Sample viewer

vx.netlux.org/Virus.DOS.DIW.377

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:43:27.462607326Z 47 PC: 12aa5 | Get disk transfer address
2018-12-17T22:43:27.46491965Z 26 PC: 12ab3 | Set disk transfer address
2018-12-17T22:43:27.466182467Z 78 PC: 12b3f | Find first file
2018-12-17T22:43:27.472904955Z 47 PC: 12b45 | Get disk transfer address
2018-12-17T22:43:27.474201879Z 61 PC: 12ae1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:27.482091398Z 63 PC: 12aef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:27.489397804Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:43:27.491370535Z 64 PC: 12b16 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:27.50045817Z 66 PC: 12b22 | Move file pointer
2018-12-17T22:43:27.502436792Z 64 PC: 12b2e | Write file or device (Write 377 bytes on handle 5)
2018-12-17T22:43:27.518372795Z 62 PC: 12b35 | Close file
2018-12-17T22:43:27.52485009Z 79 PC: 12b5b | Find next file
2018-12-17T22:43:27.526865554Z 61 PC: 12ae1 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:43:27.531908604Z 63 PC: 12aef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:27.536909481Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:43:27.538138953Z 64 PC: 12b16 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:27.540609855Z 66 PC: 12b22 | Move file pointer
2018-12-17T22:43:27.542381755Z 64 PC: 12b2e | Write file or device (Write 377 bytes on handle 5)
2018-12-17T22:43:27.544349054Z 62 PC: 12b35 | Close file
2018-12-17T22:43:27.550627031Z 79 PC: 12b5b | Find next file
2018-12-17T22:43:27.552717204Z 61 PC: 12ae1 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:43:27.560353956Z 63 PC: 12aef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:27.567787906Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:43:27.569672498Z 64 PC: 12b16 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:27.573554864Z 66 PC: 12b22 | Move file pointer
2018-12-17T22:43:27.575489344Z 64 PC: 12b2e | Write file or device (Write 377 bytes on handle 5)
2018-12-17T22:43:27.578808152Z 62 PC: 12b35 | Close file
2018-12-17T22:43:27.587817833Z 79 PC: 12b5b | Find next file
2018-12-17T22:43:27.590823664Z 61 PC: 12ae1 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:43:27.598250877Z 63 PC: 12aef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:27.606671399Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:43:27.608793025Z 64 PC: 12b16 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:27.612164635Z 66 PC: 12b22 | Move file pointer
2018-12-17T22:43:27.614708577Z 64 PC: 12b2e | Write file or device (Write 377 bytes on handle 5)
2018-12-17T22:43:27.617657195Z 62 PC: 12b35 | Close file
2018-12-17T22:43:27.626033991Z 79 PC: 12b5b | Find next file
2018-12-17T22:43:27.62955403Z 61 PC: 12ae1 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:43:27.636629128Z 63 PC: 12aef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:27.643695121Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:43:27.646174424Z 64 PC: 12b16 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:27.649142893Z 66 PC: 12b22 | Move file pointer
2018-12-17T22:43:27.650730171Z 64 PC: 12b2e | Write file or device (Write 377 bytes on handle 5)
2018-12-17T22:43:27.65386269Z 62 PC: 12b35 | Close file
2018-12-17T22:43:27.662310888Z 79 PC: 12b5b | Find next file
2018-12-17T22:43:27.665148658Z 61 PC: 12ae1 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:43:27.672139772Z 63 PC: 12aef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:27.680591023Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:43:27.682181452Z 64 PC: 12b16 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:27.684954269Z 66 PC: 12b22 | Move file pointer
2018-12-17T22:43:27.687218553Z 64 PC: 12b2e | Write file or device (Write 377 bytes on handle 5)
2018-12-17T22:43:27.696331486Z 62 PC: 12b35 | Close file
2018-12-17T22:43:27.705121188Z 79 PC: 12b5b | Find next file
2018-12-17T22:43:27.709152421Z 61 PC: 12ae1 | Open file (Filename = 'PAH.COM')
2018-12-17T22:43:27.71672239Z 63 PC: 12aef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:27.724022702Z 66 PC: 12b0d | Move file pointer
2018-12-17T22:43:27.726267166Z 64 PC: 12b16 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:27.729329499Z 66 PC: 12b22 | Move file pointer
2018-12-17T22:43:27.730757044Z 64 PC: 12b2e | Write file or device (Write 377 bytes on handle 5)
2018-12-17T22:43:27.733726023Z 62 PC: 12b35 | Close file
2018-12-17T22:43:27.743591432Z 79 PC: 12b5b | Find next file
2018-12-17T22:43:27.746542099Z 61 PC: 12ae1 | Open file (Filename = 'TEST.COM')
2018-12-17T22:43:27.754164323Z 63 PC: 12aef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:27.757822075Z 62 PC: 12b35 | Close file
2018-12-17T22:43:27.759696283Z 79 PC: 12b5b | Find next file
2018-12-17T22:43:27.763319201Z 78 PC: 12b82 | Find first file
2018-12-17T22:43:27.771189773Z 44 PC: 12ba2 | Get time 0x12ba2: cmp ch, 0xf
0x12ba5: jl 0x12bdb
0x12ba7: mov bx, di
0x12ba9: add bx, 0x179
0x12bad: mov ah, 2
0x12baf: mov al, 1
0x12bb1: mov dh, 0
0x12bb3: mov dl, 0x80
0x12bb5: mov cl, 1
0x12bb7: mov ch, 0
0x12bb9: int 0x13
0x12bbb: mov si, bx
0x12bbd: add si, 0x1be
0x12bc1: mov ah, byte ptr es:[si]
0x12bc4: cmp ah, 0x80
0x12bc7: jne 0x12bcc
0x12bc9: call 0x12bdc
0x12bcc: mov ah, byte ptr es:[si + 0x10]
0x12bd0: cmp ah, 0x80
0x12bd3: jne 0x12bdb
2018-12-17T22:43:27.774657671Z 26 PC: 12ac8 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7885,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:53.265049139Z 47 PC: 12aa5 | Get disk transfer address
2018-12-25T12:02:53.278492366Z 26 PC: 12ab3 | Set disk transfer address
2018-12-25T12:02:53.279565638Z 78 PC: 12b3f | Find first file
2018-12-25T12:02:53.285634652Z 47 PC: 12b45 | Get disk transfer address
2018-12-25T12:02:53.287370991Z 61 PC: 12ae1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:53.294730443Z 63 PC: 12aef | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:53.302588455Z 66 PC: 12b0d | Move file pointer
2018-12-25T12:02:53.304045336Z 64 PC: 12b16 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:53.319138917Z 66 PC: 12b22 | Move file pointer
2018-12-25T12:02:53.321070974Z 64 PC: 12b2e | Write file or device (Write 377 bytes on handle 5)
