Sample viewer

vx.netlux.org/Virus.DOS.Posthum.657

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:38:59.686546825Z 44 PC: 18ae5 | Get time 0x18ae5: cmp dh, 0xe
0x18ae8: jne 0x18aed
0x18aea: jmp 0x18cd7
0x18aed: push ax
0x18aee: push bp
0x18aef: mov bp, sp
0x18af1: mov word ptr [bp + 2], 0x100
0x18af6: pop bp
0x18af7: pop di
0x18af8: lea si, word ptr [bp + 0x359]
0x18afc: mov cx, 4
0x18aff: rep movsb byte ptr es:[di], byte ptr [si]
0x18b01: push ax
0x18b02: push bp
0x18b03: mov bp, sp
0x18b05: mov word ptr [bp + 2], 0x1a
0x18b0a: pop bp
0x18b0b: pop ax
0x18b0c: mov ah, al
0x18b0e: lea dx, word ptr [bp + 0x3a6]
2018-12-17T22:38:59.689337659Z 26 PC: 18b14 | Set disk transfer address
2018-12-17T22:38:59.690610612Z 71 PC: 18b1e | Get current directory
2018-12-17T22:38:59.693558258Z 78 PC: 18b39 | Find first file
2018-12-17T22:38:59.706862077Z 61 PC: 18b4b | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:38:59.713023125Z 87 PC: 18c75 | Get or set file date and time
2018-12-17T22:38:59.714133176Z 63 PC: 18b5a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:38:59.719195735Z 66 PC: 18c90 | Move file pointer
2018-12-17T22:38:59.720339667Z 63 PC: 18b84 | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:38:59.722176892Z 66 PC: 18c90 | Move file pointer
2018-12-17T22:38:59.724037613Z 64 PC: 18bb4 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:38:59.726156064Z 66 PC: 18c90 | Move file pointer
2018-12-17T22:38:59.727373989Z 64 PC: 18bc8 | Write file or device (Write 19 bytes on handle 5)
2018-12-17T22:38:59.729926081Z 64 PC: 18be7 | Write file or device (Write 615 bytes on handle 5)
2018-12-17T22:38:59.742575401Z 64 PC: 18bf2 | Write file or device (Write 23 bytes on handle 5)
2018-12-17T22:38:59.744368282Z 87 PC: 18c8b | Get or set file date and time
2018-12-17T22:38:59.747453073Z 62 PC: 18c22 | Close file
2018-12-17T22:38:59.754509298Z 59 PC: 18c4f | Change current directory
2018-12-17T22:38:59.758864009Z 59 PC: 18c5e | Change current directory
2018-12-17T22:38:59.76387771Z 26 PC: 18c65 | Set disk transfer address
2018-12-17T22:38:59.767921511Z 53 PC: 17fa0 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:38:59.76920689Z 37 PC: 17fae | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:38:59.779424588Z 48 PC: 17fb4 | Get DOS version
2018-12-17T22:38:59.780659713Z 37 PC: 17fe1 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:38:59.781723207Z 65 PC: 18014 | Delete file (Filename = '�Àt�')
2018-12-17T22:38:59.787387505Z 65 PC: 18035 | Delete file (Filename = ' t <t'< u�6�� ���Q�ȵ')
2018-12-17T22:38:59.792722295Z 65 PC: 18059 | Delete file (Filename = 'Y�6��')
2018-12-17T22:38:59.798018628Z 60 PC: 1808b | Create or truncate file
2018-12-17T22:38:59.802201119Z 65 PC: 18098 | Delete file (Filename = '�Z;��_.t�2��X.�S�')
2018-12-17T22:38:59.809808336Z 44 PC: 1878c | Get time 0x1878c: sub bx, 4
0x1878f: mov byte ptr cs:[bx], dh
0x18792: sub bx, 4
0x18795: mov byte ptr cs:[bx], dl
0x18798: sub bx, 4
0x1879b: mov byte ptr cs:[bx], cl
0x1879e: call 0x187a1
0x187a1: pop bx
0x187a2: add bx, 0x15
0x187a5: nop
0x187a6: mov byte ptr cs:[bx], cl
0x187a9: pop bx
0x187aa: mov cx, 0x2e7
0x187ad: add byte ptr cs:[bx], dh
0x187b0: xor byte ptr cs:[bx], dl
0x187b3: ror byte ptr cs:[bx], 0x36
0x187b7: sub byte ptr cs:[bx], cl
0x187ba: inc bx
0x187bb: loop 0x187ad
0x187bd: cmp byte ptr cs:[0xf0], 0x2e
2018-12-17T22:38:59.824515959Z 48 PC: 12a4c | Get DOS version
2018-12-17T22:38:59.825759644Z 53 PC: 12bab | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:38:59.827067482Z 53 PC: 12bb8 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:38:59.82825581Z 53 PC: 12bc5 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:38:59.829878225Z 53 PC: 12bd2 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:38:59.83186047Z 37 PC: 12be6 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:38:59.833405913Z 74 PC: 12af4 | Reallocate memory
2018-12-17T22:38:59.835750112Z 68 PC: 155eb | I/O control for devices (Set for = '�%')
2018-12-17T22:38:59.83978022Z 68 PC: 155eb | I/O control for devices (Set for = '')
2018-12-17T22:38:59.841562368Z 53 PC: 13ceb | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:38:59.843128908Z 53 PC: 13ceb | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:38:59.844745494Z 53 PC: 13ceb | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:38:59.845832749Z 53 PC: 13ceb | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:38:59.847236614Z 53 PC: 13ceb | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:38:59.848906036Z 53 PC: 13ceb | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:38:59.850148068Z 53 PC: 13ceb | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:38:59.851490816Z 53 PC: 13ceb | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:38:59.857956013Z 53 PC: 13ceb | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:38:59.858883324Z 53 PC: 13ceb | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:38:59.859968595Z 53 PC: 13ceb | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:38:59.861814451Z 