Sample viewer

vx.netlux.org/Virus.DOS.VCL.Phoebe.2523

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:45:03.611454152Z 78 PC: 12a65 | Find first file
2018-12-17T22:45:03.619513948Z 61 PC: 12a87 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:45:03.626094696Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:45:03.632550567Z 66 PC: 12ab3 | Move file pointer
2018-12-17T22:45:03.635338895Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:45:03.63853707Z 66 PC: 12ac7 | Move file pointer
2018-12-17T22:45:03.640248468Z 64 PC: 12ad2 | Write file or device (Write 2523 bytes on handle 5)
2018-12-17T22:45:03.655534157Z 63 PC: 12ad9 | Read file or device (Read 2523 bytes on handle 5)
2018-12-17T22:45:03.657616982Z 79 PC: 12a7b | Find next file
2018-12-17T22:45:03.660280582Z 61 PC: 12a87 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:45:03.667221009Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 6)
2018-12-17T22:45:03.673792399Z 66 PC: 12ab3 | Move file pointer
2018-12-17T22:45:03.67520886Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 6)
2018-12-17T22:45:03.677824063Z 66 PC: 12ac7 | Move file pointer
2018-12-17T22:45:03.680064845Z 64 PC: 12ad2 | Write file or device (Write 2523 bytes on handle 6)
2018-12-17T22:45:03.688998206Z 63 PC: 12ad9 | Read file or device (Read 2523 bytes on handle 6)
2018-12-17T22:45:03.690983733Z 79 PC: 12a7b | Find next file
2018-12-17T22:45:03.694186689Z 61 PC: 12a87 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:45:03.700518244Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 7)
2018-12-17T22:45:03.706723844Z 66 PC: 12ab3 | Move file pointer
2018-12-17T22:45:03.708921536Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 7)
2018-12-17T22:45:03.711603688Z 66 PC: 12ac7 | Move file pointer
2018-12-17T22:45:03.713081759Z 64 PC: 12ad2 | Write file or device (Write 2523 bytes on handle 7)
2018-12-17T22:45:03.721974833Z 63 PC: 12ad9 | Read file or device (Read 2523 bytes on handle 7)
2018-12-17T22:45:03.72392682Z 79 PC: 12a7b | Find next file
2018-12-17T22:45:03.726758481Z 61 PC: 12a87 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:45:03.734286115Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 8)
2018-12-17T22:45:03.740639543Z 66 PC: 12ab3 | Move file pointer
2018-12-17T22:45:03.74219656Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 8)
2018-12-17T22:45:03.745686176Z 66 PC: 12ac7 | Move file pointer
2018-12-17T22:45:03.74744808Z 64 PC: 12ad2 | Write file or device (Write 2523 bytes on handle 8)
2018-12-17T22:45:03.756405049Z 63 PC: 12ad9 | Read file or device (Read 2523 bytes on handle 8)
2018-12-17T22:45:03.758975037Z 79 PC: 12a7b | Find next file
2018-12-17T22:45:03.761623069Z 61 PC: 12a87 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:45:03.76788748Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 9)
2018-12-17T22:45:03.775005693Z 66 PC: 12ab3 | Move file pointer
2018-12-17T22:45:03.776579967Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 9)
2018-12-17T22:45:03.779197288Z 66 PC: 12ac7 | Move file pointer
2018-12-17T22:45:03.781293476Z 64 PC: 12ad2 | Write file or device (Write 2523 bytes on handle 9)
2018-12-17T22:45:03.789728391Z 63 PC: 12ad9 | Read file or device (Read 2523 bytes on handle 9)
2018-12-17T22:45:03.791392777Z 79 PC: 12a7b | Find next file
2018-12-17T22:45:03.794472542Z 61 PC: 12a87 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:45:03.800723809Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 10)
2018-12-17T22:45:03.806776902Z 66 PC: 12ab3 | Move file pointer
2018-12-17T22:45:03.809097269Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 10)
2018-12-17T22:45:03.811631145Z 66 PC: 12ac7 | Move file pointer
2018-12-17T22:45:03.812946357Z 64 PC: 12ad2 | Write file or device (Write 2523 bytes on handle 10)
2018-12-17T22:45:03.822300917Z 63 PC: 12ad9 | Read file or device (Read 2523 bytes on handle 10)
2018-12-17T22:45:03.824838078Z 79 PC: 12a7b | Find next file
2018-12-17T22:45:03.82745575Z 61 PC: 12a87 | Open file (Filename = 'PAH.COM')
2018-12-17T22:45:03.834003552Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 11)
2018-12-17T22:45:03.840730008Z 66 PC: 12ab3 | Move file pointer
2018-12-17T22:45:03.842027842Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 11)
2018-12-17T22:45:03.844762122Z 66 PC: 12ac7 | Move file pointer
2018-12-17T22:45:03.846455749Z 64 PC: 12ad2 | Write file or device (Write 2523 bytes on handle 11)
2018-12-17T22:45:03.854942681Z 63 PC: 12ad9 | Read file or device (Read 2523 bytes on handle 11)
2018-12-17T22:45:03.856806309Z 79 PC: 12a7b | Find next file
2018-12-17T22:45:03.859843331Z 61 PC: 12a87 | Open file (Filename = 'TEST.COM')
2018-12-17T22:45:03.866999922Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 12)
2018-12-17T22:45:03.869834726Z 63 PC: 12ad9 | Read file or device (Read 3 bytes on handle 12)
2018-12-17T22:45:03.873230761Z 79 PC: 12a7b | Find next file
2018-12-17T22:45:03.875858122Z 59 PC: 12a72 | Change current directory
2018-12-17T22:45:03.88070835Z 42 PC: 12adf | Get date 0x12adf: cmp al, 1
0x12ae1: je 0x12ae6
0x12ae3: jmp 0x12b01
0x12ae6: mov ah, 9
0x12ae8: mov dx, 0x1d2
0x12aeb: int 0x21
0x12aed: mov ah, 1
0x12aef: mov dx, 0
0x12af2: int 0x17
0x12af4: mov si, 0x267
0x12af7: mov cx, 0x874
0x12afa: mov ah, 0
0x12afc: lodsb al, byte ptr [si]
0x12afd: int 0x17
0x12aff: loop 0x12afa
0x12b01: mov di, 0x100
0x12b04: jmp di
0x12b06: jmp 0x12b23
0x12b09: sub ch, byte ptr [0x6f63]
0x12b0d: insw word ptr es:[di], dx
2018-12-17T22:45:03.88376748Z 9 PC: 12aed | Display string (String= 'Voila PHOEBE! Elle etait code' dans la coeur de , l'amerique midwest a l'automne, dix-neuf cent quatre-vingt-dix-sept, par Opic des Codebreakers ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8421,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:35.548109511Z 78 PC: 12a65 | Find first file
2018-12-25T12:04:35.553693899Z 61 PC: 12a87 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:04:35.557695517Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:35.563818431Z 66 PC: 12ab3 | Move file pointer
2018-12-25T12:04:35.565993627Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:35.568588311Z 66 PC: 12ac7 | Move file pointer
