f | Write file or device (Write 591 bytes on handle 5)
2018-12-17T22:29:28.112383506Z 66 PC: 12b6a | Move file pointer
2018-12-17T22:29:28.115547449Z 64 PC: 12b84 | Write file or device (Write 27 bytes on handle 5)
2018-12-17T22:29:28.118945073Z 87 PC: 12b93 | Get or set file date and time
2018-12-17T22:29:28.121027964Z 62 PC: 12b98 | Close file
2018-12-17T22:29:28.131338555Z 67 PC: 12ba7 | Get or set file attributes
2018-12-17T22:29:28.143311313Z 79 PC: 12ac2 | Find next file
2018-12-17T22:29:28.146699958Z 67 PC: 12adb | Get or set file attributes
2018-12-17T22:29:28.153946841Z 67 PC: 12ae9 | Get or set file attributes
2018-12-17T22:29:28.165099366Z 61 PC: 12af1 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:29:28.172882587Z 87 PC: 12afe | Get or set file date and time
2018-12-17T22:29:28.175883557Z 63 PC: 12b19 | Read file or device (Read 591 bytes on handle 5)
2018-12-17T22:29:28.183147021Z 66 PC: 12b36 | Move file pointer
2018-12-17T22:29:28.185064248Z 66 PC: 12b53 | Move file pointer
2018-12-17T22:29:28.187155868Z 64 PC: 12b5f | Write file or device (Write 591 bytes on handle 5)
2018-12-17T22:29:28.196812718Z 66 PC: 12b6a | Move file pointer
2018-12-17T22:29:28.198497763Z 64 PC: 12b84 | Write file or device (Write 92 bytes on handle 5)
2018-12-17T22:29:28.20144625Z 87 PC: 12b93 | Get or set file date and time
2018-12-17T22:29:28.204017194Z 62 PC: 12b98 | Close file
2018-12-17T22:29:28.212874617Z 67 PC: 12ba7 | Get or set file attributes
2018-12-17T22:29:28.224423574Z 79 PC: 12ac2 | Find next file
2018-12-17T22:29:28.228138037Z 67 PC: 12adb | Get or set file attributes
2018-12-17T22:29:28.234789775Z 67 PC: 12ae9 | Get or set file attributes
2018-12-17T22:29:28.245808594Z 61 PC: 12af1 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:29:28.259827142Z 87 PC: 12afe | Get or set file date and time
2018-12-17T22:29:28.261305869Z 63 PC: 12b19 | Read file or device (Read 591 bytes on handle 5)
2018-12-17T22:29:28.268381989Z 66 PC: 12b36 | Move file pointer
2018-12-17T22:29:28.270618918Z 66 PC: 12b53 | Move file pointer
2018-12-17T22:29:28.2725224Z 64 PC: 12b5f | Write file or device (Write 591 bytes on handle 5)
2018-12-17T22:29:28.285756091Z 66 PC: 12b6a | Move file pointer
2018-12-17T22:29:28.288547846Z 64 PC: 12b84 | Write file or device (Write 29 bytes on handle 5)
2018-12-17T22:29:28.291819932Z 87 PC: 12b93 | Get or set file date and time
2018-12-17T22:29:28.293862613Z 62 PC: 12b98 | Close file
2018-12-17T22:29:28.303836581Z 67 PC: 12ba7 | Get or set file attributes
2018-12-17T22:29:28.314795679Z 79 PC: 12ac2 | Find next file
2018-12-17T22:29:28.318101674Z 67 PC: 12adb | Get or set file attributes
2018-12-17T22:29:28.3257655Z 67 PC: 12ae9 | Get or set file attributes
2018-12-17T22:29:28.339937717Z 61 PC: 12af1 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:29:28.347735373Z 87 PC: 12afe | Get or set file date and time
2018-12-17T22:29:28.349663346Z 63 PC: 12b19 | Read file or device (Read 591 bytes on handle 5)
2018-12-17T22:29:28.358176486Z 66 PC: 12b36 | Move file pointer
2018-12-17T22:29:28.360088294Z 66 PC: 12b53 | Move file pointer
2018-12-17T22:29:28.361930984Z 64 PC: 12b5f | Write file or device (Write 591 bytes on handle 5)
2018-12-17T22:29:28.371993763Z 66 PC: 12b6a | Move file pointer
2018-12-17T22:29:28.374354737Z 64 PC: 12b84 | Write file or device (Write 29 bytes on handle 5)