2018-12-25T12:02:53.344013756Z 62 PC: 12b35 | Close file
2018-12-25T12:02:53.352412182Z 79 PC: 12b5b | Find next file
2018-12-25T12:02:53.355147539Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.361496108Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.369547353Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.371607294Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.375093051Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.377759601Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.387344007Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.395450365Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.401200091Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.407967601Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.41447117Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.416658012Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.419471649Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.420885836Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.424004661Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.431850543Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.435849704Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.446421199Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.452675048Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.453788877Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.456939709Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.458357081Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.460933775Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.468922496Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.47174833Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.478631052Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.485402248Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.487373884Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.490205144Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.491885628Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.494984517Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.502179002Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.505653803Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.512961452Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.519336495Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.520641495Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.523687711Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.524994537Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.533081493Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.542503962Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.545596222Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.552508579Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.559832372Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.561034215Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.563445587Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.565194885Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.569376004Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.57700685Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.580224782Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.586565614Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.588931472Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.591247059Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.593405954Z 78 PC: 12b82 | Find first file
2018-12-25T12:02:53.598687487Z 44 PC: 12ba2 | Get time 0x12ba2: cmp ch, 0xf
0x12ba5: jl 0x12bdb
0x12ba7: mov bx, di
0x12ba9: add bx, 0x179
0x12bad: mov ah, 2
0x12baf: mov al, 1
0x12bb1: mov dh, 0
0x12bb3: mov dl, 0x80
0x12bb5: mov cl, 1
0x12bb7: mov ch, 0
0x12bb9: int 0x13
0x12bbb: mov si, bx
0x12bbd: add si, 0x1be
0x12bc1: mov ah, byte ptr es:[si]
0x12bc4: cmp ah, 0x80
0x12bc7: jne 0x12bcc
0x12bc9: call 0x12bdc
0x12bcc: mov ah, byte ptr es:[si + 0x10]
0x12bd0: cmp ah, 0x80
0x12bd3: jne 0x12bdb
2018-12-25T12:02:53.601162256Z 26 PC: 12ac8 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":15,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7885,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:53.192652339Z 47 PC: 12aa5 | Get disk transfer address
2018-12-25T12:02:53.195052476Z 26 PC: 12ab3 | Set disk transfer address
2018-12-25T12:02:53.19659587Z 78 PC: 12b3f | Find first file
2018-12-25T12:02:53.203539881Z 47 PC: 12b45 | Get disk transfer address
2018-12-25T12:02:53.20498499Z 61 PC: 12ae1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:53.214559616Z 63 PC: 12aef | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:53.22221851Z 66 PC: 12b0d | Move file pointer
2018-12-25T12:02:53.224267383Z 64 PC: 12b16 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:53.22771281Z 66 PC: 12b22 | Move file pointer
2018-12-25T12:02:53.229221816Z 64 PC: 12b2e | Write file or device (Write 377 bytes on handle 5)
2018-12-25T12:02:53.244815312Z 62 PC: 12b35 | Close file
2018-12-25T12:02:53.27406812Z 79 PC: 12b5b | Find next file
2018-12-25T12:02:53.277154728Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.284981518Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.293462194Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.295033467Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.298036642Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.300556913Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.303881589Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.312730485Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.316645243Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.324646574Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.331672914Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.333145103Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.33641933Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.338017459Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.341008122Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.348459129Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.350716675Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.355140706Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.360510341Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.361598925Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.363662966Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.365389183Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.367398978Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.372881155Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.374990179Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.380110167Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.385105343Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.386493253Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.389907694Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.39134177Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.394140019Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.402977499Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.405967906Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.413448671Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.421120879Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.422992423Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.425872981Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.42821734Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.437386015Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.446192022Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.457221811Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.465476884Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.472607033Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.474350142Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.477045111Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.478427549Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.481347759Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.490079887Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.492916366Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.499917744Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.503441088Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.504736618Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.506435153Z 78 PC: 12b82 | Find first file
2018-12-25T12:02:53.510959911Z 44 PC: 12ba2 | Get time 0x12ba2: cmp ch, 0xf
0x12ba5: jl 0x12bdb
0x12ba7: mov bx, di
0x12ba9: add bx, 0x179
0x12bad: mov ah, 2
0x12baf: mov al, 1
0x12bb1: mov dh, 0
0x12bb3: mov dl, 0x80
0x12bb5: mov cl, 1
0x12bb7: mov ch, 0
0x12bb9: int 0x13
0x12bbb: mov si, bx
0x12bbd: add si, 0x1be
0x12bc1: mov ah, byte ptr es:[si]
0x12bc4: cmp ah, 0x80
0x12bc7: jne 0x12bcc
0x12bc9: call 0x12bdc
0x12bcc: mov ah, byte ptr es:[si + 0x10]
0x12bd0: cmp ah, 0x80
0x12bd3: jne 0x12bdb
2018-12-25T12:02:53.516191592Z 26 PC: 12ac8 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7885,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:53.215454623Z 47 PC: 12aa5 | Get disk transfer address
2018-12-25T12:02:53.217307415Z 26 PC: 12ab3 | Set disk transfer address
2018-12-25T12:02:53.218683117Z 78 PC: 12b3f | Find first file
2018-12-25T12:02:53.225170919Z 47 PC: 12b45 | Get disk transfer address
2018-12-25T12:02:53.226910122Z 61 PC: 12ae1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:53.234886645Z 63 PC: 12aef | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:53.241967397Z 66 PC: 12b0d | Move file pointer
2018-12-25T12:02:53.243652518Z 64 PC: 12b16 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:53.247169656Z 66 PC: 12b22 | Move file pointer
2018-12-25T12:02:53.248519615Z 64 PC: 12b2e | Write file or device (Write 377 bytes on handle 5)
2018-12-25T12:02:53.263856557Z 62 PC: 12b35 | Close file
2018-12-25T12:02:53.274110651Z 79 PC: 12b5b | Find next file
2018-12-25T12:02:53.277478272Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.285740744Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.297917258Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.29973805Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.302641369Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.305566924Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.308993414Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.32927373Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.332209394Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.340103704Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.348280798Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.350489922Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.354863831Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.356797942Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.360055909Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.37041441Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.375658731Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.383052293Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.391469267Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.396974501Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.399266297Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.401611071Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.403901614Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.410732133Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.413469481Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.419291518Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.423557522Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.425133825Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.429589675Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.430869408Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.432950259Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.441699617Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.446873612Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.45471015Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.462657877Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.463753617Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.466145922Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.468776835Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.481863421Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.491193012Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.495025337Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.502600081Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.510281475Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.512117565Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.516310222Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.517871757Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.52122068Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.530347441Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.533630685Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.541239427Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.549086943Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.551431911Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.55422756Z 78 PC: 12b82 | Find first file