2018-12-25T12:04:35.569855539Z 64 PC: 12ad2 | Write file or device (Write 2523 bytes on handle 5)
2018-12-25T12:04:35.585428028Z 63 PC: 12ad9 | Read file or device (Read 2523 bytes on handle 5)
2018-12-25T12:04:35.587167152Z 79 PC: 12a7b | Find next file
2018-12-25T12:04:35.58968593Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.596912514Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.603033419Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.604208479Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.607052081Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.608940575Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.617388375Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.619902251Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.622504955Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.628799079Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.63495443Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.637219466Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.639412956Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.640536317Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.647594001Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.649367013Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.651873601Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.659046037Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.665115889Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.666316777Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.669445241Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.671140123Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.679806498Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.682434064Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.685367178Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.692362691Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.69905315Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.700427668Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.703019153Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.70641885Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.71486304Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.716634585Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.720949193Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.727218912Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.733339596Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.735299176Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.73776732Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.739022127Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.748193574Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.749971371Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.752503417Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.759915706Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.766141221Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.767705659Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.779694015Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.780997881Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.789333569Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.791153645Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.794632925Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.800877116Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.803538905Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.806442683Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.809150677Z 59 PC: 12a72 | Change current directory
2018-12-25T12:04:35.813744612Z 42 PC: 12adf | Get date 0x12adf: cmp al, 1
0x12ae1: je 0x12ae6
0x12ae3: jmp 0x12b01
0x12ae6: mov ah, 9
0x12ae8: mov dx, 0x1d2
0x12aeb: int 0x21
0x12aed: mov ah, 1
0x12aef: mov dx, 0
0x12af2: int 0x17
0x12af4: mov si, 0x267
0x12af7: mov cx, 0x874
0x12afa: mov ah, 0
0x12afc: lodsb al, byte ptr [si]
0x12afd: int 0x17
0x12aff: loop 0x12afa
0x12b01: mov di, 0x100
0x12b04: jmp di
0x12b06: jmp 0x12b23
0x12b09: sub ch, byte ptr [0x6f63]
0x12b0d: insw word ptr es:[di], dx

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8421,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:35.561545259Z 78 PC: 12a65 | Find first file
2018-12-25T12:04:35.5658214Z 61 PC: 12a87 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:04:35.570062532Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:35.573863751Z 66 PC: 12ab3 | Move file pointer
2018-12-25T12:04:35.574940576Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:35.577055335Z 66 PC: 12ac7 | Move file pointer
2018-12-25T12:04:35.577984263Z 64 PC: 12ad2 | Write file or device (Write 2523 bytes on handle 5)
2018-12-25T12:04:35.592067958Z 63 PC: 12ad9 | Read file or device (Read 2523 bytes on handle 5)
2018-12-25T12:04:35.595422546Z 79 PC: 12a7b | Find next file
2018-12-25T12:04:35.598693161Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.605314123Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.630630425Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.632032192Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.634473227Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.636285735Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.645127267Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.646735076Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.649722014Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.655954679Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.661910511Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.663998986Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.666446244Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.667677798Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.676660359Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.678363985Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.680793695Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.687522305Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.693488788Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.694683311Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.697504286Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.699362947Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