2018-12-17T22:29:28.37765369Z 87 PC: 12b93 | Get or set file date and time
2018-12-17T22:29:28.380455408Z 62 PC: 12b98 | Close file
2018-12-17T22:29:28.39049216Z 67 PC: 12ba7 | Get or set file attributes
2018-12-17T22:29:28.401647086Z 79 PC: 12ac2 | Find next file
2018-12-17T22:29:28.405109708Z 67 PC: 12adb | Get or set file attributes
2018-12-17T22:29:28.412437555Z 67 PC: 12ae9 | Get or set file attributes
2018-12-17T22:29:28.423608427Z 61 PC: 12af1 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:29:28.43131358Z 87 PC: 12afe | Get or set file date and time
2018-12-17T22:29:28.433583729Z 63 PC: 12b19 | Read file or device (Read 591 bytes on handle 5)
2018-12-17T22:29:28.440989075Z 66 PC: 12b36 | Move file pointer
2018-12-17T22:29:28.442940746Z 66 PC: 12b53 | Move file pointer
2018-12-17T22:29:28.445775057Z 64 PC: 12b5f | Write file or device (Write 591 bytes on handle 5)
2018-12-17T22:29:28.455435664Z 66 PC: 12b6a | Move file pointer
2018-12-17T22:29:28.457627184Z 64 PC: 12b84 | Write file or device (Write 501 bytes on handle 5)
2018-12-17T22:29:28.467927832Z 87 PC: 12b93 | Get or set file date and time
2018-12-17T22:29:28.470260476Z 62 PC: 12b98 | Close file
2018-12-17T22:29:28.479487987Z 67 PC: 12ba7 | Get or set file attributes
2018-12-17T22:29:28.491695665Z 79 PC: 12ac2 | Find next file
2018-12-17T22:29:28.495214014Z 67 PC: 12adb | Get or set file attributes
2018-12-17T22:29:28.502097465Z 67 PC: 12ae9 | Get or set file attributes
2018-12-17T22:29:28.513550476Z 61 PC: 12af1 | Open file (Filename = 'PAH.COM')
2018-12-17T22:29:28.522115423Z 87 PC: 12afe | Get or set file date and time
2018-12-17T22:29:28.524031329Z 63 PC: 12b19 | Read file or device (Read 591 bytes on handle 5)
2018-12-17T22:29:28.550876757Z 66 PC: 12b36 | Move file pointer
2018-12-17T22:29:28.552813205Z 66 PC: 12b53 | Move file pointer
2018-12-17T22:29:28.556308255Z 64 PC: 12b5f | Write file or device (Write 591 bytes on handle 5)
2018-12-17T22:29:28.565608692Z 66 PC: 12b6a | Move file pointer
2018-12-17T22:29:28.568457239Z 64 PC: 12b84 | Write file or device (Write 29 bytes on handle 5)
2018-12-17T22:29:28.571763307Z 87 PC: 12b93 | Get or set file date and time
2018-12-17T22:29:28.573783649Z 62 PC: 12b98 | Close file
2018-12-17T22:29:28.58345037Z 67 PC: 12ba7 | Get or set file attributes
2018-12-17T22:29:28.594614542Z 79 PC: 12ac2 | Find next file
2018-12-17T22:29:28.597909839Z 67 PC: 12adb | Get or set file attributes
2018-12-17T22:29:28.603071592Z 67 PC: 12ae9 | Get or set file attributes
2018-12-17T22:29:28.614403124Z 61 PC: 12af1 | Open file (Filename = 'TEST.COM')
2018-12-17T22:29:28.622463828Z 87 PC: 12afe | Get or set file date and time
2018-12-17T22:29:28.624865223Z 63 PC: 12b19 | Read file or device (Read 591 bytes on handle 5)
2018-12-17T22:29:28.632971673Z 87 PC: 12b93 | Get or set file date and time
2018-12-17T22:29:28.634998824Z 62 PC: 12b98 | Close file
2018-12-17T22:29:28.647072165Z 67 PC: 12ba7 | Get or set file attributes
2018-12-17T22:29:28.661959344Z 79 PC: 12ac2 | Find next file
2018-12-17T22:29:28.664760723Z 59 PC: 12bc2 | Change current directory
2018-12-17T22:29:28.6698881Z 26 PC: 12bde | Set disk transfer address
2018-12-17T22:29:28.671484679Z 59 PC: 12be9 | Change current directory