2018-12-25T12:02:53.562649947Z 44 PC: 12ba2 | Get time 0x12ba2: cmp ch, 0xf
0x12ba5: jl 0x12bdb
0x12ba7: mov bx, di
0x12ba9: add bx, 0x179
0x12bad: mov ah, 2
0x12baf: mov al, 1
0x12bb1: mov dh, 0
0x12bb3: mov dl, 0x80
0x12bb5: mov cl, 1
0x12bb7: mov ch, 0
0x12bb9: int 0x13
0x12bbb: mov si, bx
0x12bbd: add si, 0x1be
0x12bc1: mov ah, byte ptr es:[si]
0x12bc4: cmp ah, 0x80
0x12bc7: jne 0x12bcc
0x12bc9: call 0x12bdc
0x12bcc: mov ah, byte ptr es:[si + 0x10]
0x12bd0: cmp ah, 0x80
0x12bd3: jne 0x12bdb
2018-12-25T12:02:53.565252302Z 26 PC: 12ac8 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":15,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7885,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:53.429702217Z 47 PC: 12aa5 | Get disk transfer address
2018-12-25T12:02:53.43361341Z 26 PC: 12ab3 | Set disk transfer address
2018-12-25T12:02:53.434885122Z 78 PC: 12b3f | Find first file
2018-12-25T12:02:53.440524341Z 47 PC: 12b45 | Get disk transfer address
2018-12-25T12:02:53.441725457Z 61 PC: 12ae1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:53.448303911Z 63 PC: 12aef | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:53.456274429Z 66 PC: 12b0d | Move file pointer
2018-12-25T12:02:53.457895986Z 64 PC: 12b16 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:53.461171666Z 66 PC: 12b22 | Move file pointer
2018-12-25T12:02:53.463126487Z 64 PC: 12b2e | Write file or device (Write 377 bytes on handle 5)
2018-12-25T12:02:53.477579927Z 62 PC: 12b35 | Close file
2018-12-25T12:02:53.487212491Z 79 PC: 12b5b | Find next file
2018-12-25T12:02:53.489980145Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.496227318Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.511614334Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.51389249Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.516545514Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.518636419Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.522249498Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.529960214Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.533576367Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.539943416Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.54630485Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.548548946Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.551598981Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.552930242Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.556539796Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.565217148Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.567905988Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.574936042Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.581698228Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.582928812Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.58613915Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.588141934Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.590983671Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.599014137Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.601872385Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.608224089Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.614652915Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.61636072Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.618973918Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.620280004Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.623020994Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.631353018Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.634334928Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.641524627Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.647572755Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.648740706Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.651806189Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.653060195Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.66073965Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.669447328Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.672268941Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.678938827Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.686444636Z 66 PC: 12b0d | Move file pointer (See above)
2018-12-25T12:02:53.68808142Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:02:53.690913435Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:02:53.693576916Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:02:53.696091578Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.703873052Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.707131415Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:53.713578939Z 63 PC: 12aef | Read file or device (See above)
2018-12-25T12:02:53.716308948Z 62 PC: 12b35 | Close file (See above)
2018-12-25T12:02:53.719070447Z 79 PC: 12b5b | Find next file (See above)
2018-12-25T12:02:53.721863821Z 78 PC: 12b82 | Find first file
2018-12-25T12:02:53.727386045Z 44 PC: 12ba2 | Get time 0x12ba2: cmp ch, 0xf
0x12ba5: jl 0x12bdb
0x12ba7: mov bx, di
0x12ba9: add bx, 0x179
0x12bad: mov ah, 2
0x12baf: mov al, 1
0x12bb1: mov dh, 0
0x12bb3: mov dl, 0x80
0x12bb5: mov cl, 1
0x12bb7: mov ch, 0
0x12bb9: int 0x13
0x12bbb: mov si, bx
0x12bbd: add si, 0x1be
0x12bc1: mov ah, byte ptr es:[si]
0x12bc4: cmp ah, 0x80
0x12bc7: jne 0x12bcc
0x12bc9: call 0x12bdc
0x12bcc: mov ah, byte ptr es:[si + 0x10]
0x12bd0: cmp ah, 0x80
0x12bd3: jne 0x12bdb
2018-12-25T12:02:53.7321063Z 26 PC: 12ac8 | Set disk transfer address