.708675611Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.711461504Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.714199619Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.720750786Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.72762028Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.72915851Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.73174987Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.733396584Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.741936343Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.743664972Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.746383272Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.753421651Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.759792659Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.761163634Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.766893726Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.76817608Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.7780032Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.780515303Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.78318692Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.790042226Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.797167982Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.798671774Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.800679006Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.802192073Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.811272947Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.812964205Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.826807684Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.833199665Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.835235382Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.837769166Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.83965024Z 59 PC: 12a72 | Change current directory
2018-12-25T12:04:35.842644965Z 42 PC: 12adf | Get date 0x12adf: cmp al, 1
0x12ae1: je 0x12ae6
0x12ae3: jmp 0x12b01
0x12ae6: mov ah, 9
0x12ae8: mov dx, 0x1d2
0x12aeb: int 0x21
0x12aed: mov ah, 1
0x12aef: mov dx, 0
0x12af2: int 0x17
0x12af4: mov si, 0x267
0x12af7: mov cx, 0x874
0x12afa: mov ah, 0
0x12afc: lodsb al, byte ptr [si]
0x12afd: int 0x17
0x12aff: loop 0x12afa
0x12b01: mov di, 0x100
0x12b04: jmp di
0x12b06: jmp 0x12b23
0x12b09: sub ch, byte ptr [0x6f63]
0x12b0d: insw word ptr es:[di], dx
2018-12-25T12:04:35.845257556Z 9 PC: 12aed | Display string (String= 'Voila PHOEBE! Elle etait code' dans la coeur de , l'amerique midwest a l'automne, dix-neuf cent quatre-vingt-dix-sept, par Opic des Codebreakers ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8421,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:35.852705575Z 78 PC: 12a65 | Find first file
2018-12-25T12:04:35.858847791Z 61 PC: 12a87 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:04:35.865095959Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:35.871045061Z 66 PC: 12ab3 | Move file pointer
2018-12-25T12:04:35.872653113Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:35.875091928Z 66 PC: 12ac7 | Move file pointer
2018-12-25T12:04:35.876295029Z 64 PC: 12ad2 | Write file or device (Write 2523 bytes on handle 5)
2018-12-25T12:04:35.890361315Z 63 PC: 12ad9 | Read file or device (Read 2523 bytes on handle 5)
2018-12-25T12:04:35.89232147Z 79 PC: 12a7b | Find next file
2018-12-25T12:04:35.894729618Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.901040766Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.905062403Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.905934636Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.907605611Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.918874857Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.927496591Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.929046165Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.931746679Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.938220718Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.944488666Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.946621957Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.949199564Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.950506333Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.959589248Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.961283257Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.963729876Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:35.970471123Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:35.976504098Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:35.9775782Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:35.980401726Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:35.981679128Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:35.990722644Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:35.993546738Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:35.996042249Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:36.002246924Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:36.008685123Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:36.010026462Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:36.012560338Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:36.014204234Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:36.022443741Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:36.024114044Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:36.027113896Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:36.033786984Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:36.04020424Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:36.041756437Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:36.04468168Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:36.045922555Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:36.05484121Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:36.05704486Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:36.059537286Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:36.066516044Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:36.073752093Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:36.074830739Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:36.077660502Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:36.07972936Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:36.08834824Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:36.089963267Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:36.092961928Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:36.099647622Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:36.102195935Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:36.1053657Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:36.107659662Z 59 PC: 12a72 | Change current directory
