Sample viewer

vx.netlux.org/Virus.DOS.Dracula.827

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:51:31.942686939Z 37 PC: 1d156 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:51:31.944766616Z 53 PC: 1d15c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:31.946049626Z 37 PC: 952fb | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:31.947197813Z 42 PC: 9530b | Get date 0x9530b: mov ax, word ptr cs:[0x21]
0x9530f: sub dh, ah
0x95311: cmp dh, 1
0x95314: jb 0x95322
0x95316: cmp dl, 0x1b
0x95319: jb 0x95322
0x9531b: mov word ptr cs:[0x23], 1
0x95322: mov ah, 0x62
0x95324: pushf
0x95325: lcall ptr cs:[3]
0x9532a: add bx, 0x10
0x9532d: mov si, 7
0x95330: add word ptr cs:[si + 2], bx
0x95334: pop es
0x95335: pop ds
0x95336: pop ax
0x95337: ljmp ptr cs:[si]
0x9533a: nop
0x9533b: call 0x976a4
0x9533e: je 0x9534c
2018-12-17T22:51:31.949813667Z 98 PC: 9532a | Get current PSP
2018-12-17T22:51:31.951419393Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:31.953550757Z 9 PC: 1cea4 | Display string (String= '')
2018-12-17T22:51:31.957369711Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:31.962267432Z 76 PC: 1ceaa | Terminate with return code (Return code = '0')
2018-12-17T22:51:31.971012601Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:31.974760081Z 77 PC: 11fe0 | Get program return code
2018-12-17T22:51:31.977885111Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:31.981173989Z 72 PC: 12174 | Allocate memory
2018-12-17T22:51:31.983853202Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:31.988191211Z 72 PC: 1218d | Allocate memory
2018-12-17T22:51:31.997487235Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:31.999697247Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:51:32.001564715Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.003802679Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:32.005640732Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.008580214Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:32.009900284Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.011845678Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.014445512Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.016552991Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.018574148Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.021169644Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.023071627Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.025425649Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.028869459Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.031780868Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.034457557Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.040866867Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.043898011Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.046864734Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.048883055Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.052821354Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.055208177Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.058758237Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.062145621Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.065002698Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.067268654Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.070633225Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.073059924Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.075865334Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.07878586Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.086406055Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.088603122Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.092741176Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.095374584Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.098243783Z 62 PC: 122ab | Close file
2018-12-17T22:51:32.101543933Z 67 PC: 95052 | Get or set file attributes
2018-12-17T22:51:32.109774374Z 67 PC: 95060 | Get or set file attributes
2018-12-17T22:51:32.43416774Z 61 PC: 9506a | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:51:32.441113468Z 66 PC: 9507e | Move file pointer
2018-12-17T22:51:32.444187532Z 42 PC: 950fc | Get date 0x950fc: mov word ptr cs:[0x21], dx
0x95101: mov ax, word ptr cs:[0x23]
0x95105: mov word ptr cs:[0x25], ax
0x95109: mov word ptr cs:[0x23], 0
0x95110: mov ah, 0x42
0x95112: xor cx, cx
0x95114: xor dx, dx
0x95116: xor al, al
0x95118: pushf
0x95119: lcall ptr cs:[3]
0x9511e: mov dx, 0x43a
0x95121: sub dx, 0xff
0x95125: mov cl, 4
0x95127: shr dx, cl
0x95129: inc dx
0x9512a: mov ds, dx
0x9512c: mov word ptr cs:[0x15], dx
0x95131: xor dx, dx
0x95133: mov cx, 0x1c
0x95136: mov ah, 0x3f
2018-12-17T22:51:32.446938801Z 66 PC: 9511e | Move file pointer
2018-12-17T22:51:32.44878532Z 63 PC: 9513e | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:51:32.452993145Z 62 PC: 95239 | Close file
2018-12-17T22:51:32.455299287Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.457970275Z 61 PC: 12354 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:51:32.465748827Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.469074434Z 66 PC: 12372 | Move file pointer
2018-12-17T22:51:32.471178427Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-17T22:51:32.474697698Z 63 PC: 12383 | Read file or device (Read 44693 bytes on handle 5)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10573,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:25.375613021Z 37 PC: 1d156 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:28:25.377628224Z 53 PC: 1d15c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:25.378870191Z 37 PC: 952fb | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:25.379923598Z 42 PC: 9530b | Get date 0x9530b: mov ax, word ptr cs:[0x21]