53 PC: 13cfb | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:38:59.862888252Z 53 PC: 13d08 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:38:59.864414126Z 37 PC: 13e11 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:38:59.865988521Z 37 PC: 13e11 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:38:59.866973536Z 37 PC: 13e11 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:38:59.867881122Z 37 PC: 13e11 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:38:59.869522576Z 37 PC: 13e11 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:38:59.870687046Z 37 PC: 13e11 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:38:59.871767199Z 37 PC: 13e11 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:38:59.87440299Z 37 PC: 13e11 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:38:59.876457232Z 37 PC: 13e11 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:38:59.878008979Z 37 PC: 13e11 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:38:59.880531958Z 37 PC: 13e1c | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:38:59.881719043Z 37 PC: 13e26 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:39:09.889946629Z 64 PC: 15f55 | Write file or device (Write 29 bytes on handle 1)
2018-12-17T22:39:09.894924431Z 64 PC: 15f55 | Write file or device (Write 29 bytes on handle 1)
2018-12-17T22:39:09.90044567Z 64 PC: 15f55 | Write file or device (Write 29 bytes on handle 1)
2018-12-17T22:39:09.904309818Z 64 PC: 15f55 | Write file or device (Write 41 bytes on handle 1)
2018-12-17T22:39:09.910283608Z 64 PC: 15f55 | Write file or device (Write 41 bytes on handle 1)
2018-12-17T22:39:09.914463414Z 64 PC: 15f55 | Write file or device (Write 41 bytes on handle 1)
2018-12-17T22:39:09.919639664Z 64 PC: 15f55 | Write file or device (Write 41 bytes on handle 1)
2018-12-17T22:39:09.926122411Z 64 PC: 15f55 | Write file or device (Write 41 bytes on handle 1)
2018-12-17T22:39:09.930879634Z 64 PC: 15f55 | Write file or device (Write 41 bytes on handle 1)
2018-12-17T22:39:09.93651808Z 64 PC: 15f55 | Write file or device (Write 41 bytes on handle 1)
2018-12-17T22:39:09.941778706Z 64 PC: 15f55 | Write file or device (Write 41 bytes on handle 1)
2018-12-17T22:39:09.946799906Z 64 PC: 15f55 | Write file or device (Write 41 bytes on handle 1)
2018-12-17T22:39:09.951508905Z 64 PC: 15f55 | Write file or device (Write 41 bytes on handle 1)
2018-12-17T22:39:09.955643796Z 64 PC: 15f55 | Write file or device (Write 58 bytes on handle 1)
2018-12-17T22:39:09.960785817Z 64 PC: 15f55 | Write file or device (Write 69 bytes on handle 1)
2018-12-17T22:39:09.966086665Z 64 PC: 15f55 | Write file or device (Write 69 bytes on handle 1)
2018-12-17T22:39:09.972477529Z 64 PC: 15f55 | Write file or device (Write 69 bytes on handle 1)
2018-12-17T22:39:10.478369197Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:10.482490112Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:10.987555373Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:10.992645006Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:11.496855315Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:11.500894519Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:12.006045126Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:12.010063276Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:12.514209477Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:12.519411692Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:13.02346837Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:13.0268667Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:13.531245278Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:13.534811448Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:14.038548865Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:14.043076061Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:14.547239823Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:14.551237404Z 64 PC: 15f55 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:39:14.555926942Z 64 PC: 15f55 | Write file or device (Write 22 bytes on handle 1)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":14,"TimeBased":true,"OriginalID":6689,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:09.663065654Z 44 PC: 18ae5 | Get time 0x18ae5: cmp dh, 0xe
0x18ae8: jne 0x18aed
0x18aea: jmp 0x18cd7
0x18aed: push ax
0x18aee: push bp
0x18aef: mov bp, sp
0x18af1: mov word ptr [bp + 2], 0x100
0x18af6: pop bp
0x18af7: pop di
0x18af8: lea si, word ptr [bp + 0x359]
0x18afc: mov cx, 4
0x18aff: rep movsb byte ptr es:[di], byte ptr [si]
0x18b01: push ax
0x18b02: push bp
0x18b03: mov bp, sp
0x18b05: mov word ptr [bp + 2], 0x1a
0x18b0a: pop bp
0x18b0b: pop ax
0x18b0c: mov ah, al
0x18b0e: lea dx, word ptr [bp + 0x3a6]
2018-12-25T12:00:09.665936759Z 26 PC: 18b14 | Set disk transfer address
2018-12-25T12:00:09.667177154Z 71 PC: 18b1e | Get current directory
2018-12-25T12:00:09.671017036Z 78 PC: 18b39 | Find first file
2018-12-25T12:00:09.678164331Z 61 PC: 18b4b | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:09.68547971Z 87 PC: 18c75 | Get or set file date and time