{"DateBased":true,"Day":15,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5261,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:03.39926698Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T11:54:03.400601804Z 71 PC: 12a83 | Get current directory
2018-12-25T11:54:03.40325227Z 42 PC: 12a88 | Get date 0x12a88: cmp al, 0
0x12a8a: jne 0x12a9f
0x12a8c: mov word ptr [0x153], 0
0x12a92: mov cx, 1
0x12a95: jcxz 0x12a99
0x12a97: jmp 0x12a9f
0x12a99: mov dx, 0x2e4
0x12a9c: call 0x12ac7
0x12a9f: cmp dh, 4
0x12aa2: jne 0x12ab8
0x12aa4: cmp dl, 0xf
0x12aa7: jne 0x12ab8
0x12aa9: mov ax, 0x1010
0x12aac: out 0x70, ax
0x12aae: mov dx, 0x2c6
0x12ab1: call 0x12ac7
0x12ab4: mov al, 0xfe
0x12ab6: out 0x64, al
0x12ab8: mov ah, byte ptr [bp + 5]
0x12abb: mov cl, 7
2018-12-25T11:54:03.405162147Z 9 PC: 12acb | Display string (String= '��ࠡ���� - rulez forever ! ')
2018-12-25T11:54:03.409133549Z 8 PC: 12acf | Console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5261,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:03.425806969Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T11:54:03.427316584Z 71 PC: 12a83 | Get current directory
2018-12-25T11:54:03.430301723Z 42 PC: 12a88 | Get date 0x12a88: cmp al, 0
0x12a8a: jne 0x12a9f
0x12a8c: mov word ptr [0x153], 0
0x12a92: mov cx, 1
0x12a95: jcxz 0x12a99
0x12a97: jmp 0x12a9f
0x12a99: mov dx, 0x2e4
0x12a9c: call 0x12ac7
0x12a9f: cmp dh, 4
0x12aa2: jne 0x12ab8
0x12aa4: cmp dl, 0xf
0x12aa7: jne 0x12ab8
0x12aa9: mov ax, 0x1010
0x12aac: out 0x70, ax
0x12aae: mov dx, 0x2c6
0x12ab1: call 0x12ac7
0x12ab4: mov al, 0xfe
0x12ab6: out 0x64, al
0x12ab8: mov ah, byte ptr [bp + 5]
0x12abb: mov cl, 7
2018-12-25T11:54:03.432575219Z 78 PC: 12ac2 | Find first file
2018-12-25T11:54:03.439833428Z 67 PC: 12adb | Get or set file attributes
2018-12-25T11:54:03.450086921Z 67 PC: 12ae9 | Get or set file attributes
2018-12-25T11:54:03.699482333Z 61 PC: 12af1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:03.706451569Z 87 PC: 12afe | Get or set file date and time
2018-12-25T11:54:03.708226291Z 63 PC: 12b19 | Read file or device (Read 591 bytes on handle 5)
2018-12-25T11:54:03.715363784Z 66 PC: 12b36 | Move file pointer
2018-12-25T11:54:03.717059783Z 66 PC: 12b53 | Move file pointer
2018-12-25T11:54:03.718705204Z 64 PC: 12b5f | Write file or device (Write 591 bytes on handle 5)
2018-12-25T11:54:03.727581648Z 66 PC: 12b6a | Move file pointer
2018-12-25T11:54:03.729311193Z 64 PC: 12b84 | Write file or device (Write 407 bytes on handle 5)
2018-12-25T11:54:03.732235317Z 87 PC: 12b93 | Get or set file date and time
2018-12-25T11:54:03.740568843Z 62 PC: 12b98 | Close file
2018-12-25T11:54:03.748531903Z 67 PC: 12ba7 | Get or set file attributes
2018-12-25T11:54:03.759145807Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:03.763451389Z 67 PC: 12adb | Get or set file attributes (See above)
2018-12-25T11:54:03.769678654Z 67 PC: 12ae9 | Get or set file attributes (See above)
2018-12-25T11:54:03.779184191Z 61 PC: 12af1 | Open file (See above)
2018-12-25T11:54:03.785882854Z 87 PC: 12afe | Get or set file date and time (See above)
2018-12-25T11:54:03.787454591Z 63 PC: 12b19 | Read file or device (See above)
2018-12-25T11:54:03.793352682Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:03.794734408Z 66 PC: 12b53 | Move file pointer (See above)