2018-12-25T12:04:36.11150884Z 42 PC: 12adf | Get date 0x12adf: cmp al, 1
0x12ae1: je 0x12ae6
0x12ae3: jmp 0x12b01
0x12ae6: mov ah, 9
0x12ae8: mov dx, 0x1d2
0x12aeb: int 0x21
0x12aed: mov ah, 1
0x12aef: mov dx, 0
0x12af2: int 0x17
0x12af4: mov si, 0x267
0x12af7: mov cx, 0x874
0x12afa: mov ah, 0
0x12afc: lodsb al, byte ptr [si]
0x12afd: int 0x17
0x12aff: loop 0x12afa
0x12b01: mov di, 0x100
0x12b04: jmp di
0x12b06: jmp 0x12b23
0x12b09: sub ch, byte ptr [0x6f63]
0x12b0d: insw word ptr es:[di], dx

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8421,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:36.338635313Z 78 PC: 12a65 | Find first file
2018-12-25T12:04:36.34550021Z 61 PC: 12a87 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:04:36.351955718Z 63 PC: 12a94 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:36.358059087Z 66 PC: 12ab3 | Move file pointer
2018-12-25T12:04:36.359518752Z 64 PC: 12abe | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:36.362507798Z 66 PC: 12ac7 | Move file pointer
2018-12-25T12:04:36.363883107Z 64 PC: 12ad2 | Write file or device (Write 2523 bytes on handle 5)
2018-12-25T12:04:36.378674026Z 63 PC: 12ad9 | Read file or device (Read 2523 bytes on handle 5)
2018-12-25T12:04:36.380732982Z 79 PC: 12a7b | Find next file
2018-12-25T12:04:36.383242477Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:36.389518721Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:36.396338068Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:36.398449947Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:36.401758523Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:36.404535147Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:36.409998425Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:36.411786921Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:36.414893848Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:36.41920014Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:36.425288188Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:36.427165887Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:36.429664903Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:36.430880483Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:36.439505398Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:36.441152792Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:36.443672939Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:36.451296245Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:36.460637698Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:36.461960371Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:36.464754674Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:36.46793047Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:36.476760856Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:36.478483547Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:36.481176501Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:36.487582137Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:36.493783893Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:36.495742426Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:36.498657868Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:36.499980817Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:36.509095483Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:36.511272062Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:36.514332353Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:36.521417753Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:36.5276434Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:36.528937886Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:36.532080133Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:36.533405797Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:36.542241748Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:36.544570241Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:36.547529101Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:36.553807086Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:36.560449515Z 66 PC: 12ab3 | Move file pointer (See above)
2018-12-25T12:04:36.561911115Z 64 PC: 12abe | Write file or device (See above)
2018-12-25T12:04:36.564390859Z 66 PC: 12ac7 | Move file pointer (See above)
2018-12-25T12:04:36.566064506Z 64 PC: 12ad2 | Write file or device (See above)
2018-12-25T12:04:36.574469188Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:36.576206163Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:36.578934485Z 61 PC: 12a87 | Open file (See above)
2018-12-25T12:04:36.586375474Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:04:36.589217939Z 63 PC: 12ad9 | Read file or device (See above)
2018-12-25T12:04:36.592118982Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:04:36.595090456Z 59 PC: 12a72 | Change current directory
2018-12-25T12:04:36.599415936Z 42 PC: 12adf | Get date 0x12adf: cmp al, 1
0x12ae1: je 0x12ae6
0x12ae3: jmp 0x12b01
0x12ae6: mov ah, 9
0x12ae8: mov dx, 0x1d2
0x12aeb: int 0x21
0x12aed: mov ah, 1
0x12aef: mov dx, 0
0x12af2: int 0x17
0x12af4: mov si, 0x267
0x12af7: mov cx, 0x874
0x12afa: mov ah, 0
0x12afc: lodsb al, byte ptr [si]
0x12afd: int 0x17
0x12aff: loop 0x12afa
0x12b01: mov di, 0x100
0x12b04: jmp di
0x12b06: jmp 0x12b23
0x12b09: sub ch, byte ptr [0x6f63]
0x12b0d: insw word ptr es:[di], dx
2018-12-25T12:04:36.601783316Z 9 PC: 12aed | Display string (String= 'Voila PHOEBE! Elle etait code' dans la coeur de , l'amerique midwest a l'automne, dix-neuf cent quatre-vingt-dix-sept, par Opic des Codebreakers ')