2018-12-25T12:00:09.686919465Z 63 PC: 18b5a | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:00:09.721520311Z 66 PC: 18c90 | Move file pointer
2018-12-25T12:00:09.724301794Z 63 PC: 18b84 | Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:00:09.727771426Z 66 PC: 18c90 | Move file pointer (See above)
2018-12-25T12:00:09.730914754Z 64 PC: 18bb4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:00:09.734410016Z 66 PC: 18c90 | Move file pointer (See above)
2018-12-25T12:00:09.736104949Z 64 PC: 18bc8 | Write file or device (Write 19 bytes on handle 5)
2018-12-25T12:00:09.739470057Z 64 PC: 18be7 | Write file or device (Write 615 bytes on handle 5)
2018-12-25T12:00:11.03975572Z 64 PC: 18bf2 | Write file or device (Write 23 bytes on handle 5)
2018-12-25T12:00:11.042828236Z 87 PC: 18c8b | Get or set file date and time
2018-12-25T12:00:11.044466493Z 62 PC: 18c22 | Close file
2018-12-25T12:00:11.053118458Z 59 PC: 18c4f | Change current directory
2018-12-25T12:00:11.057664097Z 59 PC: 18c5e | Change current directory
2018-12-25T12:00:11.059446842Z 26 PC: 18c65 | Set disk transfer address
2018-12-25T12:00:11.067115013Z 53 PC: 17fa0 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:00:11.068392845Z 37 PC: 17fae | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:00:11.069578567Z 48 PC: 17fb4 | Get DOS version
2018-12-25T12:00:11.07187743Z 37 PC: 17fe1 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:00:11.073774187Z 65 PC: 18014 | Delete file (Filename = '�Àt�')
2018-12-25T12:00:11.08072477Z 65 PC: 18035 | Delete file (Filename = ' t <t'< u�6�� ���Q�ȵ')
2018-12-25T12:00:11.084909161Z 65 PC: 18059 | Delete file (Filename = 'Y�6��')
2018-12-25T12:00:11.091174846Z 60 PC: 1808b | Create or truncate file
2018-12-25T12:00:11.095723028Z 65 PC: 18098 | Delete file (Filename = '�Z;��_.t�2��X.�S�')
2018-12-25T12:00:11.104851452Z 44 PC: 1878c | Get time 0x1878c: sub bx, 4
0x1878f: mov byte ptr cs:[bx], dh
0x18792: sub bx, 4
0x18795: mov byte ptr cs:[bx], dl
0x18798: sub bx, 4
0x1879b: mov byte ptr cs:[bx], cl
0x1879e: call 0x187a1
0x187a1: pop bx
0x187a2: add bx, 0x15
0x187a5: nop
0x187a6: mov byte ptr cs:[bx], cl
0x187a9: pop bx
0x187aa: mov cx, 0x2e7
0x187ad: add byte ptr cs:[bx], dh
0x187b0: xor byte ptr cs:[bx], dl
0x187b3: ror byte ptr cs:[bx], 0x36
0x187b7: sub byte ptr cs:[bx], cl
0x187ba: inc bx
0x187bb: loop 0x187ad
0x187bd: cmp byte ptr cs:[0xf0], 0x2e
2018-12-25T12:00:11.115222257Z 48 PC: 12a4c | Get DOS version
2018-12-25T12:00:11.116457794Z 53 PC: 12bab | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:11.117956532Z 53 PC: 12bb8 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:00:11.119643444Z 53 PC: 12bc5 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:00:11.121042238Z 53 PC: 12bd2 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:00:11.122348124Z 37 PC: 12be6 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:11.124024175Z 74 PC: 12af4 | Reallocate memory
2018-12-25T12:00:11.126110441Z 68 PC: 155eb | I/O control for devices (Set for = '�%')
2018-12-25T12:00:11.127854Z 68 PC: 155eb | I/O control for devices (See above)
2018-12-25T12:00:11.131979308Z 53 PC: 13ceb | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T12:00:11.133594767Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:11.135293376Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:11.137960817Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:11.139869709Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:11.141734856Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:11.144058521Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:11.145456843Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:11.146795273Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:11.148668537Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:11.150070777Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:11.151421109Z 53 PC: 13cfb | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-25T12:00:11.15349721Z 53 PC: 13d08 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-25T12:00:11.155294707Z 37 PC: 13e11 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T12:00:11.157405294Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:11.158927611Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:11.160236171Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:11.161871365Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:11.163652619Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:11.173334811Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:11.17454796Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:11.175921332Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:11.177724812Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:11.179346774Z 37 PC: 13e1c | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-25T12:00:11.180939813Z 37 PC: 13e26 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-25T12:00:21.190250679Z 64 PC: 15f55 | Write file or device (Write 29 bytes on handle 1)