0x9530f: sub dh, ah
0x95311: cmp dh, 1
0x95314: jb 0x95322
0x95316: cmp dl, 0x1b
0x95319: jb 0x95322
0x9531b: mov word ptr cs:[0x23], 1
0x95322: mov ah, 0x62
0x95324: pushf
0x95325: lcall ptr cs:[3]
0x9532a: add bx, 0x10
0x9532d: mov si, 7
0x95330: add word ptr cs:[si + 2], bx
0x95334: pop es
0x95335: pop ds
0x95336: pop ax
0x95337: ljmp ptr cs:[si]
0x9533a: nop
0x9533b: call 0x976a4
0x9533e: je 0x9534c
2018-12-25T12:28:25.382984415Z 98 PC: 9532a | Get current PSP
2018-12-25T12:28:25.384012836Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-25T12:28:25.386143519Z 9 PC: 1cea4 | Display string (String= '')
2018-12-25T12:28:25.390867325Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.392992625Z 76 PC: 1ceaa | Terminate with return code (Return code = '0')
2018-12-25T12:28:25.396033516Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.405351475Z 77 PC: 11fe0 | Get program return code
2018-12-25T12:28:25.406830731Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.409159603Z 72 PC: 12174 | Allocate memory
2018-12-25T12:28:25.411817752Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.414208464Z 72 PC: 1218d | Allocate memory
2018-12-25T12:28:25.416253285Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.428313149Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:28:25.429573001Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.432514528Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:28:25.434629234Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.436764664Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:25.437950749Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.440670355Z 62 PC: 122ab | Close file
2018-12-25T12:28:25.442368339Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.444593643Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:25.44723867Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.449432717Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:25.451033308Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.453891384Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:25.455475939Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.457819667Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:25.459866396Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.46649446Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:25.468281948Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.471431723Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:25.472939295Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.474964211Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:25.477416659Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.47956006Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:25.481063416Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.48371033Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:25.485577065Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.487988254Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:25.490548413Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.492882091Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:25.494609673Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.497756759Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:25.499388686Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.501503596Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:25.503801388Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.51152445Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:25.513322282Z 67 PC: 95052 | Get or set file attributes
2018-12-25T12:28:25.517495351Z 67 PC: 95060 | Get or set file attributes
2018-12-25T12:28:25.845677137Z 61 PC: 9506a | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:28:25.852543501Z 66 PC: 9507e | Move file pointer
2018-12-25T12:28:25.855149802Z 42 PC: 950fc | Get date 0x950fc: mov word ptr cs:[0x21], dx
0x95101: mov ax, word ptr cs:[0x23]
0x95105: mov word ptr cs:[0x25], ax
0x95109: mov word ptr cs:[0x23], 0
0x95110: mov ah, 0x42
0x95112: xor cx, cx
0x95114: xor dx, dx
0x95116: xor al, al
0x95118: pushf
0x95119: lcall ptr cs:[3]
0x9511e: mov dx, 0x43a
0x95121: sub dx, 0xff
0x95125: mov cl, 4
0x95127: shr dx, cl
0x95129: inc dx
0x9512a: mov ds, dx
0x9512c: mov word ptr cs:[0x15], dx
0x95131: xor dx, dx
0x95133: mov cx, 0x1c
0x95136: mov ah, 0x3f
2018-12-25T12:28:25.857968299Z 66 PC: 9511e | Move file pointer
2018-12-25T12:28:25.859658286Z 63 PC: 9513e | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:28:25.863446783Z 62 PC: 95239 | Close file
2018-12-25T12:28:25.865236157Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.867324048Z 61 PC: 12354 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:28:25.873535165Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.875871408Z 66 PC: 12372 | Move file pointer
2018-12-25T12:28:25.877080893Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:25.879206068Z 63 PC: 12383 | Read file or device (Read 44693 bytes on handle 5)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":46,"Second":0,"TimeBased":true,"OriginalID":10573,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:26.140456141Z 37 PC: 1d156 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:28:26.143076386Z 53 PC: 1d15c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:26.144587254Z 37 PC: 952fb | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:26.145955623Z 42 PC: 9530b | Get date 0x9530b: mov ax, word ptr cs:[0x21]