2018-12-25T11:54:03.796241169Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T11:54:03.804260944Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T11:54:03.806135479Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T11:54:03.808936304Z 87 PC: 12b93 | Get or set file date and time (See above)
2018-12-25T11:54:03.810462353Z 62 PC: 12b98 | Close file (See above)
2018-12-25T11:54:03.818254723Z 67 PC: 12ba7 | Get or set file attributes (See above)
2018-12-25T11:54:03.828396705Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:03.830857755Z 67 PC: 12adb | Get or set file attributes (See above)
2018-12-25T11:54:03.837061753Z 67 PC: 12ae9 | Get or set file attributes (See above)
2018-12-25T11:54:03.846706815Z 61 PC: 12af1 | Open file (See above)
2018-12-25T11:54:03.853111775Z 87 PC: 12afe | Get or set file date and time (See above)
2018-12-25T11:54:03.854652003Z 63 PC: 12b19 | Read file or device (See above)
2018-12-25T11:54:03.861100377Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:03.86254733Z 66 PC: 12b53 | Move file pointer (See above)
2018-12-25T11:54:03.864050977Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T11:54:03.872784357Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T11:54:03.874359663Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T11:54:03.876847685Z 87 PC: 12b93 | Get or set file date and time (See above)
2018-12-25T11:54:03.878772535Z 62 PC: 12b98 | Close file (See above)
2018-12-25T11:54:03.886162709Z 67 PC: 12ba7 | Get or set file attributes (See above)
2018-12-25T11:54:03.895688722Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:03.899723705Z 67 PC: 12adb | Get or set file attributes (See above)
2018-12-25T11:54:03.905163196Z 67 PC: 12ae9 | Get or set file attributes (See above)
2018-12-25T11:54:03.914606478Z 61 PC: 12af1 | Open file (See above)
2018-12-25T11:54:03.922551615Z 87 PC: 12afe | Get or set file date and time (See above)
2018-12-25T11:54:03.924250884Z 63 PC: 12b19 | Read file or device (See above)
2018-12-25T11:54:03.930830243Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:03.933010857Z 66 PC: 12b53 | Move file pointer (See above)
2018-12-25T11:54:03.934333196Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T11:54:03.943610374Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T11:54:03.945998852Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T11:54:03.949124036Z 87 PC: 12b93 | Get or set file date and time (See above)
2018-12-25T11:54:03.950623296Z 62 PC: 12b98 | Close file (See above)
2018-12-25T11:54:03.958891414Z 67 PC: 12ba7 | Get or set file attributes (See above)
2018-12-25T11:54:03.970793817Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:03.973466944Z 67 PC: 12adb | Get or set file attributes (See above)
2018-12-25T11:54:03.985448123Z 67 PC: 12ae9 | Get or set file attributes (See above)
2018-12-25T11:54:03.995022688Z 61 PC: 12af1 | Open file (See above)
2018-12-25T11:54:04.001431673Z 87 PC: 12afe | Get or set file date and time (See above)
2018-12-25T11:54:04.003715691Z 63 PC: 12b19 | Read file or device (See above)
2018-12-25T11:54:04.011503575Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:04.01287998Z 66 PC: 12b53 | Move file pointer (See above)
2018-12-25T11:54:04.014339494Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T11:54:04.027982245Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T11:54:04.02941798Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T11:54:04.031995676Z 87 PC: 12b93 | Get or set file date and time (See above)