2018-12-25T12:00:21.192761362Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.196053844Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.199081785Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.20360681Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.206068241Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.21229996Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.218125432Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.221890962Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.22750057Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.233310011Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.237369843Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.242978861Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.246642688Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.250860017Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.257478947Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.26297538Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.769397741Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.77504911Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:22.28010882Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:22.285550749Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:22.790362875Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:22.795312037Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:23.299988627Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:23.304897598Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:23.810427668Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:23.813183293Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:24.317182084Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:24.322648073Z 64 PC: 15f55 | Write file or device (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6689,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:10.636638077Z 44 PC: 18ae5 | Get time 0x18ae5: cmp dh, 0xe
0x18ae8: jne 0x18aed
0x18aea: jmp 0x18cd7
0x18aed: push ax
0x18aee: push bp
0x18aef: mov bp, sp
0x18af1: mov word ptr [bp + 2], 0x100
0x18af6: pop bp
0x18af7: pop di
0x18af8: lea si, word ptr [bp + 0x359]
0x18afc: mov cx, 4
0x18aff: rep movsb byte ptr es:[di], byte ptr [si]
0x18b01: push ax
0x18b02: push bp
0x18b03: mov bp, sp
0x18b05: mov word ptr [bp + 2], 0x1a
0x18b0a: pop bp
0x18b0b: pop ax
0x18b0c: mov ah, al
0x18b0e: lea dx, word ptr [bp + 0x3a6]
2018-12-25T12:00:10.639352178Z 26 PC: 18b14 | Set disk transfer address
2018-12-25T12:00:10.640500369Z 71 PC: 18b1e | Get current directory
2018-12-25T12:00:10.643310543Z 78 PC: 18b39 | Find first file
2018-12-25T12:00:10.649716044Z 61 PC: 18b4b | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:10.656341029Z 87 PC: 18c75 | Get or set file date and time
2018-12-25T12:00:10.657882259Z 63 PC: 18b5a | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:00:10.665057669Z 66 PC: 18c90 | Move file pointer
2018-12-25T12:00:10.666648503Z 63 PC: 18b84 | Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:00:10.669395225Z 66 PC: 18c90 | Move file pointer (See above)
2018-12-25T12:00:10.671782269Z 64 PC: 18bb4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:00:10.674989991Z 66 PC: 18c90 | Move file pointer (See above)
2018-12-25T12:00:10.676781184Z 64 PC: 18bc8 | Write file or device (Write 19 bytes on handle 5)
2018-12-25T12:00:10.681048611Z 64 PC: 18be7 | Write file or device (Write 615 bytes on handle 5)
2018-12-25T12:00:10.696386451Z 64 PC: 18bf2 | Write file or device (Write 23 bytes on handle 5)
2018-12-25T12:00:10.699425649Z 87 PC: 18c8b | Get or set file date and time
2018-12-25T12:00:10.701718829Z 62 PC: 18c22 | Close file
2018-12-25T12:00:10.710244911Z 59 PC: 18c4f | Change current directory
2018-12-25T12:00:10.714323455Z 59 PC: 18c5e | Change current directory
2018-12-25T12:00:10.716923816Z 26 PC: 18c65 | Set disk transfer address
2018-12-25T12:00:10.720636698Z 53 PC: 17fa0 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:00:10.72212077Z 37 PC: 17fae | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:00:10.723738662Z 48 PC: 17fb4 | Get DOS version
2018-12-25T12:00:10.725633187Z 37 PC: 17fe1 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:00:10.72705291Z 65 PC: 18014 | Delete file (Filename = '�Àt�')
2018-12-25T12:00:10.733309394Z 65 PC: 18035 | Delete file (Filename = ' t <t'< u�6�� ���Q�ȵ')
2018-12-25T12:00:10.740247818Z 65 PC: 18059 | Delete file (Filename = 'Y�6��')
2018-12-25T12:00:10.746241745Z 60 PC: 1808b | Create or truncate file
2018-12-25T12:00:10.755826872Z 65 PC: 18098 | Delete file (Filename = '�Z;��_.t�2��X.�S�')
2018-12-25T12:00:10.768587953Z 44 PC: 1878c | Get time 0x1878c: sub bx, 4
0x1878f: mov byte ptr cs:[bx], dh
0x18792: sub bx, 4
0x18795: mov byte ptr cs:[bx], dl
0x18798: sub bx, 4
0x1879b: mov byte ptr cs:[bx], cl
0x1879e: call 0x187a1
0x187a1: pop bx
0x187a2: add bx, 0x15
0x187a5: nop
0x187a6: mov byte ptr cs:[bx], cl
0x187a9: pop bx
0x187aa: mov cx, 0x2e7
0x187ad: add byte ptr cs:[bx], dh
0x187b0: xor byte ptr cs:[bx], dl