0x9530f: sub dh, ah
0x95311: cmp dh, 1
0x95314: jb 0x95322
0x95316: cmp dl, 0x1b
0x95319: jb 0x95322
0x9531b: mov word ptr cs:[0x23], 1
0x95322: mov ah, 0x62
0x95324: pushf
0x95325: lcall ptr cs:[3]
0x9532a: add bx, 0x10
0x9532d: mov si, 7
0x95330: add word ptr cs:[si + 2], bx
0x95334: pop es
0x95335: pop ds
0x95336: pop ax
0x95337: ljmp ptr cs:[si]
0x9533a: nop
0x9533b: call 0x976a4
0x9533e: je 0x9534c
2018-12-25T12:28:26.149296045Z 98 PC: 9532a | Get current PSP
2018-12-25T12:28:26.150546421Z 44 PC: 95241 | Get time 0x95241: cmp cl, 0x2d
0x95244: jae 0x95249
0x95246: jmp 0x95289
0x95248: nop
0x95249: cmp word ptr cs:[0x23], 1
0x9524f: je 0x95254
0x95251: jmp 0x95289
0x95253: nop
0x95254: mov ah, 0
0x95256: mov al, 1
0x95258: int 0x10
0x9525a: mov ah, 5
0x9525c: xor al, al
0x9525e: int 0x10
0x95260: mov ah, 0xe
0x95262: xor bh, bh
0x95264: mov bl, 0xc
0x95266: mov cx, 1
0x95269: mov al, 0x44
0x9526b: int 0x10
2018-12-25T12:28:26.153103596Z 9 PC: 1cea4 | Display string (String= '')
2018-12-25T12:28:26.157902163Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.160081954Z 76 PC: 1ceaa | Terminate with return code (Return code = '0')
2018-12-25T12:28:26.163077967Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.169312875Z 77 PC: 11fe0 | Get program return code
2018-12-25T12:28:26.170713549Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.172792825Z 72 PC: 12174 | Allocate memory
2018-12-25T12:28:26.176163509Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.180036573Z 72 PC: 1218d | Allocate memory
2018-12-25T12:28:26.181727071Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.185465686Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:28:26.186855797Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.188912747Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:28:26.190968075Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.193617403Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:26.194718277Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.198110759Z 62 PC: 122ab | Close file
2018-12-25T12:28:26.199876196Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.203101361Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:26.205680155Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.208437273Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:26.210038877Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.212862423Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:26.214584278Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.216656807Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:26.219046277Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.221401611Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:26.223217622Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.226662636Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:26.228357023Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.234530261Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:26.237074843Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.239345889Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:26.240931961Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.24468288Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:26.246375631Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.248967084Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:26.251635545Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.254488798Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:26.256103002Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.258866187Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:26.260496385Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.263330386Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:26.265519104Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.267687372Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:28:26.270407037Z 67 PC: 95052 | Get or set file attributes
2018-12-25T12:28:26.283236198Z 67 PC: 95060 | Get or set file attributes
2018-12-25T12:28:26.609233567Z 61 PC: 9506a | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:28:26.615424355Z 66 PC: 9507e | Move file pointer
2018-12-25T12:28:26.617889529Z 42 PC: 950fc | Get date 0x950fc: mov word ptr cs:[0x21], dx
0x95101: mov ax, word ptr cs:[0x23]
0x95105: mov word ptr cs:[0x25], ax
0x95109: mov word ptr cs:[0x23], 0
0x95110: mov ah, 0x42
0x95112: xor cx, cx
0x95114: xor dx, dx
0x95116: xor al, al
0x95118: pushf
0x95119: lcall ptr cs:[3]
0x9511e: mov dx, 0x43a
0x95121: sub dx, 0xff
0x95125: mov cl, 4
0x95127: shr dx, cl
0x95129: inc dx
0x9512a: mov ds, dx
0x9512c: mov word ptr cs:[0x15], dx
0x95131: xor dx, dx
0x95133: mov cx, 0x1c
0x95136: mov ah, 0x3f
2018-12-25T12:28:26.620257466Z 66 PC: 9511e | Move file pointer
2018-12-25T12:28:26.62189232Z 63 PC: 9513e | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:28:26.625276212Z 62 PC: 95239 | Close file
2018-12-25T12:28:26.627233982Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.629674384Z 61 PC: 12354 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:28:26.636772292Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.639703647Z 66 PC: 12372 | Move file pointer
2018-12-25T12:28:26.641539017Z 44 PC: 95241 | Get time (See above)
2018-12-25T12:28:26.644281394Z 63 PC: 12383 | Read file or device (Read 44693 bytes on handle 5)