2018-12-25T11:54:04.034042251Z 62 PC: 12b98 | Close file (See above)
2018-12-25T11:54:04.041766042Z 67 PC: 12ba7 | Get or set file attributes (See above)
2018-12-25T11:54:04.05210221Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:04.055593828Z 67 PC: 12adb | Get or set file attributes (See above)
2018-12-25T11:54:04.061031402Z 67 PC: 12ae9 | Get or set file attributes (See above)
2018-12-25T11:54:04.07100417Z 61 PC: 12af1 | Open file (See above)
2018-12-25T11:54:04.078326161Z 87 PC: 12afe | Get or set file date and time (See above)
2018-12-25T11:54:04.079678203Z 63 PC: 12b19 | Read file or device (See above)
2018-12-25T11:54:04.08593587Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:04.089144955Z 66 PC: 12b53 | Move file pointer (See above)
2018-12-25T11:54:04.090481426Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T11:54:04.098548864Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T11:54:04.100828249Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T11:54:04.109970232Z 87 PC: 12b93 | Get or set file date and time (See above)
2018-12-25T11:54:04.111871204Z 62 PC: 12b98 | Close file (See above)
2018-12-25T11:54:04.121356857Z 67 PC: 12ba7 | Get or set file attributes (See above)
2018-12-25T11:54:04.131681434Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:04.13444273Z 67 PC: 12adb | Get or set file attributes (See above)
2018-12-25T11:54:04.140946939Z 67 PC: 12ae9 | Get or set file attributes (See above)
2018-12-25T11:54:04.150722803Z 61 PC: 12af1 | Open file (See above)
2018-12-25T11:54:04.161862842Z 87 PC: 12afe | Get or set file date and time (See above)
2018-12-25T11:54:04.163958183Z 63 PC: 12b19 | Read file or device (See above)
2018-12-25T11:54:04.170334105Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:04.172391974Z 66 PC: 12b53 | Move file pointer (See above)
2018-12-25T11:54:04.174449004Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T11:54:04.1826315Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T11:54:04.184236568Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T11:54:04.187371864Z 87 PC: 12b93 | Get or set file date and time (See above)
2018-12-25T11:54:04.188893367Z 62 PC: 12b98 | Close file (See above)
2018-12-25T11:54:04.19705803Z 67 PC: 12ba7 | Get or set file attributes (See above)
2018-12-25T11:54:04.209026002Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:04.211634521Z 67 PC: 12adb | Get or set file attributes (See above)
2018-12-25T11:54:04.217198272Z 67 PC: 12ae9 | Get or set file attributes (See above)
2018-12-25T11:54:04.227796771Z 61 PC: 12af1 | Open file (See above)
2018-12-25T11:54:04.240289786Z 87 PC: 12afe | Get or set file date and time (See above)
2018-12-25T11:54:04.241689576Z 63 PC: 12b19 | Read file or device (See above)
2018-12-25T11:54:04.249679065Z 87 PC: 12b93 | Get or set file date and time (See above)
2018-12-25T11:54:04.251925603Z 62 PC: 12b98 | Close file (See above)
2018-12-25T11:54:04.259171956Z 67 PC: 12ba7 | Get or set file attributes (See above)
2018-12-25T11:54:04.269249272Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:04.272167769Z 59 PC: 12bc2 | Change current directory
2018-12-25T11:54:04.276866782Z 26 PC: 12bde | Set disk transfer address
2018-12-25T11:54:04.278045976Z 59 PC: 12be9 | Change current directory