0x187b3: ror byte ptr cs:[bx], 0x36
0x187b7: sub byte ptr cs:[bx], cl
0x187ba: inc bx
0x187bb: loop 0x187ad
0x187bd: cmp byte ptr cs:[0xf0], 0x2e
2018-12-25T12:00:10.785200508Z 48 PC: 12a4c | Get DOS version
2018-12-25T12:00:10.7864757Z 53 PC: 12bab | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:10.788394718Z 53 PC: 12bb8 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:00:10.789804779Z 53 PC: 12bc5 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:00:10.791285485Z 53 PC: 12bd2 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:00:10.794462813Z 37 PC: 12be6 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:10.795875425Z 74 PC: 12af4 | Reallocate memory
2018-12-25T12:00:10.797854201Z 68 PC: 155eb | I/O control for devices (Set for = '�%')
2018-12-25T12:00:10.800716878Z 68 PC: 155eb | I/O control for devices (See above)
2018-12-25T12:00:10.803488245Z 53 PC: 13ceb | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T12:00:10.804895626Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:10.806809647Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:10.808159948Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:10.809514959Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:10.811487673Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:10.812689171Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:10.813846557Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:10.815554543Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:10.816690006Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:10.817844178Z 53 PC: 13ceb | Get interrupt vector (See above)
2018-12-25T12:00:10.819751604Z 53 PC: 13cfb | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-25T12:00:10.820916686Z 53 PC: 13d08 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-25T12:00:10.822408297Z 37 PC: 13e11 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T12:00:10.830761279Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:10.831901444Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:10.83293091Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:10.834940382Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:10.83596702Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:10.83698987Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:10.839030029Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:10.840216499Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:10.841609411Z 37 PC: 13e11 | Set interrupt vector (See above)
2018-12-25T12:00:10.843419699Z 37 PC: 13e1c | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-25T12:00:10.844429398Z 37 PC: 13e26 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-25T12:00:20.852306515Z 64 PC: 15f55 | Write file or device (Write 29 bytes on handle 1)
2018-12-25T12:00:20.85627458Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.860572907Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.863851208Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.867652992Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.870031552Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.872946558Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.876734363Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.879294623Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.882352018Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.886516495Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.889255287Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.894863147Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.899958888Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.903234618Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.907677016Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:20.912503934Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.416440147Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.420125634Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.925410863Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:21.929211766Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:22.433095972Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:22.437900393Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:22.942514809Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:22.946382404Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:23.450931568Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:23.455399535Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:23.959087356Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:23.963658987Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:24.468136733Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:24.472074161Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:24.976361786Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:24.981266853Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:25.484782735Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:25.48714391Z 64 PC: 15f55 | Write file or device (See above)
2018-12-25T12:00:25.489664378Z 64 PC: 15f55 | Write file or device (See above)