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5261,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:03.803859812Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T11:54:03.805517664Z 71 PC: 12a83 | Get current directory
2018-12-25T11:54:03.808357657Z 42 PC: 12a88 | Get date 0x12a88: cmp al, 0
0x12a8a: jne 0x12a9f
0x12a8c: mov word ptr [0x153], 0
0x12a92: mov cx, 1
0x12a95: jcxz 0x12a99
0x12a97: jmp 0x12a9f
0x12a99: mov dx, 0x2e4
0x12a9c: call 0x12ac7
0x12a9f: cmp dh, 4
0x12aa2: jne 0x12ab8
0x12aa4: cmp dl, 0xf
0x12aa7: jne 0x12ab8
0x12aa9: mov ax, 0x1010
0x12aac: out 0x70, ax
0x12aae: mov dx, 0x2c6
0x12ab1: call 0x12ac7
0x12ab4: mov al, 0xfe
0x12ab6: out 0x64, al
0x12ab8: mov ah, byte ptr [bp + 5]
0x12abb: mov cl, 7
2018-12-25T11:54:03.810429356Z 9 PC: 12acb | Display string (String= '����� ��ᥫ��� �� 98% - 㡨��� ���� ������. ')
2018-12-25T11:54:03.816186432Z 8 PC: 12acf | Console input without echo

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5261,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:04.152236574Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T11:54:04.155958915Z 71 PC: 12a83 | Get current directory
2018-12-25T11:54:04.159089369Z 42 PC: 12a88 | Get date 0x12a88: cmp al, 0
0x12a8a: jne 0x12a9f
0x12a8c: mov word ptr [0x153], 0
0x12a92: mov cx, 1
0x12a95: jcxz 0x12a99
0x12a97: jmp 0x12a9f
0x12a99: mov dx, 0x2e4
0x12a9c: call 0x12ac7
0x12a9f: cmp dh, 4
0x12aa2: jne 0x12ab8
0x12aa4: cmp dl, 0xf
0x12aa7: jne 0x12ab8
0x12aa9: mov ax, 0x1010
0x12aac: out 0x70, ax
0x12aae: mov dx, 0x2c6
0x12ab1: call 0x12ac7
0x12ab4: mov al, 0xfe
0x12ab6: out 0x64, al
0x12ab8: mov ah, byte ptr [bp + 5]
0x12abb: mov cl, 7
2018-12-25T11:54:04.161550918Z 78 PC: 12ac2 | Find first file
2018-12-25T11:54:04.168598789Z 67 PC: 12adb | Get or set file attributes
2018-12-25T11:54:04.179171239Z 67 PC: 12ae9 | Get or set file attributes
2018-12-25T11:54:04.198134817Z 61 PC: 12af1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:04.20500148Z 87 PC: 12afe | Get or set file date and time
2018-12-25T11:54:04.207389659Z 63 PC: 12b19 | Read file or device (Read 591 bytes on handle 5)
2018-12-25T11:54:04.214762795Z 66 PC: 12b36 | Move file pointer
2018-12-25T11:54:04.217732165Z 66 PC: 12b53 | Move file pointer
2018-12-25T11:54:04.220748943Z 64 PC: 12b5f | Write file or device (Write 591 bytes on handle 5)
2018-12-25T11:54:04.229106423Z 66 PC: 12b6a | Move file pointer
2018-12-25T11:54:04.230952985Z 64 PC: 12b84 | Write file or device (Write 407 bytes on handle 5)
2018-12-25T11:54:04.234062501Z 87 PC: 12b93 | Get or set file date and time
2018-12-25T11:54:04.237399287Z 62 PC: 12b98 | Close file
2018-12-25T11:54:04.244783968Z 67 PC: 12ba7 | Get or set file attributes
2018-12-25T11:54:04.254723679Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:04.257691549Z 67 PC: 12adb | Get or set file attributes (See above)
2018-12-25T11:54:04.263475504Z 67 PC: 12ae9 | Get or set file attributes (See above)
2018-12-25T11:54:04.273767074Z 61 PC: 12af1 | Open file (See above)
2018-12-25T11:54:04.28140548Z 87 PC: 12afe | Get or set file date and time (See above)
2018-12-25T11:54:04.282627697Z 63 PC: 12b19 | Read file or device (See above)
2018-12-25T11:54:04.288788904Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:04.290500952Z 66 PC: 12b53 | Move file pointer (See above)
2018-12-25T11:54:04.291740896Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T11:54:04.299456791Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T11:54:04.301634063Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T11:54:04.304092683Z 87 PC: 12b93 | Get or set file date and time (See above)
2018-12-25T11:54:04.305435234Z 62 PC: 12b98 | Close file (See above)
2018-12-25T11:54:04.313900716Z 67 PC: 12ba7 | Get or set file attributes (See above)
2018-12-25T11:54:04.323527649Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:04.326852269Z 67 PC: 12adb | Get or set file attributes (See above)
2018-12-25T11:54:04.333668553Z 67 PC: 12ae9 | Get or set file attributes (See above)
2018-12-25T11:54:04.343368631Z 61 PC: 12af1 | Open file (See above)
2018-12-25T11:54:04.349909545Z 87 PC: 12afe | Get or set file date and time (See above)
2018-12-25T11:54:04.351995376Z 63 PC: 12b19 | Read file or device (See above)
2018-12-25T11:54:04.358319975Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:04.359895844Z 66 PC: 12b53 | Move file pointer (See above)
2018-12-25T11:54:04.361821022Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T11:54:04.370173129Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T11:54:04.371641167Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T11:54:04.374443617Z 87 PC: 12b93 | Get or set file date and time (See above)
2018-12-25T11:54:04.376528175Z 62 PC: 12b98 | Close file (See above)
2018-12-25T11:54:04.384355317Z 67 PC: 12ba7 | Get or set file attributes (See above)
2018-12-25T11:54:04.394267308Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:04.399244505Z 67 PC: 12adb | Get or set file attributes (See above)
2018-12-25T11:54:04.405096557Z 67 PC: 12ae9 | Get or set file attributes (See above)
2018-12-25T11:54:04.415128531Z 61 PC: 12af1 | Open file (See above)
2018-12-25T11:54:04.424518791Z 87 PC: 12afe | Get or set file date and time (See above)
2018-12-25T11:54:04.426225148Z 63 PC: 12b19 | Read file or device (See above)
2018-12-25T11:54:04.43270696Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:04.435037992Z 66 PC: 12b53 | Move file pointer (See above)
2018-12-25T11:54:04.436524501Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T11:54:04.444591057Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T11:54:04.446975061Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T11:54:04.449852524Z 87 PC: 12b93 | Get or set file date and time (See above)
2018-12-25T11:54:04.451587493Z 62 PC: 12b98 | Close file (See above)
2018-12-25T11:54:04.4595304Z 67 PC: 12ba7 | Get or set file attributes (See above)
2018-12-25T11:54:04.469775977Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:04.472306731Z 67 PC: 12adb | Get or set file attributes (See above)
2018-12-25T11:54:04.478368332Z 67 PC: 12ae9 | Get or set file attributes (See above)
2018-12-25T11:54:04.48837662Z 61 PC: 12af1 | Open file (See above)
2018-12-25T11:54:04.495701805Z 87 PC: 12afe | Get or set file date and time (See above)
2018-12-25T11:54:04.497811666Z 63 PC: 12b19 | Read file or device (See above)
2018-12-25T11:54:04.504128923Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:04.505455572Z 66 PC: 12b53 | Move file pointer (See above)
2018-12-25T11:54:04.507513007Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T11:54:04.515359438Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T11:54:04.516918354Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T11:54:04.519602785Z 87 PC: 12b93 | Get or set file date and time (See above)
2018-12-25T11:54:04.521378609Z 62 PC: 12b98 | Close file (See above)
2018-12-25T11:54:04.528853579Z 67 PC: 12ba7 | Get or set file attributes (See above)
2018-12-25T11:54:04.540480919Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:04.544709771Z 67 PC: 12adb | Get or set file attributes (See above)
2018-12-25T11:54:04.550520543Z 67 PC: 12ae9 | Get or set file attributes (See above)
2018-12-25T11:54:04.56031602Z 61 PC: 12af1 | Open file (See above)
2018-12-25T11:54:04.564831492Z 87 PC: 12afe | Get or set file date and time (See above)
2018-12-25T11:54:04.566076559Z 63 PC: 12b19 | Read file or device (See above)
2018-12-25T11:54:04.570053919Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:04.571892631Z 66 PC: 12b53 | Move file pointer (See above)
2018-12-25T11:54:04.573084683Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T11:54:04.5808234Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T11:54:04.582928847Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T11:54:04.590685831Z 87 PC: 12b93 | Get or set file date and time (See above)
2018-12-25T11:54:04.592033171Z 62 PC: 12b98 | Close file (See above)
2018-12-25T11:54:04.600035616Z 67 PC: 12ba7 | Get or set file attributes (See above)
2018-12-25T11:54:04.609927392Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:04.612287732Z 67 PC: 12adb | Get or set file attributes (See above)
2018-12-25T11:54:04.61820965Z 67 PC: 12ae9 | Get or set file attributes (See above)
2018-12-25T11:54:04.627598918Z 61 PC: 12af1 | Open file (See above)
2018-12-25T11:54:04.63404499Z 87 PC: 12afe | Get or set file date and time (See above)
2018-12-25T11:54:04.637124224Z 63 PC: 12b19 | Read file or device (See above)
2018-12-25T11:54:04.643751534Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:04.645074483Z 66 PC: 12b53 | Move file pointer (See above)
2018-12-25T11:54:04.647458034Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T11:54:04.653512884Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T11:54:04.654846601Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T11:54:04.658430472Z 87 PC: 12b93 | Get or set file date and time (See above)
2018-12-25T11:54:04.659916423Z 62 PC: 12b98 | Close file (See above)
2018-12-25T11:54:04.667757112Z 67 PC: 12ba7 | Get or set file attributes (See above)
2018-12-25T11:54:04.677633818Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:04.680161722Z 67 PC: 12adb | Get or set file attributes (See above)
2018-12-25T11:54:04.6855404Z 67 PC: 12ae9 | Get or set file attributes (See above)
2018-12-25T11:54:04.695434599Z 61 PC: 12af1 | Open file (See above)
2018-12-25T11:54:04.701993487Z 87 PC: 12afe | Get or set file date and time (See above)
2018-12-25T11:54:04.703312642Z 63 PC: 12b19 | Read file or device (See above)
2018-12-25T11:54:04.710613141Z 87 PC: 12b93 | Get or set file date and time (See above)
2018-12-25T11:54:04.711934156Z 62 PC: 12b98 | Close file (See above)
2018-12-25T11:54:04.718021562Z 67 PC: 12ba7 | Get or set file attributes (See above)
2018-12-25T11:54:04.726664466Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:54:04.728308206Z 59 PC: 12bc2 | Change current directory
2018-12-25T11:54:04.730972428Z 26 PC: 12bde | Set disk transfer address
2018-12-25T11:54:04.732232911Z 59 PC: 12be9 | Change current directory